Business process modelling - implementation and significance for secure IT systems
Publish date: 2019-12-20
Report number: FOI-R--4857--SE
Pages: 60
Written in: Swedish
Keywords:
- business process modelling
- enterprise architecture
- business process architecture
- business process management
- business analysis
- risk assessment
- risk analysis
- information security
- IT security
- cyber security
- IT systems
- interview study
- literature review
Abstract
Business process modelling is performed on current or planned businesses, and is the foundation of risk assessments. The result is a thorough description of the business. This report aims to generate a better basis to conduct and report the business process modelling that is performed within the Swedish Armed Forces (SwAF) in the context of new (or changes in current) IT-systems. This was performed by studying what business process modelling may achieve for information security, how business process modelling should be performed, and what information is needed for the modelling. This work is based on documents from the SwAF, the Swedish Defence Materiel Administration, civil authorities and scientific papers, as well as interviews with people having experiences of conducting and validating business process models. However, no evaluation of actual business analyses has been carried out. Business process modelling is an important basis for the security work when developing IT systems. The modelling can also support evaluation of whether the systems are feasible or even desirable. Using templates for business process modelling can make the work more cost-effective and uniform, while at the same time risking that the modellers do not think widely and freely enough. The information sources have different views on this. Communication is an important part of conducting business process modelling. With the help of communication, misunderstandings can be reduced, more people can be heard, and important information that is not included in governing documents can be obtained.