Imim 4

Information Sciences 277 (2014) 375395
Contents lists available at ScienceDirect
Information Sciences
journal homepage: www.elsevier.com/locate/ins
A novel secure business process modeling approach

and its impact on business performance
Youseef Alotaibi a,b,, Fei Liu a
a
b
Department of Computer Science and Computer Engineering, La Trobe University, Bundoora, VIC 3086, Australia
Department of Computer Science, Umm Al-Qura University, Makkah, Saudi Arabia
a r t i c l e
i n f o
Article history:
Received 15 April 2013
Received in revised form 30 September 2013
Accepted 10 February 2014
Available online 20 February 2014
Keywords:
Information system security
Software development process
Business process modeling (PM)
Business performance
Case study
Survey research
a b s t r a c t
The existing information system (IS) development methods do not meet the requirements
to resolve security-related IS problems and they fail to provide for the successful integration of security and systems engineering during all development process stages. Security
should be considered during the whole software development process and the requirements specications should be identied. This paper aims to propose an integrated security
and IS engineering approach in all software development process stages by using the i language. The proposed framework is divided into three separate parts: modeling the business
environment, modeling the information technology system and modeling IS security. A
mobile phone order management process in a telecommunication company is used as a
case study to validate the proposed framework. An empirical analysis based on data from
130 business and IT managers is used to evaluate and investigate if it has an impact on
business process performance. The results were subjected to reliability and validity analyses. Bivariate correlation analysis was used to test four hypotheses. The results show that
considering security IS goals in the whole system development process can have a positive
inuence on system implementation, better meet business expectations and positively
impact on business process performance.
2014 Elsevier Inc. All rights reserved.
1. Introduction
Information systems (IS) are used in almost every area of life, for example, in the military, health sciences, telecommunication, e-commerce, etc., hence there is a need to ensure that these systems are secure as many systems contain private
data which should only be available to authorized parties. For example, the mobile phone order management process in a
telecommunication company contains the customers personal information and credit card information, thus this system
must be secure to ensure the customers privacy [10,39].
Security plays a crucial role in a business Process Model (PM) [73]. However, the literature shows that it is quite challenging to add security into business processes (BPs) for several reasons [13]. Firstly, the integration of security into a developed
business PM is not very well understood [45]. Secondly, security properties are complicated and error-prone when integrated manually [10]. Furthermore, a lack of experienced IS developers can result in security leaks. Therefore, IS developers
need to have concrete guidelines and appropriate tools to develop secure business PM applications [9,49].
Corresponding author at: Department of Computer Science and Computer Engineering, La Trobe University, Bundoora, VIC 3086, Australia. Tel.: +61
405099952.
E-mail addresses: yaalotaibi@students.latrobe.edu.au (Y. Alotaibi), f.liu@latrobe.edu.au (F. Liu).
http://dx.doi.org/10.1016/j.ins.2014.02.088
0020-0255/ 2014 Elsevier Inc. All rights reserved.
376
Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395
Security is considered a non-functional requirement (NFR) by the software engineering community [25]. Non-functional
requirements (NFRs) represent constraints, such as authorized and unauthorized access where the systems are operating
[88,90]. Therefore, security requirements must be dened after identifying the system. However, there are many challenges
in implementing security into IS. Firstly, security requirements are often complicated to analyze and model. The requirement
to separate the functional and NFRs is one of the main problems in analyzing NFRs whereas NFRs could be related to one or a
set of functional requirements at the same time. However, when the NFRs are stated separately from the functional requirements, the relationship between them cannot be seen easily. Secondly, IS developers may lack knowledge on developing and
modeling a secure system [13].
Security should be considered throughout the entire business development process and requirements specications
should be identied. If security is only considered in certain stages of the development process, the security requirements
will conict with the systems functional requirements. Therefore, the issue of security must be taken into account with
functional requirements during the system development stages in order to limit conict [19]. This can be done by dening
them in the early stages of system development and making attempts to overcome them. However, when security is only
added in the late stages of system development, the chance of more conicts occurring is increased, which may require a
lot of money to overcome.
The literature shows that there are many commercial methods, such as ITBPM, OCTAVE, CRAMM, EBIOS, and MEHARI
available to IT security ofcers to perform a risk analysis of the security problems and dene the security solutions
[12,61]. However, these existing methods do not meet the requirements to resolve security-related IS problems and they fail
to facilitate the successful integration of security during all development process stages. Thus, we propose an integrated
security and IS engineering approach in all development process stages by using the i language. In our proposed framework,
there are ve stages in software development to create a secure IS: (1) early requirements stage; (2) late requirements stage;
(3) architectural design stage; (4) details design stage; and (5) implementation stage. A mobile phone order management
process in a telecommunication company has been used as a case study in order to validate our proposed framework.
To date, no previous study has attempted to empirically demonstrate the relationship between creating a secure business
PM, Service Quality (SQ), Business Process Time (BPT), Business Process Cost (BPC) and Customer Satisfaction (CS). As a consequence of the success of the rst research survey on business PM dimensions in Saudi Arabian telecommunication companies, we decided to deepen our research and explore the connections and links between our research areas: proposed
secure business PM, SQ, BPT, BPC and CS.
The results show that considering security IS goals in the whole system development process can have a positive inuence on system implementation and better meet business expectations. Also, the results indicate that creating a secure business PM and considering security IS goals in the whole system development process is positively associated with business
performance.
The remainder of this paper is organized as follows: Section 2 describes the related work of modeling secure IS; Section 3
presents our proposed framework approach; Section 4 describes the proposed framework validation with the help of a case
study; the hypotheses are generated in advance of the study to be tested against the data collection in Section 5; Section 6
describes our evaluation methodology, including the measurement of the variables, sampling and data collection procedures
and presents the construction validity and reliability of the variables; Section 7 presents a discussion of the results of the
descriptive statistics obtained from the bivariate correlation analysis; and the conclusion and future research directions
are presented in Section 8.
2. Related work
Security is an essential aspect of all information processing activities [44,77] and all organizations have to be active by
taking steps to develop mechanisms and tools to maintain and ensure the security and integrity of their information resources [47,81].
The literature shows that only a few approaches consider security requirements as a primary part of all software development processes. For example, in [25], the authors applied the process-oriented approach to represent security requirements as harmonious goals and used them throughout the software system development process. This proposed NFRs
framework uses security requirements and permits system developers to consider design decisions which are related to
the NFRs.
In [1], the authors demonstrated the application method for BP re-modeling to achieve better realization and representation of the non-functional processes. This approach was adapted from the developed software engineering method in order
to link the NFRs to the conceptual models. The author used the cancer registration process in Jordan as a case study of BPs in
the healthcare area to show how the NRF graphing technique containing the goal operations and interaction analysis and
goal evolution can be applied to create a NFR model for BPs by using a Role Activity Diagram (RAD) [2,52].
In [75], the authors proposed an approach to reuse the existing descriptions of BPs to analyze the security requirements
and derive the required security measures. This proposed approach comprises four main steps: (1) identifying the general
security objectives of the BP; (2) examining the constructed security objectives, such as actors; (3) examining whether these
specications are consistent or not; and (4) creating a list of essential security measures for every BP component.
377
In [40], the authors proposed the requirements specication framework involving the separation of the delegation and
trust relationships in order to bridge the gap between the functional and trust requirements of the IT system and its trust
management and privilege management infrastructure. This framework supported the automatic verication of IS requirements identied in the formal modeling language called the Delegation Logics [54] and trust management [64]. The health
care process is used as a case study to validate this framework.
In [61,85], the authors proposed the requirements engineering approach to model and map IS security goals at an early
stage of the software development process in the context of alignment between business and IS. These approaches comprise
ve major steps: (1) identifying organizational environments; (2) derivation of security goals; (3) detecting security requirements from goals; (4) detecting constraint and security requirements; and (5) analyzing risks at the architectural level.
In [48], an extension of UML, called UMLsec, was proposed to provide security features in the UML model, such as access
control and condentiality. There are four different UML diagrams used in [48]: (1) class diagrams to guarantee that the exchange of data conforms to the security levels; (2) state chart diagrams to avoid the indirect ow of information from high to
low values with the object; (3) interaction diagrams to guarantee the accuracy of important security interactions between
the objects; and (4) deployment diagrams to guarantee that the physical layer can meet the security requirements in communication. Moreover, in [56], the UML was extended to model security and the authors presented a security modeling language called SecureUML. The authors described how UML could be used to identify access control-related information in the
whole application design, using this information to automatically create a complete access control infrastructure.
In [15], the authors proposed SecureUML which is an expressive UML-based language to construct the security design
models. This method combines the design specications for distributed systems with the security policy specications. It
is used to automate the model analysis semantically and meaningfully. This security policy contains the declarative aspects,
such as static access control information and the programmatic aspects which are based on the dynamic information known
as the authorization satisfaction constraints. The SecureMOVA tool was used to implement this approach.
BPs are an essential source for software systems engineering and much attention has been given to BPs in the area of IS
security and software engineering. In [82], the authors proposed a formal meta-model integrating the modeling processes
and the process-related Role Based Access Control (RBAC) models which contain the role, role hierarchies and the tasks duty
constraints. This proposed approach was used to extend the UML2 activity models which are known as the Business Activities. The library and runtime engine were implemented to manage the Business Activities runtime models and enforce the
software systems policies and constraints.
When software requirements comply with the access control policies during the early software development life cycle,
software security is improved. In [5], the authors proposed a logic-based framework to analyze the authorization requirements identied in the UML to ensure that the access requirements are complete, consistent and conict-free. This proposed
framework extended the Auth-UML framework proposed in [6] by expanding its analysis in order to validate the enforcement of Separation of Duty (SoD) for the period of the requirements engineering rather than modeling them within additional syntactic enrichments to the UML. When requirements engineering is validated during the early phases of the
software development life cycle, error propagation and the cost to x these errors are reduced during the later phases of
the software development process.
The gap between systems development and systems security may result in a lack of understanding of the security risks. In
[31], the authors examine how to integrate security as a functional requirement in BP analysis and modeling. They extend
the semantic approach to the secure collaborative inter-organization e-Business processes proposed in [32]. They proposed
the secure activity resource coordination (SARC) framework in order to create business PM characterized by the secure exchange of information across organizational boundaries. This framework is evaluated against the Enriched Use Case and the
UML activity diagram standard [80].
In [74], the authors proposed the Model Driven Development (MDD) approach for IS development which particularly focused on the security requirements where security was modeled along with all other BP aspects. They identied a set of the
rules and a checklist to automatically transfer and obtain the set of UML analysis classes and use cases from the secure BP
(SBP) model proposed in [72]. The proposed approach was validated through a case study of a real BP in the area of payment
for electrical energy consumption.
In [62], the authors adapted use cases to propose an abuse case model which captured and analyzed security requirements. This model identied the specications of every interaction between the system and one or a set of actors, as this
interaction can negatively affect the system. The misuse case concept describes functions which the system should not allow
[79]. Furthermore, the miss-actor concept is dened as someone who accidentally or intentionally starts the misuse case. In
this approach, security is considered by analyzing a security-related misuse case.
The misuse case modeling technique is used to elicit and specify the security requirements, particularly at an early stage
of the software system development process. It is also used as the foundation to generate other UML modeling designs to
implement the target system. In [36], the author proposed an approach to improve the quality of the misuse case model,
validating his approach with a case study of a real world misuse case model on an online bookstore system.
In [37], the author proposed the Structured Misuse Case Description (SMCD) in order to support misuse case modelers
during the authoring process, guiding them to develop the misuse case model syntactically and structurally. However,
the SMCD cannot guarantee reliable domain representation. Also, the author proposed the Reverse Engineering of Misuse
Case Description (REMCD) technique in order to systematically create skeletons of misuse and use case descriptions. However, the REMCD cannot specify the order in which to develop misuse case model components.
378
In [9], the authors explain the literature review on a secure business PM for better alignment between business and IT.
They dened several security concepts, such as constraints, security goals, security requirements and risk. This paper does
not include any validation or evaluation.
In [10], the authors proposed a secure business PM and booking a new hotel room management process was used to validate the proposed framework. However, they did not implement or evaluate their work in the real business environment.
The literature shows that there are many commercial methods, such as ITBPM, OCTAVE, CRAMM, EBIOS, and MEHARI
available to IT security ofcers in organizations to perform risk analysis on security problems and dene security solutions
[61]. The literature shows that only a few approaches consider security requirements as a primary part of the software development process. All these previously mentioned approaches provide the rst step in integrating security in software engineering and are useful in modeling security requirements.
However, these approaches have several drawbacks since they only provide guidance as to how security can be handled
during certain stages of the software development process. In other words, these existing methods of IS development do not
meet the requirements to resolve security-related IS problems and they fail to provide successful security integration during
the development process stages. For example, the approach in [48] is applicable throughout the design stage while the approach in [62] is used in early requirements analysis. Table 1 summarizes the literature on existing software development
process stages.
Therefore, we will propose a security approach covering all stages of the software development process which can help to
limit the number of conicts by dening them at an early stage in the system development and taking steps to overcome
them.
Another limitation of the existing work is that most of the previously mentioned approaches only deal with specic security requirements, goals and constraints. For example, UMLsec proposed in [48] focuses on access control security requirements and integrates this into the model-driven software development process. Table 2 summarizes the literature on
existing security goals.
Therefore, we will propose a security approach which considers all security requirements, such as access control and
encryption, security goals, such as integrity and secrecy, and security constraints, such as authorized and unauthorized access. In addition, our proposed secure business PM shows a completed software process as it has been developed throughout
all the software development process stages and for all security goals, implemented and evaluated in the real business environment as a mobile phone order management process in one of the Saudi Arabian Telecommunication Companies has been
used as a case study.
3. Proposed framework
Many IS security problems can occur when an organizations assets need to be protected from threats and attacks. However, it is a complex task to protect these assets since the business environment changes rapidly [63]. Business organizations
comprise complex business structures that are evaluated and updated within the customer structures and demands which
Table 1
Related work on existing software development process stages [9].
References
[62]
[48]
[75]
[56]
[55]
[58]
[40]
[1]
[61]
[71]
[31]
[32]
[41]
[60]
[59]
[87]
[74]
[85]
[73]
[10]
[36]
[37]
Year
1999
2001
2002
2002
2003
2003
2006
2007
2007
2007
2008
2008
2008
2008
2008
2009
2010
2011
2011
2012
2012
2012
Software development process stages

