Paper Type
Complete
Paper Number
PACIS2025-1221
Description
This paper explores an interdisciplinary approach leveraging criminology, cybersecurity and business process management (BPM) to re-design processes for cybercrime prevention. Since contemporary business processes face increasing regulatory and policy pressures to consider embedding cybercrime interventions into their design, it is necessary to understand how cybercrimes are developed to introduce appropriate crime-preventing interventions at strategic points within processes. A criminology-based approach could help address these challenges. We identify cybercrime opportunities in processes using Crime Script Analysis and apply Situational Crime Prevention techniques to re-design vulnerable processes. Through design science research methodology, we developed a novel workflow to secure business processes and evaluated it through a case study. Our workflow aligns with the BPM lifecycle and real-world cybercrime prevention initiatives, enhancing the understanding of cybercrime risks in processes while securing processes by reducing cybercrime opportunities and identifying cybersecurity-enhancing patterns. It offers future research opportunities in securing processes and improving cybersecurity through BPM.
Recommended Citation
MIAO, Cheng; HO, Heemeng; Tsen, Elinor; Gilmour, John; and Ko, Ryan, "Re-designing Business Processes for Cyber Resilience: An Approach Based on Crime Script Analysis and Situational Crime Prevention" (2025). PACIS 2025 Proceedings. 18.
https://aisel.aisnet.org/pacis2025/security/security/18
Re-designing Business Processes for Cyber Resilience: An Approach Based on Crime Script Analysis and Situational Crime Prevention
This paper explores an interdisciplinary approach leveraging criminology, cybersecurity and business process management (BPM) to re-design processes for cybercrime prevention. Since contemporary business processes face increasing regulatory and policy pressures to consider embedding cybercrime interventions into their design, it is necessary to understand how cybercrimes are developed to introduce appropriate crime-preventing interventions at strategic points within processes. A criminology-based approach could help address these challenges. We identify cybercrime opportunities in processes using Crime Script Analysis and apply Situational Crime Prevention techniques to re-design vulnerable processes. Through design science research methodology, we developed a novel workflow to secure business processes and evaluated it through a case study. Our workflow aligns with the BPM lifecycle and real-world cybercrime prevention initiatives, enhancing the understanding of cybercrime risks in processes while securing processes by reducing cybercrime opportunities and identifying cybersecurity-enhancing patterns. It offers future research opportunities in securing processes and improving cybersecurity through BPM.
Comments
Security