Business Process Model and Notation for Forensic-Ready Software Systems

• Authors: DAUBNER Lukáš; MATULEVIČIUS Raimundas; BÜHNOVÁ Barbora; PITNER Tomáš
• Year of publication: 2022
• Type: Article in Proceedings
• Conference: Proceedings of the 17th International Conference on Evaluation of Novel Approaches to Software Engineering
• MU Faculty or unit: Faculty of Informatics
• Web: https://www.scitepress.org/PublicationsDetail.aspx?ID=WfdKUNdsvxM=
• Doi: http://dx.doi.org/10.5220/0011041000003176
• Keywords: Forensic Readiness; Forensic-Ready Software Systems; Modelling; BPMN; Software Design
• Description: The design and development of secure systems is an important and challenging task. However, such systems should also be prepared for eventual disputes or occurrences of a security incident. To solve this, forensic-ready software systems are, by-design, prepared to assist in the forensic investigation and to provide on-point data with high evidentiary value. However, software engineering support for the systematic development of such software systems is rather sparse. This paper tackles the problem by introducing novel modelling notation, called BPMN for Forensic-Ready Software Systems (BPMN4FRSS), including its syntax and semantics. The notation aims to capture the forensic-ready controls and enable reasoning over them, primarily focusing on potential digital evidence. Importantly, it is made to support forensic readiness oriented risk management decisions. The approach is then demonstrated in a scenario where the controls, which mitigate security and business risks, are properly rep resented.

Related projects

• CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence