Automated cybersecurity impact propagation across business processes using process mining techniques

https://m2.mtmt.hu/ hun 2026-06-25 04:29 JournalArticle 36147531 APPROVED true 0 false 2025-05-17T18:07:17.861+0000 2025-05-17T18:06:02.049+0000 2025-05-17T18:05:56.892+0000 true 10036343 Bognár Ferenc /api/author/10036343 Author Bognár Ferenc (gazdálkodás és szervezéstudományok) true 10036343 2025-05-17T18:05:57.646+0000 2025-05-17T18:05:57.646+0000 false false true 24 24 /api/publicationtype/24 PublicationType Folyóiratcikk 1 true 24 JournalArticle true 10000059 Article true 24 24 /api/publicationtype/24 PublicationType Folyóiratcikk 1 true 24 JournalArticle /api/subtype/10000059 Szakcikk SubType Szakcikk (Folyóiratcikk) 101 true 10000059 true 1 /api/category/1 Category Tudományos true 1 Raptaki, Melina Automated cybersecurity impact propagation across business processes using process mining techniques true true /api/journal/10011557 REVIEWED INTERNATIONAL JOURNAL OF INFORMATION SECURITY 1615-5262 1615-5270 true false 10011557 false 10011557 true 1615-5262 1615-5270 Journal FOREIGN 24 3 1 17 129 1, 129 17 2025 Business Impact Analysis (BIA) evaluates how cyberattacks affect essential business processes and IT assets. Traditionally conducted through manual interviews by consultants, this approach is often inefficient and prone to errors and omissions. In this paper, we present an automated methodology leveraging process mining to assess the impact of cybersecurity incidents on business processes. This methodology extracts event logs from information systems to construct business dependency graphs, quantify impact propagation across them, and integrate cybersecurity risk inputs from security officers. Tested on procurement workflows for an international transportation company, and compared with established baselines as well as the insight and knowledge of the company itself, our methodology proved to be effective at identifying risks stemming from a cybersecurity incident without significant labor, as well as uncovering high-risk paths that weren’t yet identified, resulting in actionable insights. This is an extended and revised version of this methodology, evaluated with an extensive case study encompassing a company’s BIA, historical data and expert opinion, first presented in Raptaki (IEEE Access 12: 194322–194339, 2024). true true 2025 true true true false false false NONE 2025-05-17 false 0 0 0 0 0 0 0 0 0 0 0 0 1 1 Q1 B nemzetközi false false false false 2025-08-15T18:05:57.455+0000 2 9 0 3 0 true Language 10002 /api/language/10002 Angol Angol English true 2 true PersonAuthorship 126590038 /api/authorship/126590038 Raptaki, Melina 1 0.33333334 true false false Raptaki Melina true false false AuthorshipType 1 /api/authorshiptype/1 Szerző 0 true 0 true false true PersonAuthorship 126590039 /api/authorship/126590039 Stergiopoulos, George 2 0.33333334 false false false Stergiopoulos George true false false AuthorshipType 1 /api/authorshiptype/1 Szerző 0 true 0 true false true PersonAuthorship 126590040 /api/authorship/126590040 Gritzalis, Dimitris 3 0.33333334 false true false Gritzalis Dimitris true false false AuthorshipType 1 /api/authorshiptype/1 Szerző 0 true 0 true false true PublicationIdentifier 29384214 /api/publicationidentifier/29384214 DOI: 10.1007/s10207-025-01040-0 PlainSource 6 /api/publicationsource/6 DOI PublicationSourceType 10001 /api/publicationsourcetype/10001 DOI true true true DOI DOI https://doi.org/@@@ true true 6 true 10.1007/s10207-025-01040-0 https://doi.org/10.1007/s10207-025-01040-0 false true PublicationIdentifier 29384215 /api/publicationidentifier/29384215 