Abstract
Introduction of workflow management systems (WMS) in organisations implies various information concerning employees’ productivity and performance to be generated and available on computer systems with extensive capabilities for exploitation of this personal information. In this chapter we will consider the privacy problems concerning personal information that arise by an introduction of WMS. We will show that these problems concern information misuse in general and that WMS also provide means to solve this problem. Hence, we will not consider IT security concerning confidentiality, integrity and availability of WMS, i.e. workflow services and data. Appropriate solutions for these basic security issues are well known and available by traditional means of IT security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Born, E., Stiegler, H., Discretionary access control by means of usage conditions, in Computers & Security, vol. 13, 1994, no. 5, pp. 437–450.
Davis, G.B., Olson, M. H., Management Information Systems, Conceptual Foundations, Structure and Development, McGraw-Hill, New York, USA, 1985.
Dobson, J., A Methodology for Analysing Human and Computer-Related Issues in Secure Systems, IFIP International Conference on Computer Security and Information Integrity, 1991, pp. 151–170.
ECMA, Standard ECMA–138 — Security in Open Systems — Data Elements and Service Definitions. Standard ECMA–138, European Computer Manufacturers Association (ECMA), 1989.
Eloff, J.H.P., Holbein R., Teufel S., Security Classification for Documents, will be published in Computersamp;Security, 1995.
Ferstl, O.K., Sinz, E.J., Geschäftsprozessmodellierung. Wirtschaftsinformatik, vol. 6 /93, 1993, pp. 589–592.
Fites, P.E., Kratz, M.P.J., Brebner, A.F., Control and Security of Computer Information Systems. Rockville, Computer Science Press, Inc., 1989.
Gollmann, D., Beth, T., Damm, F., Authentication Services in Distributed Systems. Computer & Security, vol. 12 /93, 1993, pp. 753–764.
Gurbaxani, V., Whang, S., The Impact of Information Systems on Organizations and Markets. Communications of the ACM, vol. 34, 1991, no. 1, pp. 59–73.
Hofmann, H.F., Holbein, R., Reaching out for Quality: Considering Security Requirements in the Design of Information Systems. International Conference on Advanced Information System Engineering CAISE 94, Utrecht, Netherlands, 1994, pp. 105–118.
Holbein, R., Teufel, S., Bauknecht, K., A Formal Security Design Approach for Information Exchange in Organisations. IFIP WG11.3 Ninth Annual Working Conference on Database Security, Rensselaerville, N.Y., USA, Aug. 1995, Rensselearville, N.Y., USA, 1995.
Holbein, R., Teufel, S., A Security Service for Role Based Access Controls in Distributed Systems. IFIP TC11 Eleventh International Conference on Computer Security SEC95, South Africa, 1995, pp. 270–285.
Horster, P., Sicherheitsmechanismen. Datenschutz und Datensicherung, vol. 9 /93, 1993, pp. 511–520.
ISO, ISO 10181–3: Information technology — Open Systems Interconnection — Security frameworks in open systems — Part 3: Access Control. ISO/IEC DIS 10181–3, International Organisation for Standardization ISO, 1991.
Jonscher, D., Dittrich, K.R., A Formal Security Model Based on an Object-Oriented Data Model. 93.41, University of Zurich, Department of Computer Science, 1993.
Dittrich, K.R., Jonscher, D., Realisierung von Sicherheitsstrategien mit Hilfe flexibler Zugriffskontrollmechanismen. Fachtung Sicherheit in Informationssystemen, Zürich, vdf Verlag, 1994, pp. 23–52.
Kanungo, S., Identity Authentication in Heterogenous Computing Environments: A Comparative Study for an Integrated Framework. Computers & Security, vol. 13, 1994, no. 3, pp. 231–253.
Kuhlen, R., The pragmatic added-value of information. Language games with basic concepts from information science. Report 1/89, University of Constance, 1989.
Lawrence, L.G., The Role of Roles. Computers & Security, vol. 12 /93, 1993, pp. 15–21.