Early requirement
p
Late requirement
Architectural design
Detail design
Implementation
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
379

Table 2
Related work on existing security goals.
References
[62]
[48]
[75]
[56]
[55]
[58]
[40]
[1]
[61]
[71]
[31]
[32]
[41]
[60]
[59]
[87]
[74]
[85]
[73]
[10]
[36]
[37]
Year
Security Goals
1999
2001
2002
2002
2003
2003
2006
2007
2007
2007
2008
2008
2008
2008
2008
2009
2010
2011
2011
2012
2012
2012
Integrity
Condentiality
Availability
p
p
p
p
p
p
p
p
Reliability
Privacy
Access control
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
p
consist of processes, models, strategies and sets of activities working together to achieve the business goals. For better alignment between IS and business [14], IS security problems have to be addressed by managing security in the form of dening,
analyzing, modeling and mapping the IS attacks and identifying suitable security requirements in order to respond to these
attacks in ve different IS development stages: the early requirements stage, late requirements stage, architecture design
stage, detail design stage and implementation stage.
Modelling Business Environment Level

Business Executives
Business
Goals
Business
Rules
Rules
Measurement
Business
Rules
Analysis
Modelling IT Environment Level

Technology Manager
Business Executives
Role
Model
Process
Events
Decision
Model
Process
Monitoring
System
Behaviour
Business
Process
System
Behaviour
Analysis
Use
Case
Information System (IS) Security Level

(1) Early Requirements Stage
Defining Business Environment & Assets Step
(2) Late Requirements Stage

Modelling the To-Be Security Model by
Adding & Analysing the Security Requirements
& Constraints Step
Deriving IS Security Goals & Constraints Step

(3) Architectural Design Stage
(4) Details Design Stage
Dividing Existing Actors into Sub-Actors &

