Using Business Process Model Awareness to improve Stakeholder Participation in Information Systems Security Risk Management Processes

The present paper examines stakeholders’ business process model awareness to measure and improve stakeholder participation in information systems security risk management (ISRM) via a multi-method research study at the organizational level. Organizational stakeholders were interviewed to gain an understanding of their awareness of business processes and related security requirements in the context of an ongoing ISRM process. The research model was evaluated in four case studies. The findings indicate that stakeholders’ awareness of business process models contributed to an improved ISRM process, better alignment to the business environment and improved elicitation of security requirements. Following current research that considers users as the most important resource in ISRM, this study highlights the importance of involving appropriate stakeholders at the right time during the ISRM process and provides risk managers with decision support for the prioritization of stakeholder participation during ISRM processes to improve results and reduce overhead.