Mohammed, I., Dilts, D.M., Design for dynamic user-role-based security. Computers & Security, vol. 13, no. 8, 1994, pp. 661–671.
Martin, M., Dobson, J., Enterprise Modeling and Security Policies. IFIP Database Security, IV: Status and Prospects, Elsevier Science Publishers B.V., 1991, pp. 117–149.
Medina-Mora, R., Winograd, R., Flores, R., et al., The Action Workflow Approach to Workflow Management Technology. Proceeding of the ACM Conference on Computer Supported Cooperative Work, Toronto, 1992, pp. 281–288.
Molva, R., Tsudik, G., Van Herreweghen, E., et al., KryptoKnight Authentication and Key Distribution System. Computer Security — ESORICS 92, Toulouse, France, Springer Verlag, 1992, pp. 155–174.
Pottas, D., Solms, S.H., MAPS — Model for Automated Profile Specification. IFIP TC 11 Eighth International Conference on Information Security, Singapore, Elsevier Science Publishers B.V., 1992, pp. 113–126.
Rabitti, F., Bertino, E., Kim, W., et al., A Model of Authorization for Next-Generation Database Systems. ACM Transactions on Database Systems, vol. 16, no. 1, 1991, pp. 88–131.
Robinson, C.L., Wiseman, S.R., A Consideration of the Modes of Operation for Secure Systems. Computer Security — ESORICS 94 Third European Symposium on Research in Computer Security, Brighton, United Kingdom, Springer Verlag, 1994, pp. 335–356.
Scherr 1993] Scherr, A.L., A New Approach To Business Processes. IBM Systems Journal, vol. 32, 1993, no. 1, pp. 80–98.
Scott Morton, M.S., (eds.), The coporation of the 1990’s. Information technology and organizational change. New York/Oxford, Oxford university press, 1991.
Smith, H.J., Privacy Policies and Practices: Inside the Organisational Maze. Communications of the ACM, vol. 36, no. 12, Business Computing, 1993, pp. 105–122.
Smith, M., Document Security. In: K.M. Jackson, J. Hruska and D.B. Parker (eds.), Computer Security Reference Book Oxford, Butterworth-Heinemann Ltd, 1992, pp. 333–347.
Steiner, J.G., Newman, C., Schiller J.I., Kerberos: An Authentication Service for Open Network Systems. UNIX Security Workshop USENIX, Portland, OR, 1988.
Strack, H., Lam, K.-Y., Context-Dependent Access Control in Distributed Systems. IFIP/SEC93, 9th International Computer Security Symposium and Exhibition, Toronto, Kanada, Elsevier Publishers, 1993.
Ting, T.C., Demurjian, S.A., Hu, M.-Y., A Specification Methodolgy for User-Role Based Security in an Object-Oriented Design Model. IFIP WG 11.3 Sixth Working Conference on Database Security, Simon Fraser University Burnaby, Vancouver, British Columbia, 1992, pp. 351–378.
Winograd, T., F. Flores, Understanding Computers and Cognition. Norwood, New Jersey, Ablex Publishing Corp., 1986.
Winograd, T., A Language/Action Perspective on the Design of Cooperative Work. In: R. Greif (eds.), Computer Supported Cooperative Work: A Book of Readings Morgan Kaufmann Publishers, 1988, pp. 623–653.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1996 Friedr. Vieweg & Sohn Verlagsgesellschaft mbH, Braunschweig/Wiesbaden
About this chapter
Cite this chapter
Bauknecht, K., Holbein, R. (1996). Workflow-Management-Systems: Source and Solution of Privacy Problems in Organisations. In: Ă–sterle, H., Vogler, P. (eds) Praxis des Workflow-Managements. Vieweg+Teubner Verlag, Wiesbaden. https://doi.org/10.1007/978-3-322-84940-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-322-84940-3_15
Publisher Name: Vieweg+Teubner Verlag, Wiesbaden
Print ISBN: 978-3-322-84941-0
Online ISBN: 978-3-322-84940-3
eBook Packages: Springer Book Archive