Egyéb URL: https://link.springer.com/10.1007/s10207-025-01040-0 PlainSource 40 /api/publicationsource/40 Egyéb URL PublicationSourceType 10006 /api/publicationsourcetype/10006 Link true true true Egyéb URL Other URL @@@ true true 40 true https://link.springer.com/10.1007/s10207-025-01040-0 https://link.springer.com/10.1007/s10207-025-01040-0 false true MtaRating 11507678 /api/mtarating/11507678 IX. Hadtudományi Bizottság:B nemzetközi INTERNATIONAL JOURNAL OF INFORMATION SECURITY 1615-5262 1615-5270 RatingType 10014 /api/ratingtype/10014 IX. Hadtudományi Bizottság HTB Institute 14096 /api/institute/14096 Hadtudományi Bizottság IXGJO HTB [1901-] 0 false true Hadtudományi Bizottság Hadtudományi Bizottság true 14096 true true true B nemzetközi false true SjrRating 11567880 /api/sjrrating/11567880 sjr:Q2 (2025) Scopus - Computer Networks and Communications INTERNATIONAL JOURNAL OF INFORMATION SECURITY 1615-5262 1615-5270 115 0.49 journal RatingType 10002 /api/ratingtype/10002 sjr sjr true true ClassificationExternal 1705 /api/classificationexternal/1705 Scopus - Computer Networks and Communications true 1705 true Q2 FROM_LAST_YEAR true true Reference 65869684 /api/reference/65869684 1. Raptaki, M., Stergiopoulos, G., Gritzalis, D.: Automated event log analysis with causal dependency graphs for impact assessment of business processes. IEEE Access 12, 194322–194339 (2024). https://doi.org/10.1109/ACCESS.2024.3520420, DOI: 10.1109/ACCESS.2024.3520420 1 10.1109/ACCESS.2024.3520420 false true Reference 65869685 /api/reference/65869685 2. ISO/TS 22317:2021, Security and resilience — business continuity management systems — guidelines for business impact analysis, 2021 2 false true Reference 65869686 /api/reference/65869686 3. NIST SP, Managing information security risk: organization, mission, and information system view. National Institute of Standards and Technology, Gaithersburg, MD, NIST SP 800–39, 2011. https://doi.org/10.6028/NIST.SP.800-39, DOI: 10.6028/NIST.SP.800-39 3 10.6028/NIST.SP.800-39 false true Reference 65869687 /api/reference/65869687 4. Syalim, A., Hori, Y., Sakurai, K.: Comparison of risk analysis methods: mehari, magerit, NIST800–30 and microsoft’s security management guide. In 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan: IEEE, 2009, pp. 726–731. https://doi.org/10.1109/ARES.2009.75, DOI: 10.1109/ARES.2009.75 4 10.1109/ARES.2009.75 false true Reference 65869688 /api/reference/65869688 5. Xu, L.D., Xu, E.L., Li, L.: Industry 4.0: state of the art and future trends. Int. J. Prod. Res. 56(8), 2941–2962 (2018). https://doi.org/10.1080/00207543.2018.1444806, DOI: 10.1080/00207543.2018.1444806 5 10.1080/00207543.2018.1444806 false true Reference 65869689 /api/reference/65869689 6. Schulte, S., Janiesch, C., Venugopal, S., Weber, I., Hoenisch, P.: Elastic business process management: state of the art and open challenges for BPM in the cloud. Future Gener. Comput. Syst. 46, 36–50 (2015). https://doi.org/10.1016/j.future.2014.09.005, DOI: 10.1016/j.future.2014.09.005 6 10.1016/j.future.2014.09.005 false true Reference 65869690 /api/reference/65869690 7. Tupa, J., Steiner, F.: Industry 4.0 and business process management. Teh. Glas. 13(4), 349–355 (2019). https://doi.org/10.31803/tg-20181008155243, DOI: 10.31803/tg-20181008155243 7 10.31803/tg-20181008155243 false true Reference 65869691 /api/reference/65869691 8. Van Der Aalst, W.: Process Mining. Berlin, Heidelberg: Springer Berlin Heidelberg, 2016. https://doi.org/10.1007/978-3-662-49851-4, DOI: 10.1007/978-3-662-49851-4 8 10.1007/978-3-662-49851-4 false true Reference 65869692 /api/reference/65869692 