Biblio

In the existing situation, most of the business process are running through web applications. This helps the enterprises to grow their business efficiently which creates a good consumer relationship. But the main problem is that they failed to provide a vulnerable free environment. To overcome this issue in web applications, vulnerability assessment should be made periodically. They are many vulnerability assessment methodologies which occur earlier are not much proactive. So, machine learning is needed to provide a combined solution to determine vulnerability occurrence and percentage of vulnerability occurred in logical web pages. We use Decision Tree and Bayesian Belief Network (BBN) as a collective solution to find either vulnerability occur in web applications and the vulnerability occurred percentage on different logical web pages.

Manufacturing enterprises are constantly exploring new ways to improve their own production processes to address the increasing demand of customized production. However, such enterprises show a low degree of flexibility, which mainly results from the need to configure new production equipment at design and run time. In this paper we propose self-adaptation as an approach to improve data transmission flexibility in Industry 4.0 environments. We implement an autonomic manager using a generic autonomic management framework, which applies the most appropriate data transmission configuration based on security and business process related requirements, such as performance. The experimental evaluation is carried out in a MQTT infrastructure and the results show that using self-adaptation can significantly improve the trade-off between security and performance. We then propose to integrate anomaly detection methods as a solution to support self-adaptation by monitoring and learning the normal behavior of an industrial system and show how this can be used by the generic autonomic management framework.

The traditional logistics transaction lacks a perfect traceability mechanism, and the data information's integrity and safety are not guaranteed in the existing traceability system. In order to solve the problem of main body responsibility caused by the participation of many stakeholders and the uncompleted supervision system in the process of logistics service transaction, This paper proposes a traceability algorithm for logistics service transactions based on blockchain. Based on the logistics service supply chain and alliance chain, the paper firstly investigates the traditional logistics service supply chain, analyzes the existing problems, and combines the structural characteristics of the blockchain to propose a decentralized new logistics service supply chain concept model based on blockchain. Then, using Globe sandara 1 to standardize the physical products and data circulating in the new logistics service supply chain, form unified and standard traceable data, and propose a multi-dimensional traceable data model based on logistics service supply chain. Based on the proposed model, combined with the business process of the logistics service supply chain and asymmetric encryption, a blockchain-based logistics service transaction traceability algorithm is designed. Finally, the simulation results show that the algorithm realizes the end-to-end traceability of the logistics service supply chain, and the service transaction is transparent while ensuring the integrity and security of the data.

The article deals with the aspects of IT-security of business processes, using a variety of methodological tools, including Integrated Management Systems. Currently, all IMS consist of at least 2 management systems, including the IT-Security Management System. Typically, these IMS cover biggest part of the company business processes, but in practice, there are examples of different scales, even within a single facility. However, it should be recognized that the total number of such projects both in the Russian Federation and in the World is small. The security of business processes will be considered on the example of the incident of Norsk Hydro. In the article the main conclusions are given to confirm the possibility of security, continuity and recovery of critical business processes on the example of this incident.

Security-sensitive workflows impose constraints on the control-flow and authorization policies that may lead to unsatisfiable instances. In these cases, it is still possible to find "least bad" executions where costs associated to authorization violations are minimized, solving the so-called Multi-Objective Workflow Satisfiability Problem (MO-WSP). The MO-WSP is inspired by the Valued WSP and its generalization, the Bi-Objective WSP, but our work considers quantitative solutions to the WSP without abstracting control-flow constraints. In this paper, we define variations of the MO-WSP and solve them using bounded model checking and optimization modulo theories solving. We validate our solutions on real-world workflows and show their scalability on synthetic instances.

Every company will largely depend on other companies. This will help unite a large business process. Risks that arise from other companies will affect the business performance of a company. Because of this, the right choice for suppliers is crucial. Each vendor has different characteristics. Everything is not always suitable basically the selection process is quite complex and risky. This has led to a new case study which has been studied for years by researchers known as Supplier Selection Problems. Selection of vendors with multi-criteria decision making has been widely studied over years ago. The Best Worst Method is a new science in Multi-Criteria Decision Making (MCDM) determination. In this research, taking case study at XYZ company is in Indonesia which is engaged in mining and industry. The research utilized the transaction data that have been recorded by the XYZ company and analyzed vendor valuation. The weighting of Best Worst Method is calculated based on vendor assessment result. The results show that XYZ company still focuses on Price as its key criteria.

Every so often papers are published presenting a new extension for modelling cyber security requirements in Business Process Model and Notation (BPMN). The frequent production of new extensions by experts belies the need for a richer and more usable representation of security requirements in BPMN processes. In this paper, we present our work considering an analysis of existing extensions and identify the notational issues present within each of them. We discuss how there is yet no single extension which represents a comprehensive range of cyber security concepts. Consequently, there is no adequate solution for accurately specifying cyber security requirements within BPMN. In order to address this, we propose a new framework that can be used to extend, visualise and verify cyber security requirements in not only BPMN, but any other existing modelling language. The framework comprises of the three core roles necessary for the successful development of a security extension. With each of these being further subdivided into the respective components each role must complete.