Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business Processes
Business Impact Analysis (BIA) assesses the effects of cyberattacks on critical business processes and IT assets. Traditional BIAs are manual, relying on consultants to interview employees, which can be inefficient and error-prone. Process mining, an established field in business management, offers...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10807219/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849220002751709184 |
|---|---|
| author | Melina Raptaki George Stergiopoulos Dimitris Gritzalis |
| author_facet | Melina Raptaki George Stergiopoulos Dimitris Gritzalis |
| author_sort | Melina Raptaki |
| collection | DOAJ |
| description | Business Impact Analysis (BIA) assesses the effects of cyberattacks on critical business processes and IT assets. Traditional BIAs are manual, relying on consultants to interview employees, which can be inefficient and error-prone. Process mining, an established field in business management, offers automated techniques to map business processes via log analysis. While research on integrating process mining with business process management is growing, its application in cybersecurity risk management remains limited. This paper introduces PRIA (PRocess Impact Analysis), an event log analysis method for automatic cybersecurity impact assessment on business processes. PRIA leverages (i) process mining to extract data from ERP/CRM systems, (ii) graph-theoretic analysis to quantify impact propagation, and (iii) outputs an assessment of the criticality and exposure of IT assets and processes to cyber incidents. Applied to a financial sector supply chain workflow, PRIA identified two key sub-processes directly from event logs and highlighted process vulnerabilities, including deviations from theoretical models, validated by company employees. Depending on the initial intrusion point, PRIA found 25–75% of process activities critically impacted, uncovering new attack paths and business impacts previously undetected by manual assessments. |
| format | Article |
| id | doaj-art-4ee2fda4e0b64b8f937b56429aafc5dc |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-4ee2fda4e0b64b8f937b56429aafc5dc2024-12-25T00:01:39ZengIEEEIEEE Access2169-35362024-01-011219432219433910.1109/ACCESS.2024.352042010807219Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business ProcessesMelina Raptaki0https://orcid.org/0009-0003-9058-8628George Stergiopoulos1https://orcid.org/0000-0002-5336-6765Dimitris Gritzalis2https://orcid.org/0000-0002-7793-6128Department of Informatics, Athens University of Economics and Business (AUEB), Athens, GreeceDepartment of Information and Communication Systems Engineering, University of the Aegean, Mitilini, Samos, GreeceDepartment of Informatics, Athens University of Economics and Business (AUEB), Athens, GreeceBusiness Impact Analysis (BIA) assesses the effects of cyberattacks on critical business processes and IT assets. Traditional BIAs are manual, relying on consultants to interview employees, which can be inefficient and error-prone. Process mining, an established field in business management, offers automated techniques to map business processes via log analysis. While research on integrating process mining with business process management is growing, its application in cybersecurity risk management remains limited. This paper introduces PRIA (PRocess Impact Analysis), an event log analysis method for automatic cybersecurity impact assessment on business processes. PRIA leverages (i) process mining to extract data from ERP/CRM systems, (ii) graph-theoretic analysis to quantify impact propagation, and (iii) outputs an assessment of the criticality and exposure of IT assets and processes to cyber incidents. Applied to a financial sector supply chain workflow, PRIA identified two key sub-processes directly from event logs and highlighted process vulnerabilities, including deviations from theoretical models, validated by company employees. Depending on the initial intrusion point, PRIA found 25–75% of process activities critically impacted, uncovering new attack paths and business impacts previously undetected by manual assessments.https://ieeexplore.ieee.org/document/10807219/Cybersecuritybusiness impact analysisimpact propagationprocess mining |
| spellingShingle | Melina Raptaki George Stergiopoulos Dimitris Gritzalis Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business Processes IEEE Access Cybersecurity business impact analysis impact propagation process mining |
| title | Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business Processes |
| title_full | Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business Processes |
| title_fullStr | Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business Processes |
| title_full_unstemmed | Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business Processes |
| title_short | Automated Event Log Analysis With Causal Dependency Graphs for Impact Assessment of Business Processes |
| title_sort | automated event log analysis with causal dependency graphs for impact assessment of business processes |
| topic | Cybersecurity business impact analysis impact propagation process mining |
| url | https://ieeexplore.ieee.org/document/10807219/ |
| work_keys_str_mv | AT melinaraptaki automatedeventloganalysiswithcausaldependencygraphsforimpactassessmentofbusinessprocesses AT georgestergiopoulos automatedeventloganalysiswithcausaldependencygraphsforimpactassessmentofbusinessprocesses AT dimitrisgritzalis automatedeventloganalysiswithcausaldependencygraphsforimpactassessmentofbusinessprocesses |