9. Caron, F., Vanthienen, J., Baesens, B.: A comprehensive investigation of the applicability of process mining techniques for enterprise risk management. Comput. Ind. 64(4), 464–475 (2013). https://doi.org/10.1016/j.compind.2013.02.001, DOI: 10.1016/j.compind.2013.02.001 9 10.1016/j.compind.2013.02.001 false true Reference 65869693 /api/reference/65869693 10. Kelemen, R.: Systematic review on process mining and security. Cent. East. Eur. EDem EGov Days 325, 145–164 (2018). https://doi.org/10.24989/ocg.v325.13, DOI: 10.24989/ocg.v325.13 10 10.24989/ocg.v325.13 false true Reference 65869694 /api/reference/65869694 11. Suriadi, S., et al.: Current research in risk-aware business process management―overview, comparison, and gap analysis. Commun. Assoc. Inf. Syst., 34, (2014). https://doi.org/10.17705/1CAIS.03452, DOI: 10.17705/1CAIS.03452 11 10.17705/1CAIS.03452 false true Reference 65869695 /api/reference/65869695 12. Tjoa, S., Jakoubi, S., Quirchmayr, G.: Enhancing business impact analysis and risk assessment applying a risk-aware business process modeling and simulation methodology. In 2008 third international conference on availability, reliability and security, IEEE, pp. 179–186 (2008). https://doi.org/10.1109/ARES.2008.206, DOI: 10.1109/ARES.2008.206 12 10.1109/ARES.2008.206 false true Reference 65869696 /api/reference/65869696 13. Caron, F., Vanthienen, J., Baesens, B.: Comprehensive rule-based compliance checking and risk management with process mining. Decis. Support. Syst. 54(3), 1357–1369 (2013). https://doi.org/10.1016/j.dss.2012.12.012, DOI: 10.1016/j.dss.2012.12.012 13 10.1016/j.dss.2012.12.012 false true Reference 65869697 /api/reference/65869697 14. Dedousis, P., Raptaki, M., Stergiopoulos, G., Gritzalis, D.: Towards an automated business process model risk assessment: a process mining approach. In: Proceedings of the 19th international conference on security and cryptography, Lisbon, Portugal: SCITEPRESS - Science and Technology Publications, pp. 35–46 (2022). https://doi.org/10.5220/0011135600003283, DOI: 10.5220/0011135600003283 14 10.5220/0011135600003283 false true Reference 65869698 /api/reference/65869698 15. Stine, K., Quinn, S., Witte, G., Gardner, R.K.: Integrating cybersecurity and enterprise risk management (ERM). Natl Inst Stand Technol (2020). https://doi.org/10.6028/NIST.IR.8286, DOI: 10.6028/NIST.IR.8286 15 10.6028/NIST.IR.8286 false true Reference 65869699 /api/reference/65869699 16. Quinn, S., et al.: Using business impact analysis to inform risk prioritization and response. National institute of standards and technology (U.S.), Gaithersburg, MD, NIST IR 8286D, (2022). https://doi.org/10.6028/NIST.IR.8286D, DOI: 10.6028/NIST.IR.8286D 16 10.6028/NIST.IR.8286D false true Reference 65869700 /api/reference/65869700 17. Burton, S. L., Protection via business impact analysis in a cyber world: A 3-part series. In 17th international conference on information technology–new generations (ITNG 2020), vol. 1134, S. Latifi, Ed., in Advances in Intelligent Systems and Computing, vol 1134, pp 3–8, Cham, Springer International Publishing (2020). https://doi.org/10.1007/978-3-030-43020-7_1, DOI: 10.1007/978-3-030-43020-7_1 17 10.1007/978-3-030-43020-7_1 false true Reference 65869701 /api/reference/65869701 18. Strelicz, A., Bognár, F.: Integrated risk and business impact analysis: a kind of support for ISO 22301. Eur. Sci. J. ESJ (2020). https://doi.org/10.19044/esj.2020.v16n4p1, DOI: 10.19044/esj.2020.v16n4p1 18 10.19044/esj.2020.v16n4p1 false true Reference 65869702 /api/reference/65869702 19. Torabi, S.A., Rezaei Soufi, H., Sahebjamnia, N.: A new framework for business impact analysis in business continuity management (with a case study). Saf. Sci. 68, 309–323 (2014). https://doi.org/10.1016/j.ssci.2014.04.017, DOI: 10.1016/j.ssci.2014.04.017 19 10.1016/j.ssci.2014.04.017 false true Reference 65869703 /api/reference/65869703 20. Kotzanikolaou, P., Theoharidou, M., Gritzalis, D.: Assessing n-order dependencies between critical infrastructures. Int. J. Crit. Infrastruct. 