Using Value Models for Business Risk Analysis in e-Service Networks

Dan Ionita, Roelf J. Wieringa, Lars Wolos, Jaap Gordijn, Wolter Pieters

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    6 Citations (Scopus)

    Abstract

    Commercially provided electronic services commonly operate on top of a complex, highly-interconnected infrastructure, which provides a multitude of entry points for attackers. Providers of e-services also operate in dynamic, highly competitive markets, which provides fertile ground for fraud. Before a business idea to provide commercial e-services is implemented in practice, it should therefore be analysed on its fraud potential. This analysis is a risk assessment process, in which risks are ordered on severity and the unacceptable ones are mitigated. Mitigations may consist of changes in the e-service network to reduce the attractiveness of fraud for the fraudster, or changes in coordination process steps or IT architecture elements to make fraud harder or better detectable. We propose to use e3value business value models for the identification and quantification of risks associated with e-service packages. This allows for impact estimation as well as understanding the attacker’s business cases. We show how the e3value ontology — with minimal extensions – can be used to analyse known telecommunication fraud scenarios. We also show how the approach can be used to quantify infrastructure risks. Based on the results, as well as feedback from practitioners, we discuss the scope and limits of generalizability of our approach.
    Original languageUndefined
    Title of host publication8th IFIP WG 8.1. Working Conference on the Practice of Enterprise Modelling, PoEM 2015
    EditorsJolita Ralyté, Sergio España, Oscar Pastor
    Place of PublicationBerlin
    PublisherSpringer
    Pages239-253
    Number of pages15
    ISBN (Print)978-3-319-25896-6
    DOIs
    Publication statusPublished - 12 Nov 2015
    Event8th IFIP WG 8.1. Working Conference on the Practice of Enterprise Modelling, PoEM 2015 - Valencia, Spain
    Duration: 10 Nov 201512 Nov 2015
    Conference number: 8

    Publication series

    NameLecture Notes in Business Information Processing
    PublisherSpringer Verlag
    Volume235
    ISSN (Print)1865-1348

    Conference

    Conference8th IFIP WG 8.1. Working Conference on the Practice of Enterprise Modelling, PoEM 2015
    Abbreviated titlePoEM
    CountrySpain
    CityValencia
    Period10/11/1512/11/15

    Keywords

    • SCS-Cybersecurity
    • EWI-26389
    • EC Grant Agreement nr.: FP7/2007-2013
    • EC Grant Agreement nr.: FP7/318003
    • Governance and control
    • IR-97943
    • Value modelling
    • E-Services
    • Fraud
    • METIS-312745
    • Risk

    Cite this

    Ionita, D., Wieringa, R. J., Wolos, L., Gordijn, J., & Pieters, W. (2015). Using Value Models for Business Risk Analysis in e-Service Networks. In J. Ralyté, S. España, & O. Pastor (Eds.), 8th IFIP WG 8.1. Working Conference on the Practice of Enterprise Modelling, PoEM 2015 (pp. 239-253). (Lecture Notes in Business Information Processing; Vol. 235). Berlin: Springer. https://doi.org/10.1007/978-3-319-25897-3_16