Abstract: Business Process Management (BPM) is a management approach to discover, analyze, redesign, execute and monitor business processes. Implementing BPM concepts help and benefit organizations by increasing their productivity, achieving their strategies and operational excellence, and saving costs. Rosemann et al. identify business process transparency as one of the key values of BPM, and essential to achieving other BPM benefits. Business process transparency provides visibility about how operations/activities are conducted in a detailed way, sometimes with technical details, within an organization; which facilitates the identification of structural issues of the process model. A conducted content analysis of the literature shows that fraudsters have leveraged structural issues of the business process model to commit fraud. Such fraud can be labeled as a Business Process Attack (BPA). In analogy to information system security attack, BPA can be defined as the exploitation of a vulnerability in a business process model to commit fraudulent activities that influence the business negatively such as achieving invalid or unwanted results. This research aims to investigate the relationship between the degree of business process transparency and exposure to BPA. If the relationship is positive, appropriate security controls shall be implemented on the business process transparency to avoid BPA. The main research question is: What is the relationship between an organization's degree of business process transparency and exposure to BPA. A quantitative research method is employed to measure and understand the impact of business process transparency on BPA. An experiment is designed and conducted to assess the awareness of the existence of vulnerabilities in various process models and how to exploit them to commit BPA. Results show that there is a positive significant relationship between increased business process transparency and exposure to BPA. This research contributes towards understanding and highlights the negative impact of business process transparency, which motivates researchers to investigate this phenomenon and find appropriate solutions.

Alhanouf Aldayel and Ahmad Alturki, “An Empirical Investigation of the Relationship Between Business Process Transparency and Business Process Attack” International Journal of Advanced Computer Science and Applications(IJACSA), 12(4), 2021. http://dx.doi.org/10.14569/IJACSA.2021.0120468

@article{Aldayel2021,
title = {An Empirical Investigation of the Relationship Between Business Process Transparency and Business Process Attack},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2021.0120468},
url = {http://dx.doi.org/10.14569/IJACSA.2021.0120468},
year = {2021},
publisher = {The Science and Information Organization},
volume = {12},
number = {4},
author = {Alhanouf Aldayel and Ahmad Alturki}
}