9(1–2), 93–110 (2013), DOI: 10.1504/IJCIS.2013.051606 20 10.1504/IJCIS.2013.051606 false true Reference 65869704 /api/reference/65869704 21. Stergiopoulos, G., Kouktzoglou, V., Theocharidou, M., Gritzalis, D.: A process-based dependency risk analysis methodology for critical infrastructures. Int. J. Crit. Infrastruct. 13(2/3), 184 (2017). https://doi.org/10.1504/IJCIS.2017.088231, DOI: 10.1504/IJCIS.2017.088231 21 10.1504/IJCIS.2017.088231 false true Reference 65869705 /api/reference/65869705 22. Al-Essa, H. A., Al-Sharidah, A. H.: An approach to automate business impact analysis. In: 2018 IEEE international systems engineering symposium (ISSE), Rome: IEEE, 2018, pp 1–3. https://doi.org/10.1109/SysEng.2018.8544438, DOI: 10.1109/SysEng.2018.8544438 22 10.1109/SysEng.2018.8544438 false true Reference 65869706 /api/reference/65869706 23. Sikdar, P.: Alternate approaches to business impact analysis. Inf. Secur. J. Glob. Perspect. 20(3), 128–134 (2011). https://doi.org/10.1080/19393555.2010.551274, DOI: 10.1080/19393555.2010.551274 23 10.1080/19393555.2010.551274 false true Reference 65869707 /api/reference/65869707 24. Bartolini, C., Stefanelli, C., Tortonesi, M. Business-impact analysis and simulation of critical incidents in IT service management. In: 2009 IFIP/IEEE international symposium on integrated network management, New York, NY, USA: IEEE, pp. 9–16 (2009). https://doi.org/10.1109/INM.2009.5188781, DOI: 10.1109/INM.2009.5188781 24 10.1109/INM.2009.5188781 false true Reference 65869708 /api/reference/65869708 25. Radeschütz, S., Schwarz, H., Niedermann, F.: Business impact analysis—a framework for a comprehensive analysis and optimization of business processes. Comput. Sci. - Res. Dev. 30(1), 69–86 (2015). https://doi.org/10.1007/s00450-013-0247-3, DOI: 10.1007/s00450-013-0247-3 25 10.1007/s00450-013-0247-3 false true Reference 65869709 /api/reference/65869709 26. Setzer, T., Bhattacharya, K., Ludwig, H.: Change scheduling based on business impact analysis of change-related risk. IEEE Trans. Netw. Serv. Manag. 7(1), 58–71 (2010). https://doi.org/10.1109/TNSM.2010.I9P0305, DOI: 10.1109/TNSM.2010.I9P0305 26 10.1109/TNSM.2010.I9P0305 false true Reference 65869710 /api/reference/65869710 27. Stergiopoulos, G., Dedousis, P., Gritzalis, D.: Automatic analysis of attack graphs for risk mitigation and prioritization on large-scale and complex networks in Industry 4.0. Int. J. Inf. Secur. 21(1), 37–59 (2022). https://doi.org/10.1007/s10207-020-00533-4, DOI: 10.1007/s10207-020-00533-4 27 10.1007/s10207-020-00533-4 false true Reference 65869711 /api/reference/65869711 28. Adamos, K., Stergiopoulos, G., Karamousadakis, M., Gritzalis, D.: Enhancing attack resilience of cyber-physical systems through state dependency graph models. Int. J. Inf. Secur. (2023). https://doi.org/10.1007/s10207-023-00731-w, DOI: 10.1007/s10207-023-00731-w 28 10.1007/s10207-023-00731-w false true Reference 65869712 /api/reference/65869712 29. Huang, X., Vodenska, I., Havlin, S., Stanley, H.E.: Cascading failures in bi-partite graphs: model for systemic risk propagation. Sci. Rep. 3(1), 1219 (2013). https://doi.org/10.1038/srep01219, DOI: 10.1038/srep01219 29 10.1038/srep01219 false true Reference 65869713 /api/reference/65869713 