Delegating Security Goals Step
Using the UML Sequence Diagram for Agent

Interaction Diagrams Step
(5) Implementation Stage

Generating UML Class Diagram as the First
Step for Java Code
Fig. 1. Secure business PM framework approach.
380
This paper aims to present a requirement engineering-based approach for business and IS analysts to better understand
security problems and dene their associated security goals and to detect security requirements and constraints from the
goals [16]. We have divided our proposed framework into three parts: modeling the business environment, modeling the
information technology system and modeling the IS security, as shown in Fig. 1. Part 1 is divided into two levels: the business
decision level and the business PM level where each level is made up of four business components. The business decision
level consists of business goals, business rules, rules measurement and business rules analysis. The business PM level consists of the role model, the process events, the decision model and process monitoring. Part 2 consists of the system behavior,
the business process [26,67], system behavior analysis, and the use case. Part 1 and 2 are not in the scope of this paper so for
more details, please refer to [8].
Part 1 and 2 describe the specications of the business organization environment and IT environment respectively, in
relation to infrastructure and assets, based on the already accepted business PM methodology, known as business PM, towards the derivation of IT goals, as proposed in [8]. Business assets are anything that the business organization owns and
has an economic value to the business organization. For example, the business assets in our case study are the mobile phone
order management process in a telecommunication company, the personal information of the companys consumers and
staff and the companys data and knowledge management. IS assets are anything that is part of the IT department which
provides support to the business assets [21]. For example, the IS assets in our case study are the hardware, software, people
and the network, etc. Protection of these assets is essential for the continued existence of the business organization.
Part 3 describes how to dene, model and analyze the attacks on IS and the business organization, as security is the major
element in IS in this proposed approach. It identies the qualities expected from IS, such as reliability, safety, and usability.
Part 3 is divided into ve different IS development stages: early requirements stage, late requirements stage, architecture
design stage, detail design stage and implementation stage.
The early requirements stage focuses on understanding the problems by studying the setting of the existing organizations. In this stage, the business environment and assets are identied and the IS security goals and constraints are derived.
Therefore, the organization model is the output of this stage. The late requirements stage focuses on modeling the to-be
security model by adding and analyzing security requirements and constraints. In the architectural design stage, the existing
actors are divided into sub-actors and the security goals are delegated as the second level in this stage [50]. The detail design
stage focuses on dening the architecture elements that have been dened in the previous stages in more detail in inputs,
outputs, controls and security aspects by using the UML sequence diagram for the agent interaction diagram [68]. In the
implementation stage, the UML class diagram is generated as the rst step for the Java coding.
4. Case study
To validate this proposed framework approach, we extend an already accepted case study which is a mobile phone order
management process in a telecommunication company, where the companys goal is to implement the process of registering
a new customer automatically in order to save the customers time and reduce the number of staff which will, in turn, have a
positive effect on company revenue [8]. The i modeling language has been used to model the proposed business model [78].
The i modeling framework is an agent-oriented requirements modeling language appropriate for the early phase of system modeling to understand the systems problems. It is used for strategic actor relationships and the intentional model. This
framework contains two important components: the Strategic Dependency Model (SDM) and the Strategic Rationale Model
(SRM). The SDM is used to describe the network of relationships between actors. The SDM is a component where every node
represents an actor and every link between two nodes shows that one actor is dependent on the other actor. It also provides a
description of the external relationships between the actors. The aim of the SDM is to provide indications about why the
business process is organized in a certain way. However, it cannot adequately support the exploration, suggestion and evaluation of other solutions for the process, which the SRM can do [42].
The SRM is used to support and describe why actors can have different ways to organize their work, such as a different
conguration for Strategic Dependency networks. The SRM has four main nodes: goal, soft goal, resource and task, and two
main links which are mean-ends links and task decomposition links. These are used to model the internal relationships between actors. This model can systematically explore possible new business process designs [89].
4.1. Early requirements stage
The early requirements stage focuses on understanding the problems by studying the setting of existing organizations.
There are two main steps in this stage. In the rst step, the business environments and assets are identied while the IS security goals and constraints are derived in the second step. In other words, step 1 is where the BPs can be modeled by using the
i language and thus the security requirements can be linked within it, whereas step 2 denes the information system security goals and how to link them within the BPs. Therefore, the organization model is the output of this stage.
4.1.1. Dening the business environment and assets step
Business assets are anything which have an economic value to the organization, such as information, processes, knowledge and people. They are central in the realization of the organizations business goals and objectives. Technical plans and
381
structural calculation process are examples of business assets. It is important to protect business assets to ensure the survival of the organization. In this step, the business environment and assets are dened using the i model. Firstly, business
managers and system users have to explain their existing BPs, outline the problems that have been found, as well as the
requirements and changes using descriptive words. Then, business analysts analyze the model and pass it to the business
and system modelers who also follow this procedure.
Fig. 2, using the i diagram, shows that the mobile phone order management process in a telecommunication company
contains several activities. It consists of seven different organizational actors: customers, head ofce, sales department, administration ofce, data warehouse, purchase department and manufacturer. There are four different kinds
of dependencies between the actors: the business goal dependency, the soft goal dependency, the task dependency and the
resources dependency.
There are eight different business goal dependency categories in our case study: (1) Place Order supports the customers
in placing their order with the head ofce actor, (2) Manage Customer Claims denes how the customers can lodge a claim
with the administration ofce, (3) Make Payment supports the customer in making the payment to the manufacturer, (4)
Check Payment checks that the customers have selected the payment method after the order is processed, (5) Check
Availability checks the items availability in the company data warehouse, (6) Update enables the companys data warehouse to be updated after the sale or purchase of any items, (7) Make Order allows the purchasing department to order
new items from the manufacturing department when there is no stock, and (8) Receive Order allows the purchasing
department to receive the items that have been ordered from the manufacturing department.
Soft goal dependency is quite different to hard goal dependency. The soft goals refer to goals where there are no straightforward criteria to decide whether the condition has been met or not. Task dependency is used when any activities are performed by the organizational actors. For example, there are two task dependencies in our case study: Structure
Calculations which is done by the head ofce actor for the sales department actor; and Structure Calculations which is
done by the purchasing department for the administration ofce.
Resource dependency is used to describe the dependencies between different organizational actors. For example, there
are three resource dependencies in our case study. The head ofce actor is dependent on certain resources, such as it has
to provide the technical plans and models to the sales department actor and the sales department actor has to provide
an estimate to its customers.
Models
Place order
Technical Plans
Customers
Selling
Department
Head Office
Structure Calculations
Estimating
Manage
Customer Claims
Check Payment
Administration
Office
Check Avaliablity
Make Payment
Receive Order
Purchase
Department
Manufacturers
Update
Make Order
Legend
Actor
Resource
Goal
Association
Task
Fig. 2. Denition of the business environment and assets step.
Data
Warehouse
382
4.1.2. Deriving information system security goals and constraints step

After deciding which BPs need to be implemented and all BP assets are dened, the IS security goals need to be derived
and dened in order to protect the proposed BP assets. Firstly, business analysts have to check the model BP and describe
what BP activities have to be secured according to the business managers and system users requirements and explain
any problems which were identied in their existing systems. For example, customer information must be secure to ensure
customer privacy, the relationship between the purchase department and manufacturer actors must be secure and access to
the data warehouse must be secure. The next step is that the IS security goals and constraints are derived using the i model.
The literature shows that several methodologies can be used to protect the BP assets, such as availability, secrecy and
integrity. Availability indicates the usability and accessibility of the BP assets upon a request from the business authorities
[27]. Secrecy, which is also referred to as condentiality, identies that information will neither be disclosed nor will it
be available to unauthorized entities, authorities, processes or individuals. Integrity identies the completeness and accuracy of the BP assets [53].
After dening the BP, the IS security goals have to be inserted into the BP. At this level, the IS security goals conrm the
denition of the organizations soft goals in the i language. The literature on requirements engineering shows that it is easy
to map IS security goals into business requirements [86]. Fig. 3 shows our case studys soft goals, such as secrecy measurement which is the soft goal for estimation. These security goals show how the BP and sensitive information about customers
is secured. For instance, the secrecy measurement security goal contributes to the customers trust and condence, and the
availability model security goal contributes to the companys condence. In addition, the security goals may be represented
as security dependencies in some cases when the actors indicate security issues rather than the companies soft goals. A new
actor, called electronic System eSys, is introduced in order to satisfy the reliability of the telecommunication companys
structure and dene the stakeholders who have security concerns in our case study.
4.2. Late requirements stage

The functional, non-functional and security requirements of the system to-be are described in the late requirements
stage. The to-be system introduces one or a set of actors that have a set of dependencies with other organizational actors
Availability
Model
Models
Place order
Technical Plans
Customers
Secrecy
Technical Plans
Selling
Department
Head Office
Estimating
Secrecy
Measurement
Check Payment
Manage
Customer Claims
Administration
Office
Secrecy
Make Payment
Check Avaliablity
Secrecy
Reliability
Structure
eSys
Receive Order
Purchase
Department
Make Order
Manufacturers
Secrecy
Measurement
Legend
Actor
Resource
Soft Goal
Goal
Task
Association
Fig. 3. Derivation of IS security goals and constraints step.
Update
Data
Warehouse
383
identied in the early requirements stage. Thus, the late requirements stage focuses on modeling the to-be security model
by adding and analyzing the security requirements and constraints where security requirements are the mechanisms or
techniques, such as access control, safeguard, encryption and decryption used to reduce the risks affect the business and
IS assets and solve the constraints or restrictions; where the access control is the selective restriction of access to the information by authorized persons or entities only; safeguard is the procedures or mechanisms to protect against the threat, limit
the information security incident impact, decrease the vulnerability and remove incidents, such as anti-virus software, backup or digital signatures (ensure the integrity and authentication of information); encryption is the process of encoding the
information in such way that hackers cannot read it while only the authorized person and entities can access the information
[38]; and decryption is the process of decoding the information.
In this stage, the security techniques are used to conrm that all of the business managers and system users requirements have been met. For example, recovery or backup techniques could be used to ensure data availability. Also, the digital
signature or password pin could be used to ensure authorization.
In our case study, the main aim of the telecommunication company is to improve the customers trust and condence and
assist the sales department to provide good service and conrm the customers payments. Therefore, the telecommunication
company depends on the eSys to provide an automated service, thus the eSys is introduced as a new actor in our case study
and is analyzed by using the same concepts used to analyze other actors in our case study. Any goals which cannot be met by
the systems actors or can be met in a better way by the eSys are assigned to the eSys actor.
The main goal of the eSys is to automate services in order to satisfy the dependencies between actors. Several sub-goals
must be met, as shown in Fig. 5, to fulll the automated service goal in the eSys as follows: structure calculation, provide
customer information, estimate tools use and conrm payment. Every sub-goal can be further analyzed by employing
eSys
Keep Data
Available
Automate
Service
Structure
Calculation
Validate
Technical Plan
Estimate Tools
Use
Confirm Payment
Provide
Customer
Information
Record Technical
Plan
Ensure Data
Availability
Secure System
Recovery
Estimate
Technical Plan
Share Information Only

