Security in Process-Aware Information System (PAIS) is critical for almost every organisation and company, as a lack of security measures leads to vulnerabilities that can cause severe financial damage. The survey by Leitner and Rinderle-Ma from 2013 analysed in a systematic literature review the researched security controls in PAIS. The authors identified that the usage of Process Mining may be an emerging topic, so this paper provides a systematic literature review to analyse the advances in Process Mining research for security in PAIS and clusters the results by the security goals that are protected as well as the Process Mining applications and concpets that can be used for security in PAIS.
Table of Contents
1. Introduction
2. Fundamentals
2.1. Process Mining
2.2. Information Security
2.3. Process-Aware Information Systems
3. Related Work
3.1. Survey by Leitner and Rinderle-Ma from 2013
3.2. Other Systematic Literature Reviews
4. Methodology
4.1. Research identification
4.2. Literature Search
4.3. Literature Selection
4.4. Data Extraction
5. Results
5.1. Publication years and sources
5.2. How does Process Mining contribute to security in PAIS?
5.3. Have the research challenges been addressed by recent research?
6. Discussion and Conclusion
6.1. Resume
6.2. Limitations of this review
Objectives and Topics
This study aims to perform an updated systematic literature review regarding the application of Process Mining to enhance security within Process-Aware Information Systems (PAIS), examining relevant research published after 2012.
- Analysis of Process Mining contributions to PAIS security.
- Classification of protected security goals such as Integrity, Confidentiality, and Privacy.
- Evaluation of recurring security concepts like Anomaly Detection and Security Auditing.
- Assessment of how recent literature addresses previously identified research challenges.
- Comparison of publication trends and sources within the security-oriented Process Mining domain.
Excerpt from the Book
2.1 Process Mining
The main idea of Process Mining is to extract knowledge from event logs generated by existing information systems. Because event logs are often stored in an unstructured format, Process Mining uses Data Science approaches to extract the desired information in a format that can easily be analysed by humans.[1] Because Process Mining uses Data Science approaches, such as data mining or machine learning, it can be seen as the bridge between Data Science and Process Science.
Process Mining can be used for
– Process Discovery: The automatic generation of a process model based on the information extracted from an event log.
– Conformance Checking: Compare the event log of a process execution with the formal process model of that process to detect deviations.
– Enhancement: Usage of the actual process execution extracted from the event log to extend or improve an existing process model.
Summary of Chapters
1. Introduction: Presents the motivation for securing PAIS against cyberattacks and identifies Process Mining as a key technology to investigate through an updated literature review.
2. Fundamentals: Defines core terminology including Process Mining, Information Security (CIA-Properties), and Process-Aware Information Systems.
3. Related Work: Summarizes the foundational 2013 survey by Leitner and Rinderle-Ma and contrasts it with other recent systematic literature reviews.
4. Methodology: Details the systematic approach used for research identification, search strings, paper selection criteria, and data extraction methods.
5. Results: Analyzes publication statistics, clusters papers by security goals and concepts, and evaluates progress on identified research challenges.
6. Discussion and Conclusion: Summarizes findings on the current state of research and acknowledges limitations regarding the scope and interpretation of the review.
Keywords
Process Mining, Information Security, Process-Aware Information Systems, Systematic Literature Review, Anomaly Detection, Security Auditing, Data Science, Conformance Checking, GDPR Compliance, Integrity, Confidentiality, Insider Threat Detection.
Frequently Asked Questions
What is the core focus of this research?
The work focuses on reviewing how Process Mining techniques are utilized to improve security within Process-Aware Information Systems (PAIS) based on academic literature published after 2012.
What are the primary themes discussed?
The central themes include the application of process models for security, the classification of security goals like Integrity and Confidentiality, and the technical concepts such as anomaly detection and auditing.
What is the specific research goal?
The primary goal is to update the 2013 systematic literature review by Leitner and Rinderle-Ma to determine the current advances and research directions in applying Process Mining for PAIS security.
Which scientific methodology is employed?
The author conducts a systematic literature review following established guidelines, utilizing IEEE Xplore and Scopus databases to extract and synthesize relevant academic publications.
What does the main body cover?
The main body covers the theoretical foundations, the step-by-step methodology of the literature selection, and a comprehensive classification of recent research papers by their security objectives and methods.
Which keywords categorize this work?
Key terms include Process Mining, Security, PAIS, Systematic Literature Review, Anomaly Detection, and Security Auditing.
How is the security goal 'Integrity' addressed by Process Mining?
Integrity is the most covered goal, primarily addressed through the use of event logs to detect unauthorized data manipulations, insufficient permission usage, or deviations from established process models.
What role does Process Mining play in detecting Insider Threats?
Researchers use Process Mining to establish baseline behavioral routines for employees, allowing for the identification of sudden, malicious deviations that may indicate an insider threat.
Did the survey find that research on this topic is increasing?
Contrary to the assumption that this field is rapidly emerging, the analysis shows that only a few papers are published each year without a clear upward trend.
- Quote paper
- Marlon Müller (Author), 2024, Usage of Process Mining for Security in Process-Aware Information Systems, Munich, GRIN Verlag, https://www.grin.com/document/1499443