30. Lykou, G., Dedousis, P., Stergiopoulos, G., Gritzalis, D.: Assessing interdependencies and congestion delays in the aviation network. IEEE Access 8, 223234–223254 (2020). https://doi.org/10.1109/ACCESS.2020.3045340, DOI: 10.1109/ACCESS.2020.3045340 30 10.1109/ACCESS.2020.3045340 false true Reference 65869714 /api/reference/65869714 31. Trieu-Do, V., Garcia-Lebron, R., Xu, M., Xu, S., Feng, Y.: Characterizing and leveraging granger causality in cybersecurity: framework and case study. ICST Trans. Secur. Saf. 7(25), 169912 (2021). https://doi.org/10.4108/eai.11-5-2021.169912, DOI: 10.4108/eai.11-5-2021.169912 31 10.4108/eai.11-5-2021.169912 false true Reference 65869715 /api/reference/65869715 32. Maiti, R. R., Adepu, S., Lupu, E.: ICCPS: impact discovery using causal inference for cyber attacks in CPSs. 2023. arXiv. https://doi.org/10.48550/ARXIV.2307.14161, DOI: 10.48550/ARXIV.2307.14161 32 10.48550/ARXIV.2307.14161 false true Reference 65869716 /api/reference/65869716 33. Myers, D., Suriadi, S., Radke, K., Foo, E.: Anomaly detection for industrial control systems using process mining. Comput. Secur. 78, 103–125 (2018). https://doi.org/10.1016/j.cose.2018.06.002, DOI: 10.1016/j.cose.2018.06.002 33 10.1016/j.cose.2018.06.002 false true Reference 65869717 /api/reference/65869717 34. ICT systems security and privacy protection: New York. Springer, Berlin Heidelberg, NY (2017) 34 false true Reference 65869718 /api/reference/65869718 35. Gongada, T.N., et al.: Leveraging machine learning for enhanced cyber attack detection and defence in big data management and process mining. Int. J. Adv. Comput. Sci. Appl. (2024). https://doi.org/10.14569/IJACSA.2024.0150266, DOI: 10.14569/IJACSA.2024.0150266 35 10.14569/IJACSA.2024.0150266 false true Reference 65869719 /api/reference/65869719 36. Macak, M., Vanat, I., Merjavy, M., Jevocin, T., Buhnova, B.: Towards process mining utilization in insider threat detection from audit logs. In: 2020 seventh international conference on social networks analysis, management and security (SNAMS), Paris, France: IEEE, pp. 1–6. (2020). https://doi.org/10.1109/SNAMS52053.2020.9336573, DOI: 10.1109/SNAMS52053.2020.9336573 36 10.1109/SNAMS52053.2020.9336573 false true Reference 65869720 /api/reference/65869720 37. Turner, R. C.: Process mining for asymmetric cybersecurity audit. In: 2022 IEEE International Conference on Cyber Security and Resilience (CSR), Rhodes, Greece: IEEE, pp. 293–298. (2022). https://doi.org/10.1109/CSR54599.2022.9850298, DOI: 10.1109/CSR54599.2022.9850298 37 10.1109/CSR54599.2022.9850298 false true Reference 65869721 /api/reference/65869721 38. Khan, M. A., Pradhan, S. K., Fatima, H. Applying data mining techniques in cyber crimes. In 2017 2nd International Conference on Anti-Cyber Crimes (ICACC), Abha, Saudi Arabia: IEEE, pp. 213–216. (2017). https://doi.org/10.1109/Anti-Cybercrime.2017.7905293, DOI: 10.1109/Anti-Cybercrime.2017.7905293 38 10.1109/Anti-Cybercrime.2017.7905293 false true Reference 65869722 /api/reference/65869722 39. Macak, M., Oslejsek, R., Buhnova, B.: Applying process discovery to cybersecurity training: an experience report. In: 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy: IEEE, pp. 394–402. (2022). https://doi.org/10.1109/EuroSPW55150.2022.00047, DOI: 10.1109/EuroSPW55150.2022.00047 39 10.1109/EuroSPW55150.2022.00047 false true Reference 65869723 /api/reference/65869723 40. Hemmer, A., Badonnel, R., Chrisment, I.: A process mining approach for supporting IoT predictive security. In: NOMS 2020–2020 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary: IEEE, pp. 1–9. (2020). https://doi.org/10.1109/NOMS47738.2020.9110411, DOI: 10.1109/NOMS47738.2020.9110411 40 10.1109/NOMS47738.2020.9110411 false true Reference 65869724 /api/reference/65869724 41. Pery, A., Rafiei, M., Simon, M., Van Der Aalst, W. M. P.: Trustworthy artificial intelligence and process mining: challenges and opportunities. In: Process Mining Workshops, vol. 433, J. Munoz-Gama and X. Lu, Eds., in Lecture Notes in Business Information Processing, vol. 433, Cham: Springer International Publishing, pp. 395–407. (2022). https://doi.org/10.1007/978-3-030-98581-3_29, DOI: 10.1007/978-3-030-98581-3_29 41 10.1007/978-3-030-98581-3_29 false true Reference 65869725 /api/reference/65869725 42. Van Der Aalst, W., Weijters, T., Maruster, L.: Workflow mining: discovering process models from event logs. IEEE Trans. Knowl. Data Eng. 16(9), 1128–1142 (2004). https://doi.org/10.1109/TKDE.2004.47, DOI: 10.1109/TKDE.2004.47 42 10.1109/TKDE.2004.47 false true Reference 65869726 /api/reference/65869726 43. Giuseppe, C., Valerio, M., Teresa, M., Carmela, S.L.: A simulation approach in process mining conformance analysis. The introduction of a brand new BPMN element. IERI Procedia 6, 45–51 (2014). https://doi.org/10.1016/j.ieri.2014.03.008, DOI: 10.1016/j.ieri.2014.03.008 43 10.1016/j.ieri.2014.03.008 false true Reference 65869727 /api/reference/65869727 44. Altuhhov, O., Matulevičius, R., Ahmed, N.: An extension of business process model and notation for security risk management. Int. J. Inf. Syst. Model. Des. 4(4), 93–113 (2013). https://doi.org/10.4018/ijismd.2013100105, DOI: 10.4018/ijismd.2013100105 44 10.4018/ijismd.2013100105 false true Reference 65869728 /api/reference/65869728 45. Cardoso, P., Respício, A., Domingos, D.: riskaBPMN - a BPMN extension for risk assessment. Procedia Comput. Sci. 181, 1247–1254 (2021). https://doi.org/10.1016/j.procs.2021.01.324, DOI: 10.1016/j.procs.2021.01.324 45 10.1016/j.procs.2021.01.324 false true Reference 65869729 /api/reference/65869729 46. Marcinkowski, B., Kuciapski, M.: A business process modeling notation extension for risk handling. In: Computer Information Systems and Industrial Management, A. Cortesi, N. Chaki, K. Saeed, and S. Wierzchoń, Eds., in Lecture Notes in Computer Science, vol. 7564, pp. 374–381. Berlin, Heidelberg: Springer Berlin Heidelberg (2012). https://doi.org/10.1007/978-3-642-33260-9_32, DOI: 10.1007/978-3-642-33260-9_32 46 10.1007/978-3-642-33260-9_32 false true Reference 65869730 /api/reference/65869730 47. Meland, P. H., Gjaere, E. A.: Representing threats in BPMN 2.0. In: 2012 Seventh International Conference on Availability, Reliability and Security, Prague, TBD, Czech Republic: IEEE, pp. 542–550. (2012). https://doi.org/10.1109/ARES.2012.13, DOI: 10.1109/ARES.2012.13 47 10.1109/ARES.2012.13 false true Reference 65869731 /api/reference/65869731 48. Fang, P., et al.: Back-propagating system dependency impact for attack investigation. In: Proceedings of the 31th USENIX Security Symposium, pp. 2461–2478. Boston, USA: USENIX Association (2022) 48 false true Reference 65869732 /api/reference/65869732 49. Van Dongen, B. F., De Medeiros, A. K. A., Verbeek, H. M. W., Weijters, A. J. M. M., Van Der Aalst, W. M. P.: The ProM framework: a new era in process mining tool support. In Applications and Theory of Petri Nets 2005, G. Ciardo and P. Darondeau, Eds., In: Lecture Notes in Computer Science, vol. 3536, pp. 444–454. Berlin, Heidelberg: Springer Berlin Heidelberg (2005). https://doi.org/10.1007/11494744_25, DOI: 10.1007/11494744_25 49 10.1007/11494744_25 false true Reference 65869733 /api/reference/65869733 50. IEEE. IEEE 1849–2016 XES Standard. XES. [Online]. Available: https://xes-standard.org 