if Customer Accept
Update Technical
Plan
Keep Data
Privacy
Backup
Procedure
Keep Data
Integrity
Block System
Access
Ensure Customer
Accept
Ensure Data
Privacy
Check
Authorization
Decrypt Data
Check
Information Flow
Check
Authorization
Legend
Actor
Task
Use Network
Monitor
Check
Password
Goal
Collect Audit
Data
Check Data
Integrity
Check Access
Control
Use System
Monitor
Check Digital
Signature
Encrypt Data
Ensure Data
Integrity
Soft Goal
Association
Fig. 4. Late requirements stage.
Use Authorization
Code Message
Use Digital
Message
384
mean end analysis. For instance, the estimate tools use goal is met in the fulllment of the record technical plan, estimate technical plan, update technical plan and validate technical plan sub-goals.
From a security point of view, there are three major security goals which need to be considered by the eSys: integrity,
privacy and availability. These security goals are shown in Fig. 4 as keep data integrity, keep data privacy and keep data
available. Furthermore, the eSys has to satisfy the share information only if customer accepts security goal. These security
goals can be satised by three major goals: ensure data integrity, ensure data privacy and ensure data availability
respectively while the keep data privacy security goal is also fullled by the block system access goal.
These three major goals are divided into different tasks and sub-goals. For example, the ensure data integrity goal is
divided into two different tasks: check data integrity which can be achieved by considering the use authorization code
message and the use digital message tasks and collect audit data which can be achieved by considering the use system
monitor and the use network monitor tasks. Moreover, the ensure data privacy goal is divided into two different tasks:
encrypt data and decrypt data, and two different sub-goals: ensure customer accepts and check authorization. The
check authorization sub-goal is divided into three different tasks: check access control, check information ow and
check authorization which can be achieved by performing the check digital signature and check password tasks. In
addition, the ensure data availability goal is achieved by considering two different tasks: recovery and backup
procedure.
4.3. Architectural design stage
In the architectural design stage, the existing actors are divided into sub-actors and the security goals are delegated. The
eSys actor is decomposed to the internal actors and the responsibility for fullling the eSys goals is delegated to these internal actors, as shown in Fig. 5. For example, the ensure data availability and ensure data privacy goals are delegated to the
availability manager and privacy manager internal actors, respectively. Furthermore, the ensure data integrity goal is
delegated to two different actors: integrity verication manager is delegated to the check data integrity task and audit
manager is delegated to the collect audit data, whereas the check authorization goal is delegated to three different actors: authorized manager is delegated to the check authorization task, eSys guard is delegated to the check information ow and access control manager is delegated to the check access control task.
The block system access goal is delegated to the system access manager actor while the acceptance manager and
customer broker actors are introduced into the eSys actor in order to satisfy the security goals of obtaining customer information together in the share information only if the customer accepts. In addition, the conrm payment goal is delegated
eSys
Update
Technical
Plan
Estimate
Technical
Plan
Record
Technical
Plan
Validate
Technical
Plan
Structure
Calculation
Confirm
Payment
Provide
Customer
Information
Ensure
Customer
Accept
Block System
Access
Check
Authorization
Ensure Data
Privacy
Ensure Data
Integrity
Ensure Data
Availability
Technical
Plan
Update
Manager
Technical
Plan
Estimate
Manager
Technical
Plan
Record
Manager
Technical
Plan
Validate
Manager
Structure
Calculatio
n Manager
Payment
Manager
Customer
Broker
Acceptan
ce
Manager
System
Access
Manager
Authoriza
tion
Manager
Privacy
Manager
Integrity
Manager
Availabilit
y
Manager
Check
Authorization
Check
Information Flow
Check Access
Control
Collect Audit
Data
Check Data
Integrity
Authorized
Manager
eSAP
System
Guard
Access
Control
Manager
Audit
Manager
Integrity
Verification
Manager
Legend
Actor
Goal
Task
Association
Fig. 5. Dividing existing actors into sub-actors and delegating security goal level.
385
to the payment manager actor, whereas the structure calculation goal is delegated to the structure calculation manager. Finally, validate technical plan, record technical plan, estimate technical plan and update technical plan goals
are delegated to the technical plan validate manager, the technical plan record manager, the technical plan estimate
manager and the technical plan update manager actors, respectively.
4.4. Detail design stage
The detail design stage focuses on dening the architecture elements that have been dened in the previous stages in
more detail in relation to inputs, outputs, controls and security. In other words, the system developers identify the actors
interactions in detail throughout the detail design stage, taking the security-related aspects derived from previous stages
into account.
In this stage, the UML sequence diagram is used to model the agent interaction between the system actors, as shown in
Fig. 6 [29,57]. A sequence diagram shows the ow of events. It consists of objects represented in the usual way (as named
rectangles with the name underlined), messages represented as solid-line arrows, and time represented as a vertical progression. The UML enables us to expand our eld of view and show how an object interacts with other objects. In this expanded
eld of view, we have included an important dimension, time. The key idea here is that the interactions among objects take
place in a specied sequence, and the sequence takes time to go from beginning to the end. Extending downward from each
object is a dashed line called the objects lifeline. Along the lifeline is a narrow rectangle called activation. The activation
represents an execution of an operation the object carries out. The length of the rectangle signies the activations duration
where duration and time in general are represented in a rough and ordinal way. This means that each dash in a lifeline usually does not stand for a specic unit of time but is intended to give a general sense of duration.
In this stage, the nal IS requirements and development are generated using the UML sequence diagram [65]. The UML
sequence diagram illustrates the interactions with arrowed lines between the customer, head ofce, administration ofce,
eSys guard, privacy manager, authorized manager, data warehouse, purchasing department and shipment actors which
are graphically shown by the rectangles at the top of diagram.
The customers place their order with head ofce and then the payment is checked. If the payment is accepted, the order is
accepted, otherwise, the order is cancelled. The security rules which are similar to the business rules as dened by the
UML are introduced. These security rules are placed on notes and attached to the related actor interactions. Next, the
Customer
Head Office
Administration Office
eSys Guard
Privacy Manager
Authorized Manager
Data Warehouse
Purchase Department
Shipment
Place Order
Accept Order
Check Payment
eSys Access Request
Encryption Request
If Authorization
Clearance is Provided
then Accept eSys
Access Request
Else Reject eSys
Access Request
Plain Text Request

Authorization Request
Ask for Authorization Information
Provide Authorization Information
If Payment is
Accepted then
Accept Order
Else Reject
and Cancel
Order
If Authorization
Information is
Valid then Provide
Clearance
Else Reject
Authorization
Clearance
If Stock is Available
then Create Packet
and Ship Item
Else Order Item
from Manufacturers
and Inform Delivery
Time
Authorization Clearance
eSys Access Reply
Accept Payment
Proceed Order
Check Availability
Manage Order
Create Packet
Ship Item
Item Shipped
Fig. 6. Sequence diagram for agent interaction.
386
administration ofce sends the eSys access request to the eSys guard and then the incoming request is decrypted with the
aid of the privacy manager. In the next step, after providing the authorization information, this authorization information is
checked to ensure it is valid, and authorization clearance is provided. Otherwise, the authorization clearance is rejected.
The eSys guard sends the eSys access reply to the administration ofce. The eSys access request is accepted if authorization clearance is provided. Otherwise, the eSys access request is rejected. After accepting the customers payment, the order
is progressed by checking the availability of the product in the data warehouse. If the stock is available, a packet is created
and the item is shipped to the customer. Otherwise, the purchasing department orders the item from the manufacturer and
informs the customer of the delivery time.
This generated UML sequence diagram gives an accurate picture of the system requirements, therefore it is sent to the IS
developers for implementation who will check the UML sequences diagram design. If anything needs to be changed or if
there is an error, they send it back to the IS analysts and modelers for modication. Otherwise, the UML sequence diagram
design will pass to the implementation stage. At this stage, the secure BP is completed, analyzed, modeled and developed,
and the UML class diagram is ready for development for implementation purposes.
4.5. Implementation stage

