Conceptualizing Business Process Dependencies That Propagate Cyber Risk

Gal Engelberg; Moshe Hadad; Pnina Soffer

doi:10.1007/978-3-031-94590-8_11

Conceptualizing Business Process Dependencies That Propagate Cyber Risk

Department of Information Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

This paper explores the propagation of cyber risks within business processes, addressing the lack of process-awareness in existing research, especially regarding dependencies between process model elements. We propose a conceptualization that incorporates process model elements, dependencies, cyber risk events, and inference rules for capturing cascading effects. The conceptualization covers control flow, data flow, and resource-to-activity dependencies. A proof of concept, analyzing risk propagation in a credit evaluation process, demonstrates how confidentiality, integrity, and availability risks cascade across components. Our findings show how this approach uncovers cascading risks, providing insights for cyber risk assessment in interconnected environments.

Original language	English
Title of host publication	Intelligent Information Systems - CAiSE 2025 Forum and Doctoral Consortium, Proceedings
Editors	Luise Pufahl, Kristina Rosenthal, Sergio España, Selmin Nurcan
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	86-94
Number of pages	9
ISBN (Print)	9783031945892
DOIs	https://doi.org/10.1007/978-3-031-94590-8_11
State	Published - 2025
Event	Forum and the Doctoral Consortium of the 37th International Conference on Advanced Information Systems Engineering, CAiSE 2025 - Vienna, Austria Duration: 16 Jun 2025 → 20 Jun 2025

Publication series

Name	Lecture Notes in Business Information Processing
Volume	557 LNBIP
ISSN (Print)	1865-1348
ISSN (Electronic)	1865-1356

Conference

Conference	Forum and the Doctoral Consortium of the 37th International Conference on Advanced Information Systems Engineering, CAiSE 2025
Country/Territory	Austria
City	Vienna
Period	16/06/25 → 20/06/25

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

Keywords

Risk Assessment
Risk Propagation
Secure Business Process

ASJC Scopus subject areas

Management Information Systems
Control and Systems Engineering
Business and International Management
Information Systems
Modeling and Simulation
Information Systems and Management

Access to Document

10.1007/978-3-031-94590-8_11

Cite this

Engelberg, G., Hadad, M., & Soffer, P. (2025). Conceptualizing Business Process Dependencies That Propagate Cyber Risk. In L. Pufahl, K. Rosenthal, S. España, & S. Nurcan (Eds.), Intelligent Information Systems - CAiSE 2025 Forum and Doctoral Consortium, Proceedings (pp. 86-94). (Lecture Notes in Business Information Processing; Vol. 557 LNBIP). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-94590-8_11

Engelberg, Gal ; Hadad, Moshe ; Soffer, Pnina. / Conceptualizing Business Process Dependencies That Propagate Cyber Risk. Intelligent Information Systems - CAiSE 2025 Forum and Doctoral Consortium, Proceedings. editor / Luise Pufahl ; Kristina Rosenthal ; Sergio España ; Selmin Nurcan. Springer Science and Business Media Deutschland GmbH, 2025. pp. 86-94 (Lecture Notes in Business Information Processing).

@inproceedings{e2317e231bac49108ddc3d8d9060091b,

title = "Conceptualizing Business Process Dependencies That Propagate Cyber Risk",

abstract = "This paper explores the propagation of cyber risks within business processes, addressing the lack of process-awareness in existing research, especially regarding dependencies between process model elements. We propose a conceptualization that incorporates process model elements, dependencies, cyber risk events, and inference rules for capturing cascading effects. The conceptualization covers control flow, data flow, and resource-to-activity dependencies. A proof of concept, analyzing risk propagation in a credit evaluation process, demonstrates how confidentiality, integrity, and availability risks cascade across components. Our findings show how this approach uncovers cascading risks, providing insights for cyber risk assessment in interconnected environments.",

keywords = "Risk Assessment, Risk Propagation, Secure Business Process",

author = "Gal Engelberg and Moshe Hadad and Pnina Soffer",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; Forum and the Doctoral Consortium of the 37th International Conference on Advanced Information Systems Engineering, CAiSE 2025 ; Conference date: 16-06-2025 Through 20-06-2025",

year = "2025",

doi = "10.1007/978-3-031-94590-8\_11",

language = "English",

isbn = "9783031945892",

series = "Lecture Notes in Business Information Processing",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "86--94",

editor = "Luise Pufahl and Kristina Rosenthal and Sergio Espa{\~n}a and Selmin Nurcan",

booktitle = "Intelligent Information Systems - CAiSE 2025 Forum and Doctoral Consortium, Proceedings",

address = "Germany",

}

Engelberg, G , Hadad, M & Soffer, P 2025, Conceptualizing Business Process Dependencies That Propagate Cyber Risk. in L Pufahl, K Rosenthal, S España & S Nurcan (eds), Intelligent Information Systems - CAiSE 2025 Forum and Doctoral Consortium, Proceedings. Lecture Notes in Business Information Processing, vol. 557 LNBIP, Springer Science and Business Media Deutschland GmbH, pp. 86-94, Forum and the Doctoral Consortium of the 37th International Conference on Advanced Information Systems Engineering, CAiSE 2025, Vienna, Austria, 16/06/25. https://doi.org/10.1007/978-3-031-94590-8_11

Conceptualizing Business Process Dependencies That Propagate Cyber Risk. / Engelberg, Gal ; Hadad, Moshe ; Soffer, Pnina.
Intelligent Information Systems - CAiSE 2025 Forum and Doctoral Consortium, Proceedings. ed. / Luise Pufahl; Kristina Rosenthal; Sergio España; Selmin Nurcan. Springer Science and Business Media Deutschland GmbH, 2025. p. 86-94 (Lecture Notes in Business Information Processing; Vol. 557 LNBIP).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Conceptualizing Business Process Dependencies That Propagate Cyber Risk

AU - Engelberg, Gal

AU - Hadad, Moshe

AU - Soffer, Pnina

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025

Y1 - 2025

N2 - This paper explores the propagation of cyber risks within business processes, addressing the lack of process-awareness in existing research, especially regarding dependencies between process model elements. We propose a conceptualization that incorporates process model elements, dependencies, cyber risk events, and inference rules for capturing cascading effects. The conceptualization covers control flow, data flow, and resource-to-activity dependencies. A proof of concept, analyzing risk propagation in a credit evaluation process, demonstrates how confidentiality, integrity, and availability risks cascade across components. Our findings show how this approach uncovers cascading risks, providing insights for cyber risk assessment in interconnected environments.

AB - This paper explores the propagation of cyber risks within business processes, addressing the lack of process-awareness in existing research, especially regarding dependencies between process model elements. We propose a conceptualization that incorporates process model elements, dependencies, cyber risk events, and inference rules for capturing cascading effects. The conceptualization covers control flow, data flow, and resource-to-activity dependencies. A proof of concept, analyzing risk propagation in a credit evaluation process, demonstrates how confidentiality, integrity, and availability risks cascade across components. Our findings show how this approach uncovers cascading risks, providing insights for cyber risk assessment in interconnected environments.

KW - Risk Assessment

KW - Risk Propagation

KW - Secure Business Process

UR - https://www.scopus.com/pages/publications/105008664835

U2 - 10.1007/978-3-031-94590-8_11

DO - 10.1007/978-3-031-94590-8_11

M3 - Conference contribution

AN - SCOPUS:105008664835

SN - 9783031945892

T3 - Lecture Notes in Business Information Processing

SP - 86

EP - 94

BT - Intelligent Information Systems - CAiSE 2025 Forum and Doctoral Consortium, Proceedings

A2 - Pufahl, Luise

A2 - Rosenthal, Kristina

A2 - España, Sergio

A2 - Nurcan, Selmin

PB - Springer Science and Business Media Deutschland GmbH

T2 - Forum and the Doctoral Consortium of the 37th International Conference on Advanced Information Systems Engineering, CAiSE 2025

Y2 - 16 June 2025 through 20 June 2025

ER -

Engelberg G , Hadad M , Soffer P. Conceptualizing Business Process Dependencies That Propagate Cyber Risk. In Pufahl L, Rosenthal K, España S, Nurcan S, editors, Intelligent Information Systems - CAiSE 2025 Forum and Doctoral Consortium, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 86-94. (Lecture Notes in Business Information Processing). doi: 10.1007/978-3-031-94590-8_11

Conceptualizing Business Process Dependencies That Propagate Cyber Risk

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this