In the implementation stage, the UML class diagram is generated as the rst step for Java coding. Class diagrams help on
the analysis side, too. They enable IS analysts and modelers to talk to clients in the clients terminology and thus encourage
the clients to reveal important details about the problem they want to solve.
Fig. 7 show the UML class diagram for our proposed case study. There are nine classes involved in generating the class
diagram: customer, head ofce, administration ofce, eSys guard, authorized manager, privacy manager, data warehouse,
purchase department and shipment. This system is developed with the intention of ensuring the ease of purchasing commodities online and transporting these to the customer. The process starts with the customers placing an order and paying
for the mobile they have bought. Then, the payment and order are veried and the order number is sent to the administration ofce. The administration ofce checks the availability of the ordered mobile and conrms from the purchase department if the quantity ordered is available in the data warehouse and then informs head ofce. The customers information is
sent to the eSys guard where a secret code for the customer and a password for the order details are generated to ensure
security in delivering the new mobile. The eSys guard interacts with the privacy manager to generate an encryption for
the customer with its secret word. After head ofce receives the information from the administration ofce, it permits
the transportation of the new mobile to the customer.
Fig. 7. Class diagram for mobile phone order management process.
387
The UML classes have different levels of interaction with each other; some classes such as administration ofce and head
ofce have a generalization type of relationship. There is also one-to-many relationship, such as the relationship between the
customer and the head ofce. For example, the company has many customers but only has one head ofce. Different customers can place orders and the same head ofce counterchecks their credentials before shipment takes place. Furthermore,
in our case study, we have a one-to-one relationship between the privacy manager and the eSys guard classes. For example,
only one eSys guard and one privacy manager are required for the generation of encryption codes and the secret words for
decryption. In addition, in our case study, we have a many-to-many relationship, such as the relationship between the purchase department and data warehouse. For example, the company can have several purchase departments according to its
different products and mobile brands. Also, each department may have its own data warehouse or have many data warehouses for the storage of their mobile brands [17,18].
At this stage, the secure BP is completed, analyzed, modeled and developed, and is ready to be implemented using one of
different implementation languages, such as Java, C++, and C. Before staring the implementation, the classes have to be
checked. If there is any error or anything needs to be changed, the model is sent back to the IS analysts and modelers. Otherwise, the model is implemented and it has to be tested, simulated and run in a similar environment before being used in the
real business environment.
5. Evolution theoretical background and research framework
The following areas were considered for the purposes of this paper:
Service Quality (SQ): This involves following up on the customers requests in a timely manner, providing outstanding
assistance to customers and responding to the customers complaints promptly.
Business Process Time (BPT): This involves reducing the time that the customer has to wait to be served and improving the
companys service time.
Business Process Cost (BPC): This involves offering a competitive service and price compared to other companies.
Customer Satisfaction (CS): This involves meeting the customers expectations resulting in the company being the customers rst choice.
5.1. Research framework
Fig. 8 presents our research framework and illustrates the most important relationships between the concept of our proposed framework and business performance areas: SQ, BPT, BPC and CS.
5.1.1. Service Quality (SQ)
SQ is an important aspect for rms to maintain a stronghold position and it is a key indicator of business performance in
todays competitive environment. It is dened as the delivery of superior or excellent service which meets customer
expectations.
The provision of a service is quite different from the provision of a good or product. It is a process involving a number of
intangible activities which normally take place in the interactions between customers and service employees or the system
of the service provider as a solution to the customers problems. Thus, there is a relationship between the customer and service provider where the key issue for the service provider is to use this relationship to manage customers by offering them
what they want or need [83].
SQ is subjectively perceived by the customers during their interactions with the company or the service provider. SQ is
dened as the customers judgment of the companys SQ. In other words, it involves determining whether the perceived service exceeds, meets or fails to meet the customers expectations which can ensure the companys continued competitive
advantage [33].
One of the most commonly used measurement models of service quality is SERVQUAL which measures the difference between customer expectations and: (1) tangibles: the appearance of the physical facilities, employees, equipment and the
communication materials from the service provider; (2) reliability: the ability of the service provider to perform the agreed
SQ
BPC
H1
H3
Proposed Secure
Model
H2
BPT
H4
CS
Fig. 8. Conceptual research framework evaluation.
388
service accurately and dependably; (3) assurance: the employees knowledge and behavior to convey condence and trust;
(4) responsiveness: the degree to which the service provider assists the customer and provides services on time; and (5)
empathy: the degree to which the service provider provides care to its customers and whether it has suitable working or
operating hours [84].
Another commonly used measurement model of SQ was proposed by Gronroos Dabholkar and Overby [30] and uses the
following criteria for perceived SQ: (1) employees attitudes and behavior; (2) professionalism and skills; (3) accessibility
and exibility; (4) service recovery; (5) reliability and trustworthiness; and (6) reputation and credibility.
In our proposed research paper, we tested seven items on SQ: (1) the employee follows up the customers request in a
timely manner; (2) employees provide high quality assistance to customers; (3) employees respond to the customers complaints promptly; (4) employees provide a very high quality service; (5) employees offer personalized services to meet the
customers needs; (6) customers feel it is safe to use the companys services; and (7) employees can tell customers exactly
when the services will be performed.
5.1.2. Business Process Time (BPT)
Time is a human concept which is commonly accepted in the social sciences. Also, time is a concept which affects the
understanding of business processes where, from the operational point of view, time is seen as in time-to-market and lead
time [46].
There are different situations where customers have to wait to be served, such as waiting for a replying to a service enquiry, waiting to receive a password and username reminder, waiting to receive conrmation for an online transaction and
payment and waiting at a check out when making a complex purchase [7,11].
Customers often select a service provider based on the perceived time they wait to be served or wait for a delivery. A shipment delay or a wait time which is perceived to be too long may negatively inuence their probability of making a purchase
whereas customers are attracted by perceived high quality and fast service. Hence, the time perception can inuence customer satisfaction. In addition, the BP cycle time is a key success factor in achieving a competitive advantage and its measurement must be considered prior to deciding which is the most appropriate business process change [43].
In our proposed research paper, we tested three items for BPT: (1) reducing the time that the customer has to wait to be
served; (2) having a shorter development cycle time to create a new service; and (3) improving the companys service in a
short time.
5.1.3. Business Process Cost (BPC)
Cost is dened as the customers assessment of the difference between the companys product or service cost and the cost
of other comparative companies and whether they feel this is acceptable, reasonable or justiable, where cost is the critical
determinant affecting the customers buying decision. Customers usually select a service provider based on the perceived
cost.
The cost presents an image of the product or service, and indicates its uniqueness, quality and value. If customers do not
have any experience with the service or product or have insufcient time or interest to evaluate the service or product quality, they are likely to use cost as the assessment tool [70].
The amount to be paid by customers varies according to their different wants and needs. A cost which is perceived as too
high may negatively inuence a customers probability of making a purchase whereas customers are likely to be attracted by
perceived high quality services at a perceived competitive price. Hence, cost perception can inuence CS [23].
In our proposed research paper, we tested four items for BPC: (1) offering a reasonable price; (2) offering a exible price
for different services; (3) reducing the operational cost; and (4) offering a competitive service and price compared to other
companies.
5.1.4. Customer Satisfaction (CS)
Satisfaction is a multi-dimension construct that is conceptualized as a condition of the relationship between the customer
and the company. It is usually dened as the full meeting of ones expectations and is measured by the customers feelings
towards the product or services after it has been used [4]. Satisfaction is dened as the overall evaluation based on the total
purchase and consumption experience of the target service and product performance compared with repurchase expectations over time [20,24].
Usually, CS improves the quality of the relationship between the service providers and customers and increases the probability of a repeated purchase. Furthermore, CS usually results in increased word-of-mouth advertising, sales, protability,
and stock value, decreased complaint behavior, warranty cost and business risk, and enhanced corporate image [51].
CS is the result of an affective and cognitive evaluation where several evaluations are compared to the perceived performance. When the perceived performance is less than expected, the customers are dissatised. However, when the perceived
performance exceeds expectations, the customers are satised. Increasing CS can improve the companys performance because it leads to a higher customer retention rate and increases customers repurchase behavior [3,22].
The customers perception of services or products is used to measure CS. Five emotions are perceived by customers as
being satisfactory: (1) satisfaction: the service or product can be accepted or tolerated; (2) content: the service or product
results in a positive and happy experience; (3) relieved: the service or product can remove a negative state of mind;
389
(4) surprise: the service or product makes the customer surprisingly satised; and (5) novelty: the service or product is
exciting or novel.
In our proposed research paper, we tested four items for CS: (1) meeting the customers expectations easily; (2) the customer is satised with the service of the employee (3) only receiving a few complaints; and (4) the company is the rst
choice for customers.
5.2. Exploratory hypotheses
Based on our proposed research framework, we formulated the following four hypotheses:
H1. A secure business PM is positively associated with SQ.
H2. A secure business PM is positively associated with BPT.
H3. A secure business PM is positively associated with BPC.
H4. A secure business PM is positively associated with CS.
6. Evaluation methodology
An exploratory survey research methodology was chosen to investigate the proposed issue. This research was the rst
large-scale study undertaken in Saudi Arabian Telecommunication companies on business PM. The research was divided into
the following phases:
A wide-ranging analysis of the existing literature was conducted to determine the major dimensions of SQ, BPT, BPC, CS
and our proposed secure business PM.
A questionnaire was designed to investigate a secure business PM in a real world setting and was given to business and IT
managers in Saudi Arabian Telecommunication companies [35]. This questionnaire contained 19 items and was based on
a ve-point Likert scale.
The resulting data were subjected to reliability, internal consistency and validity analyses [69].
Bivariate correlation analysis was used to examine the relationship between SQ, BPT, BPC, CS and our proposed secure
business PM factors.
6.1. Data collection and measurement analysis
The research was carried out in Saudi Arabian Telecommunication companies. We gave 150 surveys to business and IT
managers and received 130 valid returned surveys. Thus, the response rate was 86.66% which is very good for this particular
way of contacting participants.
A ve-point Likert scale, ranging from strongly disagree to strongly agree, was used to indicate the degree or extent of
every item as practiced by their business unit [76] so that we could calculate the weighted mean of the responses to the
statements on each factor.
Reliability, internal consistency and construct validity were assessed in order to determine the measurement properties
of the constructs used in the statistical analysis by using Cronbachs alpha [34].
6.2. Reliability
When conducting an evaluation survey, it is essential to know that the instrument will elicit consistent and reliable responses, even if the questions are replaced by similar questions. When a variable generated from such a set of questions returns a stable response, then the variable is said to be reliable. The measurement of reliability includes: (1) stability; (2)
internal reliability; and (3) inter-observer consistency [28].
Reliability has two components: stability in time and equivalence in terms of means. The main instruments for the assessment of reliability are the test and retest method to measure stability and Cronbachs alpha to measure equivalence. As these
variables were developed for the rst time, we concentrated on the second aspect.
Cronbachs alpha is an index of reliability associated with the variation accounted for by the true score of the underlying
construct. An alpha coefcient ranges in value from 0 to 1. The higher the value, the more reliable the generated scale. In
other words, newly developed measures can be accepted with a P 0.6 and a P 0.7 should be the threshold while the measure is very reliable if a P 0.8. We used Cronbachs alpha coefcient to evaluate the reliability of the scale for the factors
being evaluated, and we obtain the results shown in Table 3.
The values of Cronbachs alpha tend to be large (more than 0.8), that is, close to 1.0, which indicates the reliability of the
scale.
390

Table 3
Reliability of the factors.
Factors
SQ
CS
BPC
BPT
Proposed secure business PM
Total
Number of statements
Cronbachs alpha
7
4
4
3
1
0.893
0.904
0.905
0.888
0.828
19
0.883
6.3. Validity
The validity of the measure refers to the extent to which it measures what it was intended to measure. There are different
types of validity: content validity, criterion-related validity and construct validity. Content validity is determined by the experts and the existing literature without any statistical analysis. Criterion-related validity relates to the predictive nature of
the research instrument to achieve the objective outcome. Construct validity measures the extent to which the items in the
scale measure the same construct.
Each item of the questionnaire was critically reviewed by ve university academics and ve business and IT managers
from different Saudi Arabian Telecommunication companies in order to establish criterion validity.
Construct validity is the most complex and critical factor in substantiating the testing of different properties which can be
accessed from measurement.
6.4. Bivariate correlation analysis
The hypotheses require testing the strength of the relationship between two factors, such as the relationship between our
proposed secure business PM and BPC, our proposed secure business PM and BPT, our proposed secure business PM and SQ
and our proposed secure business PM and CS. The bivariate correlation analysis is used to test these relationships in the
hypotheses.
6.5. Variable construction and description
Internal consistency analysis was performed separately using the Statistical Package for the Social Sciences (SPSS) programme, which is software developed by IBM used for statistical analysis of variables and items.
To calculate internal consistency, one item is removed from the items and Cronbachs alpha is used for the remaining
items. If the calculated alpha is more than the alpha for all other items, this means that reliability has increased; therefore,
this item is removed. Conversely, if the calculated alpha is less than the alpha for all other items, this means that reliability
has decreased; therefore, we retain the item. We repeat this procedure for each item [66].
Table 4 shows the results of the internal consistency of the statements relating to SQ, BPT, BPC and CS, respectively showing the correlation between the item and the total measure of internal validity.
The value of Cronbachs alpha for each item (if the item was removed), with the exception of SQ6, is less than the total
value, which indicates the internal consistency of the item on SQ. All correlations are 0.30 or greater which indicates the reliability of the items, however deleting item SQ6 would increase the total alpha from .893 to .914, suggesting that this item
should be deleted.
Also, the value of Cronbachs alpha for each item (if the item was removed), with the exception of BPT3, BPC4 and CS4, is
less than the total value which indicates the internal consistency of the items on BPT, BPC and CS respectively. All item-total
correlations are considerably greater than 0.30.
7. Results of descriptive statistics and bivariate correlation analysis
7.1. Descriptive statistics
To study the degree of importance of each item, in Table 4, we classify the responses to the items on our proposed secure
business PM, SQ, BPT, BPC and CS. In addition, we calculate the mean score and standard deviation by calculating the mean of
all the responses.
The overall response to most of the items on SQ is Agree, which means that the overall response of the study sample is
Agree on SQ. The results in Table 4 indicate that the most important items on SQ are: the employee follows up a customers
request in a timely manner (SQ1), the employee offers personalized services to meet the customers needs (SQ5), employees
391

Table 4
Consistency, validity and descriptive statistics for the items on all factors.
Items
Correlation between item and total
Cronbachs alpha if item deleted
Weighted mean
Std. deviation
SQ1
SQ2
SQ3
SQ4
SQ5
SQ6
SQ7
0.753
0.769
0.742
0.816
0.815
0.300
0.641
0.871
0.869
0.872
0.862
0.862
0.914
0.885
3.60
3.54
3.50
3.51
3.55
3.29
3.53
0.85
0.84
0.88
0.95
1.01
0.70
0.97
0.893
3.50
0.968
0.814
0.772
0.929
3.78
3.68
3.67
0.87
0.90
0.94
0.888
3.71
0.90
0.867
0.852
0.878
0.911
3.76
3.78
3.65
3.64
0.82
0.78
0.73
0.85
0.905
3.71
0.80
0.857
0.858
0.879
0.911
3.68
3.68
3.60
3.52
0.87
0.84
0.84
0.93
0.904
3.62
0.87
Total
BPT1
BPT2
BPT3
0.813
0.858
0.682
Total
BPC1
BPC2
BPC3
BPC4
0.816
0.858
0.788
0.698
Total
CS1
CS2
CS3
CS4
0.839
0.837
0.778
0.697
Total
provide high quality assistance to customers (SQ2), employees can tell customers exactly when the services will be performed (SQ7), the employee provides a very high quality service (SQ4) and the employee responds to customers complaints
promptly (SQ3), in descending order of priority.
The overall response to all the items on BPT is Agree, which means that the overall response of the study sample is
Agree on BPT. The results in Table 4 indicate that the most important items on BPT are: reducing the time that the customer
has to wait to be served (BPT1), having a shorter cycle time to create a new service (BPT2) and improving the companys
services in a short time (BPT3), in descending order of priority.
The overall response to all the items on BPC is Agree, which means that the overall response of the study sample is
Agree on BPC. The results in Table 4 indicate that the most important items on BPC are: offering a exible price for different
services (BPC2), offering a reasonable price (BPC1), reducing the operational cost (BPC3) and offering a competitive service
and price (BPC4), in descending order of priority.
The overall response to all the items on CS is Agree, which means that the overall response of the study sample is Agree
on CS. The results in Table 4 indicate that the most important items on CS are: meeting the customers expectations easily
(CS1) and the customer is satised with the service of the employee (CS2) where these two items have the same weighted
mean of 3.68. The third and fourth most important items are: only receiving a few complaints (CS3) and the company is the
rst choice for customers (CS4), in descending order of priority.
7.2. Bivariate correlation analysis

When discussing the results of the bivariate correlation analysis, careful attention should be given to the magnitude of the
bivariate correlation coefcient and the level of statistical signicance. In the following four sections, all four hypotheses will
be discussed.
Table 5
Hypothesis Results.
Factors
Our proposed secure business PM
**
Pearson correlation
Sig.
Correlation is signicant at the 0.01 level (2-tailed).
SQ
BPT
BPC
CS
0.395**
<0.001
0.307**
<0.001
0.253**
<0.004
0.263**
<0.003
392

Table 6
Summary of hypotheses results.
Hypotheses
H1:
H2:
H3:
H4:
A
A
A
A
secure
secure
secure
secure
Results
business
business
business
business
PM
PM
PM
PM
is
is
is
is
positively
positively
positively
positively
associated
associated
associated
associated
with
with
with
with
SQ
BPT
BPC
CS
Supported
Supported
Supported
Supported
7.2.1. The rst hypothesis (H1)

Hypothesis (H1) tested whether our proposed secure business PM is positively associated with SQ. As shown in Table 5,
the value of Pearsons correlations coefcient (r) is 0.395 and it is statistically signicant at the p < 0.001 level. The result
indicates that there is a good relationship between our proposed secure business PM and SQ.
7.2.2. The second hypothesis (H2)
Hypothesis (H2) tested whether our proposed secure business PM is positively associated with BPT. As shown in Table 5,
the value of Pearsons correlations coefcient (r) is 0.307 and it is statistically signicant at the p < 0.001 level. The result
indicates that there is a relationship between our proposed secure business PM and BPT.
7.2.3. The third hypothesis (H3)
Hypothesis (H3) tested whether our proposed secure business PM is positively associated with BPC. As shown in Table 5,
the value of Pearsons correlations coefcient (r) is 0.253 and it is statistically signicant at the p < 0.004. The result indicates
that there is a relationship between our proposed secure business PM and BPC.
7.2.4. The fourth hypothesis (H4)
Hypothesis (H4) tested whether our proposed secure business PM is positively associated with CS. As shown in Table 5,
the value of Pearsons correlations coefcient (r) is 0.263 and it is statistically signicant at the p < 0.003. The result indicates
that there is a relationship between our proposed secure business PM and CS.
7.2.5. The summary of hypothesis results
Bivariate correlation coefcient analysis was used to test the hypotheses of this study to clarify the relationships between
SQ, BPT, BPC, CS and our proposed secure business PM. The summary of the hypotheses results is shown in Table 6.
8. Conclusion and implications
Security can play a crucial role in BPs and e-commerce. However, the literature shows that it is quite challenging to add
security into BPs for several reasons. Firstly, the integration of security into a developed BP is not very well understood. Secondly, security properties are complicated and error-prone when integrated by hand. Furthermore, the lack of experience of
IS developers can lead to security leaks. Therefore, IS developers need to have concrete guidelines and appropriate tools to
develop secure applications.
Security must be considered throughout the entire business development process and requirements specications should
be identied. In this paper, we present an integrated security and IS engineering approach throughout all the software development process stages by using the i language. We have divided our proposed framework into three separate parts: modeling the business environment, modeling the information technology system and modeling the IS security.
Modeling IS security consists of ve major stages: (1) early requirements stage; (2) late requirements stage; (3) architectural design stage; (4) details design stage; and (5) implementation stage. In the early requirements stage, the business environment and assets are identied and the IS security goals and constraints are derived, whereas in the late requirements
stage, the to-be security model is modeled by adding and analyzing the security requirements and constraints. Furthermore, in the architectural design stage, the existing actors are divided into sub-actors and the security goals are delegated
while in the details design stage, the architecture elements are dened in more detail by using the UML sequence diagram
for the agent interaction diagram. In the implementation stage, the UML class diagram is generated as the rst step for the
Java coding.
A mobile phone order management process in a telecommunication company was used as a case study in order to validate our proposed framework. Also, the questionnaire method was used to evaluate our proposed secure business PM and
investigate its impact on the BP performance. The results showed that our proposed secure business PM is positively associated with SQ, BPT, BPC and CS. The results show that considering security IS goals in the whole system development process can have a positive inuence on system implementation and better meet business expectations.
It is important to protect business assets in order to ensure the survival of the organization, thus developers and companies need to be aware of the importance of following the structure when applying our proposed secure business PM. Firstly,
they need to agree that their existing business PM has several drawbacks and is limited in its ability to support their
393
requirements and they then need to discuss their requirements with the business analysts. Secondly, the business assets
need to be dened and simulated to reect how they appear in the real business environment using the i model. Thirdly,
the business analysts and modelers should analyze which activities in the BPs could be at risk and need to be protected, such
as customer information and payment methods. Thus, the IS security goals and constraints need to be derived and dened
using the i model in order to protect the proposed BP assets.
Thirdly, IS modelers need to select the best security techniques, such as recovery, backup and digital signatures to ensure
that all the business managers and system users requirements have been met. Fourthly, after agreeing with all the security
techniques, the BP sequence is developed using the UML sequence diagram in order to generate the nal IS requirements and
development. Fifthly, IS modelers should generate the UML class diagram for implementation purposes, thus a secure BP is
completed, analyzed, modeled, developed and ready for implementation. Finally, before starting the implementation, the
classes have to be checked. If anything needs modication, the model is sent back to the IS analysts and modelers. Otherwise,
the model is implemented and it must be tested, simulated and run in a similar environment before being used in the real
business environment.
Two major implications can be derived from the study for IS developers and business organizations. First, for developers,
the study shows how system security goals can be derived from the business environment and dened during the whole
system development process which results in an improved system. Second, for the business organization, it can increase customer condence and trust which can lead to an increase the company prot. Also, the results of this research provide
important evidence for business managers that creating a secure business PM can enhance the business performance. However, the paper has two limitations. In the validation of our proposed model, we only tested our proposed framework on one
BP. Thus, in the future, we would like to test our framework with more than one BP in different business sectors. In the evaluation of our proposed model, it is important to remember that the study was conducted only in telecommunication companies where our questionnaires were answered only by IT and business managers in Saudi Arabian telecommunication
companies. Therefore, our results cannot be used as a standard and might not be directly transferrable to any sized rm
and any other country. Moreover, our results may be affected by common method variance as we collected our data from
participants by using the same survey and at the same time. Further research may expand the survey and test the questionnaires on other groups in order to reduce sample errors.
Appendix A
Statement
Description
A. Statements on service quality

SQ1
A mobile telecom employee should follow up a customers request in a timely manner
SQ2
A mobile telecom employee should provide high quality assistance to customers
SQ3
A mobile telecom employee should be able to respond to customers complaints more quickly
SQ4
A mobile telecom employee should provide very high quality services
SQ5
A mobile telecom employee should offer personalized services to meet the customers needs
SQ6
Customers should feel safe using the services of a mobile telecom company
SQ7
A mobile telecom employee should be able to tell customers exactly when the services will be performed
B. Statements of business process time
BPT1
A mobile telecom employee should be able to reduce the time the customer has to wait to be served
BPT2
A mobile telecom company should have a shorter cycle time to create a new service
BPT3
A mobile telecom company should be able to improve its service in a short time
C. Statements of business process cost
BPC1
A mobile telecom company
BPC2
BPC3
BPC4
should
should
should
should
offer a reasonable price

offer a exible price for different services
reduce the operational cost
offer a competitive service and price compared to other companies
D. Statements of customer satisfaction

CS1
A mobile telecom employee should meet the customers expectations easily
CS2
A mobile telecom employee will be able to satisfy the customer
CS3
There will only be a few complaints
CS4
This mobile telecom company will be the rst choice for customers
394
References
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
[23]
[24]
[25]
[26]
[27]
[28]
[29]
[30]
[31]
[32]
[33]
[34]
[35]
[36]
[37]
[38]
[39]
[40]
[41]
[42]
[43]
[44]
[45]
[46]
[47]
[48]
[49]
[50]
[51]
F. Aburub, M. Odeh, I. Beeson, Modelling non-functional requirements of business processes, Inf. Softw. Technol. 49 (2007) 11621171.
R.S. Aguilar-Savn, Business process modelling: review and framework, Int. J. Prod. Econ. 90 (2004) 129149.
C.C. Aguwa, L. Monplaisir, O. Turgut, Voice of the customer: customer satisfaction ratio based analysis, Expert Syst. Appl. 39 (2012) 1011210119.
A. Ahmad, L. Dey, S.M. Halawani, A rule-based method for identifying the factor structure in customer satisfaction, Inf. Sci. 198 (2012) 118129.
K. Alghathbar, Validating the enforcement of access control policies and separation of duty principle in requirement engineering, Inf. Softw. Technol. 49
(2007) 142157.
K. Alghathbar, D. Wijesekera, authUML: a three-phased framework to analyze access control specications in use cases, in: Proceedings of the 2003
ACM workshop on Formal Methods in Security Engineering, ACM, Washington, D.C., 2003, pp. 7786.
Y. Alotaibi, F. Liu, Average waiting time of customers in a new queue system with different classes, Bus. Process Manage. J. 19 (2013) 146168.
Y. Alotaibi, F. Liu, Business process modelling towards derivation of information technology goals, in: 2012 45th Hawaii International Conference on
System Science (HICSS), 2012, pp. 43074315.
Y. Alotaibi, F. Liu, A new framework to model a secure E-commerce system, Int. J. Soc. Hum. Sci. 6 (2012) 162168.
Y. Alotaibi, F. Liu, How to model a secure information system (IS): a case study, Int. J. Inform. Educ. Technol. 2 (2012) 94102.
Y. Alotaibi, F. Liu, Queuing system for different classes of customers, Int. J. Bus. Inform. Syst. 13 (2013).
R.J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, Hoboken, 2010.
M. Backes, B. Ptzmann, M. Waidner, Security in business process engineering, in: W.P. Aalst, M. Weske (Eds.), Business Process Management,
Springer, Berlin Heidelberg, 2003, pp. 168183.
C. Bai, J. Sarkis, A grey-based DEMATEL model for evaluating business process management critical success factors, Int. J. Prod. Econ. 146 (2013)
281292.
D. Basin, M. Clavel, J. Doser, M. Egea, Automated analysis of security-design models, Inf. Softw. Technol. 51 (2009) 815831.
G. Beydoun, G. Low, Generic modelling of security awareness in agent based systems, Inf. Sci. 239 (2013) 6271.
T. Bouabana-Tebibel, M. Belmesk, An object-oriented approach to formally analyze the UML 2.0 activity partitions, Inf. Softw. Technol. 49 (2007)
9991016.
T. Bouabana-Tebibel, S.H. Rubin, An interleaving semantics for UML 2 interactions using Petri nets, Inf. Sci. 232 (2013) 276293.
G.n. Bykzkan, D. Ruan, Choquet integral based aggregation approach to software development risk assessment, Inf. Sci. 180 (2010) 441451.
H.H. Chang, S.W. Chen, The impact of customer interface quality, satisfaction and switching costs on e-loyalty: internet experience as a moderator,
Comput. Hum. Behav. 24 (2008) 29272944.
P.-C. Chao, H.-M. Sun, Multi-agent-based cloud utilization for the IT ofce-aid asset distribution chain: an empirical case study, Inf. Sci. 245 (2013)
255275.
S.-I. Chiu, C.-C. Cheng, T.-M. Yen, H.-Y. Hu, Preliminary research on customer satisfaction models in Taiwan: a case study from the automobile industry,
Expert Syst. Appl. 38 (2011) 97809787.
C. Cho, S. Lee, A study on process evaluation and selection model for business process management, Expert Syst. Appl. 38 (2011) 63396350.
T.M. Choi, P.S. Chow, S.C. Liu, Implementation of fashion ERP systems in China: case study of a fashion brand, review and future challenges, Int. J. Prod.
Econ. (2013).
L. Chung, B.A. Nixon, Dealing with non-functional requirements: three experimental studies of a process-oriented approach, in: Proceedings of the
17th International Conference on Software Engineering, ACM, Seattle, Washington, USA, 1995, pp. 2537.
M.G.C.A. Cimino, F. Marcelloni, Autonomic tracing of production processes with mobile and agent-based computing, Inf. Sci. 181 (2011) 935953.
M. Comuzzi, I. Vanderfeesten, T. Wang, Optimized cross-organizational business process monitoring: design and enactment, Inf. Sci. 244 (2013)
107118.
L. Cronbach, Coefcient alpha and the internal structure of tests, Psychometrika 16 (1951) 297334.
J.A. Cruz-Lemus, M. Genero, D. Caivano, S. Abraho, E. Insfrn, J.A. Cars, Assessing the inuence of stereotypes on the comprehension of UML sequence
diagrams: a family of experiments, Inf. Softw. Technol. 53 (2011) 13911403.
P.A. Dabholkar, J.W. Overby, Linking process and outcome to service quality and customer satisfaction evaluations: an investigation of real estate agent
service, Int. J. Serv. Ind. Manage. 16 (2005) 1027.
F. DAubeterre, R. Singh, L. Iyer, Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business
processes, Eur. J. Inform. Syst. 17 (2008) 528542.
F. DAubeterre, R. Singh, L. Iyer, A semantic approach to secure collaborative inter-organizational eBusiness processes (SSCIOBP), J. Assoc. Inform.
Syst. 9 (2008) 231247. 249250, 252, 254256, 258261, 263266.
J. de Oa, R. de Oa, F.J. Calvo, A classication tree approach to identify key factors of transit service quality, Expert Syst. Appl. 39 (2012) 1116411171.
W. Dick, N. Hagerty, Topics in Measurement: Reliability and Validity, McGraw-Hill Book Company, 1971.
D.A. Dillman, Mail and Telephone Surveys: The Total Design Method, Wiley, 1978.
M. El-Attar, A framework for improving quality in misuse case models, Bus. Process Manage. J. 18 (2012) 168196.
M. El-Attar, Towards developing consistent misuse case models, J. Syst. Softw. 85 (2012) 323339.
L. Fang, W. Susilo, C. Ge, J. Wang, Public key encryption with keyword search secure against keyword guessing attacks without random oracle, Inf. Sci.
238 (2013) 221241.
N. Feng, H.J. Wang, M. Li, A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation
analysis, Inf. Sci. (2014).
P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, Requirements engineering for trust management: model, methodology, and reasoning, Int. J. Inf.
Secur. 5 (2006) 257274.
G. Goluch, A. Ekelhart, S. Fenz, S. Jakoubi, S. Tjoa, T. Muck, Integration of an ontological information security concept in risk aware business process
management, in: Hawaii International Conference on System Sciences, Proceedings of the 41st Annual, 2008, pp. 377377.
G. Grau, X. Franch, N.A.M. Maiden, PRiM: an i-based process reengineering method for information systems specication, Inf. Softw. Technol. 50
(2008) 76100.
A. Gregoriades, A. Sutcliffe, A socio-technical approach to business process simulation, Decis. Support Syst. 45 (2008) 10171030.
D. Gritzalis, C. Lambrinoudakis, A security architecture for interconnecting health information systems, Int. J. Med. Informatics 73 (2004) 305309.
C.B. Haley, J.D. Moffett, R. Laney, B. Nuseibeh, A framework for security requirements engineering, in: Proceedings of the 2006 International Workshop
on Software Engineering for Secure Systems, ACM, Shanghai, China, 2006, pp. 3542.
A. Halinen, C.J. Medlin, J.-. Trnroos, Time and process in business network research, Ind. Mark. Manage. 41 (2012) 215223.
T. Herath, H.R. Rao, Protection motivation and deterrence. a framework for security policy compliance in organisations, Eur. J. Inform. Syst. 18 (2009)
106125.
J. Jrjens, Towards development of secure systems using UMLsec, in: H. Hussmann (Ed.), Fundamental Approaches to Software Engineering, Springer,
Berlin Heidelberg, 2001, pp. 187200.
S.A. Kokolakis, A.J. Demopoulos, E.A. Kiountouzis, The use of business process modelling in information systems security analysis and design, Inform.
Manage. Comput. Secur. 8 (2000) 107116.
M. Koubarakis, D. Plexousakis, A formal framework for business process modelling and design, Inform. Syst. 27 (2002) 299319.
Y.-F. Kuo, C.-M. Wu, W.-J. Deng, The relationships among service quality, perceived value, customer satisfaction, and post-purchase intention in mobile
value-added services, Comput. Hum. Behav. 25 (2009) 887896.
395
[52] J. Lee, J. Yoon, W. Seo, K. Kim, C.-H. Kim, A fact-oriented ontological approach to human process modeling for knowledge-intensive business services,
Expert Syst. Appl. 38 (2011) 1228112292.
[53] J. Li, M. Li, D. Wu, H. Song, An integrated risk measurement and optimization model for trustworthy software process management, Inf. Sci. 191 (2012)
4760.
[54] N. Li, B.N. Grosof, J. Feigenbaum, Delegation logic: a logic-based approach to distributed authorization, ACM Trans. Inf. Syst. Secur. 6 (2003) 128171.
[55] L. Liu, E. Yu, J. Mylopoulos, Security and privacy requirements analysis within a social setting, in: Requirements Engineering Conference, 2003,
Proceedings. 11th IEEE, International, 2003, pp. 151161.
[56] T. Lodderstedt, D.A. Basin, #252, r. Doser, SecureUML: a UML-based modeling language for model-driven security, in: Proceedings of the 5th
International Conference on The Unied Modeling Language, Springer-Verlag, 2002, pp. 426441.
[57] F.J. Lucas, F. Molina, A. Toval, A systematic review of UML model consistency management, Inf. Softw. Technol. 51 (2009) 16311645.
[58] A. Mana, J.A. Montenegro, C. Rudolph, J.L. Vivas, A business process-driven approach to security engineering, in: 14th International Workshop on
Database and Expert Systems Applications, 2003, Proceedings, 2003, pp. 477481.
[59] R. Matulevicius, N. Mayer, P. Heymans, Alignment of Misuse Cases with Security Risk Management, in: Third International Conference on Availability,
Reliability and Security, 2008, ARES 08, 2008, pp. 13971404.
[60] N. Mayer, E. Dubois, R. Matulevicius, P. Heymans, Towards a measurement framework for security risk management, in: Proceedings of Modeling
Security Workshop, 2008.
[61] N. Mayer, E. Dubois, A. Rifaut, Requirements engineering for improving business/IT alignment in security risk management methods, in: R. Gonalves,
J. Mller, K. Mertins, M. Zelm (Eds.), Enterprise Interoperability II, Springer, London, 2007, pp. 1526.
[62] J. McDermott, C. Fox, Using abuse case models for security requirements analysis, in: Computer Security Applications Conference, 1999, (ACSAC 99)
Proceedings, 15th Annual, 1999, pp. 5564.
[63] N. Melo, M. Pidd, Using component technology to develop a simulation library for business process modelling, Eur. J. Oper. Res. 172 (2006) 163178.
[64] L. Ninghui, J.C. Mitchell, W.H. Winsborough, Design of a role-based trust-management framework, in: IEEE Symposium on Security and Privacy, 2002,
Proceedings, 2002, pp. 114130.
[65] V.T. Nunes, F.M. Santoro, M.R.S. Borges, A context-based model for knowledge management embodied in work processes, Inf. Sci. 179 (2009) 2538
2554.
[66] J.C. Nunnally, Psychometric Theory 3E, Tata McGraw-Hill Education, 2010.
[67] J. Oh, N.W. Cho, H. Kim, Y. Min, S.-H. Kang, Dynamic execution planning for reliable collaborative business processes, Inf. Sci. 181 (2011) 351361.
[68] O. OMG, Unied modeling language (OMG UML), in: Superstructure, 2007. http://doc.omg.org/formal/2007-11-02.pdf.
[69] J. Ram, D. Corkindale, M.-L. Wu, Implementation critical success factors (CSFs) for ERP: do they contribute to implementation success and postimplementation performance?, Int J. Prod. Econ. 144 (2013) 157174.
[70] H.G. Parsa, S. Naipaul, Price-ending strategies and managerial perspectives: a reciprocal phenomenon Part I, J. Serv. Res. 7 (2008) 726.
[71] A. Rodrguez, E. Fernandez-Medina, M. Piattini, A BPMN extension for the modeling of security requirements in business processes, IEICE Trans. Inf.
Syst. E90-D (2007) 745752.
[72] A. Rodrguez, E. Fernndez-Medina, M. Piattini, M-BPSec: a method for security requirement elicitation from a UML 2.0 business process specication,
in: J.-L. Hainaut, E. Rundensteiner, M. Kirchberg, M. Bertolotto, M. Brochhausen, Y.-P. Chen, S.-S. Cher, M. Doerr, H. Han, S. Hartmann, J. Parsons, G.
Poels, C. Rolland, J. Trujillo, E. Yu, E. Zimnyie (Eds.), Advances in Conceptual Modeling Foundations and Applications, Springer, Berlin Heidelberg,
2007, pp. 106115.
[73] A. Rodrguez, E. Fernndez-Medina, J. Trujillo, M. Piattini, Secure business process model specication through a UML 2.0 activity diagram prole,
Decis. Support Syst. 51 (2011) 446465.
[74] A. Rodrguez, I.G.-R.d. Guzmn, E. Fernndez-Medina, M. Piattini, Semi-formal transformation of secure business processes into analysis class and use
case models: an MDA approach, Inf. Softw. Technol. 52 (2010) 945971.
[75] S. Rohrig, S.S. Ag, Using process models to analyze health care security requirements, in: International Conference Advances in Infrastructure for
e-Business, e-Education, e-Science, and e-Medicine on the Internet Italy, 2002.
[76] P.H. Rossi, J.D. Wright, A.B. Anderson, Handbook of Survey Research, Academic Press, New York, 1983.
[77] A. Saboori, C.N. Hadjicostis, Verication of initial-state opacity in security applications of discrete event systems, Inf. Sci. 246 (2013) 115132.
[78] R. Samavi, E. Yu, T. Topaloglou, Strategic reasoning about business models: a conceptual modeling approach, Inform. Syst. eBus. Manage. 7 (2009)
171198.
[79] G. Sindre, A.L. Opdahl, Eliciting security requirements with misuse cases, Requirements Eng. 10 (2005) 3444.
[80] M. Siponen, R. Baskerville, J. Heikka, A design theory for secure information systems design methods, J. Assoc. Inform. Syst. 7 (2006) 725770.
[81] B.C. Stahl, N.F. Doherty, M. Shaw, Information security policies in the UK healthcare sector: a critical evaluation, Inform. Syst. J. 22 (2012) 7794.
[82] M. Strembeck, J. Mendling, Modeling process-related RBAC models with extended UML activity models, Inf. Softw. Technol. 53 (2011) 456483.
[83] H.-H. Tsai, I.-Y. Lu, The evaluation of service quality using generalized Choquet integral, Inf. Sci. 176 (2006) 640663.
[84] G.J. Udo, K.K. Bagchi, P.J. Kirs, Using SERVQUAL to assess the quality of e-learning experience, Comput. Hum. Behav. 27 (2011) 12721283.
[85] A. Ullah, R. Lai, Managing security requirements: towards better alignment between information systems and business, in: 15th Pacic Asia
Conference on Information System (15th PACIS), 2011.
[86] A. van Lamsweerde, E. Letier, Handling obstacles in goal-oriented requirements engineering, IEEE Trans. Softw. Eng. 26 (2000) 9781005.
[87] C. Wolter, M. Menzel, A. Schaad, P. Miseldine, C. Meinel, Model-driven business process security requirement specication, J. Syst. Architect. 55 (2009)
211223.
[88] E. Yu, L. Cysneiros, Designing for privacy and other competing requirements, in: 2nd Symposium on Requirements Engineering for Information
Security (SREIS02), Raleigh, North Carolina, 2002, pp. 1516.
[89] E.S.K. Yu, J. Mylopoulos, From ER to AR modelling strategic actor relationships for business process reengineering, Int. J. Coop. Inform. Syst. 04
(1995) 125144.
[90] M.-X. Zhu, X.-X. Luo, X.-H. Chen, D.D. Wu, A non-functional requirements trade off model in Trustworthy Software, Inf. Sci. 191 (2012) 6175.

Imim 4

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Imim 4

Diunggah oleh

Hak Cipta:

Format Tersedia

Information Sciences 277 (2014) 375395

Contents lists available at ScienceDirect

A novel secure business process modeling approach

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Software development process stages

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Modelling Business Environment Level

Modelling IT Environment Level

Information System (IS) Security Level

(2) Late Requirements Stage

Deriving IS Security Goals & Constraints Step

Dividing Existing Actors into Sub-Actors &

Using the UML Sequence Diagram for Agent

(5) Implementation Stage

Fig. 1. Secure business PM framework approach.

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Fig. 2. Denition of the business environment and assets step.

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

4.1.2. Deriving information system security goals and constraints step

4.2. Late requirements stage

Fig. 3. Derivation of IS security goals and constraints step.

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Share Information Only

Fig. 4. Late requirements stage.

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Plain Text Request

Fig. 6. Sequence diagram for agent interaction.

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

4.5. Implementation stage

Fig. 7. Class diagram for mobile phone order management process.

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Fig. 8. Conceptual research framework evaluation.

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Correlation between item and total

Cronbachs alpha if item deleted

7.2. Bivariate correlation analysis

Correlation is signicant at the 0.01 level (2-tailed).

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

7.2.1. The rst hypothesis (H1)

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

A. Statements on service quality

offer a reasonable price

D. Statements of customer satisfaction

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Y. Alotaibi, F. Liu / Information Sciences 277 (2014) 375395

Anda mungkin juga menyukai