50 false true Reference 65869734 /api/reference/65869734 51. Van Der Aalst, W.M.P., Weijters, A.J.M.M.: Process mining: a research agenda. Comput. Ind. 53(3), 231–244 (2004). https://doi.org/10.1016/j.compind.2003.10.001, DOI: 10.1016/j.compind.2003.10.001 51 10.1016/j.compind.2003.10.001 false true Reference 65869735 /api/reference/65869735 52. Van Der Aalst, W.: Process mining. Commun. ACM 55(8), 76–83 (2012). https://doi.org/10.1145/2240236.2240257, DOI: 10.1145/2240236.2240257 52 10.1145/2240236.2240257 false true Reference 65869736 /api/reference/65869736 53. Van Dongen, B. F., Alves De Medeiros, A. K., Wen, L.: Process mining: overview and outlook of petri net discovery algorithms. In Transactions on Petri Nets and Other Models of Concurrency II, K. Jensen and W. M. P. Van Der Aalst, Eds., in Lecture Notes in Computer Science, vol. 5460, pp. 225–242. Berlin, Heidelberg: Springer Berlin Heidelberg (2009). https://doi.org/10.1007/978-3-642-00899-3_13, DOI: 10.1007/978-3-642-00899-3_13 53 10.1007/978-3-642-00899-3_13 false true Reference 65869737 /api/reference/65869737 54. Gunther, C. W., Verbeek, H. M. W.: XES - standard definition. BPMcenter. org, Vol. 1409 54 false true Reference 65869738 /api/reference/65869738 55. Verbeek, H. M. W., Buijs, J. C. A. M., Van Dongen, B. F., Van Der Aalst, W. M. P.: XES, XESame, and ProM 6. In: Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications, E. Bayro-Corrochano and E. Hancock, Eds., in Lecture Notes in Computer Science, vol. 8827, pp. 60–75. Cham: Springer International Publishing (2011). https://doi.org/10.1007/978-3-642-17722-4_5, DOI: 10.1007/978-3-642-17722-4_5 55 10.1007/978-3-642-17722-4_5 false true Reference 65869739 /api/reference/65869739 56. Verbeek, H. M. W., Buijs, J. C. A. M., Dongen, van, B. F., Aalst, van der, W. M. P.: ProM 6 : the process mining toolkit. In Proceedings of the Business Process Management 2010 Demonstration Track (Hoboken NJ, USA, September 14–16, 2010), in CEUR Workshop Proceedings. CEUR-WS.org, pp. 34–39 (2010) 56 false true Reference 65869740 /api/reference/65869740 57. Günther, C. W., Van Der Aalst, W. M. P.: A generic import framework for process event logs. In: Business Process Management Workshops, J. Eder and S. Dustdar, Eds., In Lecture Notes in Computer Science, vol. 4103, pp. 81–92. Berlin, Heidelberg: Springer Berlin Heidelberg (2006). https://doi.org/10.1007/11837862_10, DOI: 10.1007/11837862_10 57 10.1007/11837862_10 false true Reference 65869741 /api/reference/65869741 58. Verbeek, H.M.W., Van der Aalst, W.M.P., Munoz-Gama, J.: Divide and conquer: a tool framework for supporting decomposed discovery in process mining. Comput. J. 60(11), 1649–1674 (2017). https://doi.org/10.1093/comjnl/bxx040, DOI: 10.1093/comjnl/bxx040 58 10.1093/comjnl/bxx040 false true /api/publication/36147531 Raptaki Melina et al. Automated cybersecurity impact propagation across business processes using process mining techniques. (2025) INTERNATIONAL JOURNAL OF INFORMATION SECURITY 1615-5262 1615-5270 24 3 1-17<div class="JournalArticle Publication long-list"> <div class="authors"> <img title="Idézőközlemény" style="float: left" src="/frontend/resources/grid/publication-citation-icon.png"> <div class="autype autype0"> <span class="author-name" >Raptaki Melina </span> ;    <span class="author-name" >Stergiopoulos George </span> ;    <span class="author-name" >Gritzalis Dimitris </span> </div> </div> <div class="title"><a href="/gui2/?mode=browse&params=publication;36147531" target="_blank">Automated cybersecurity impact propagation across business processes using process mining techniques</a></div> <div> <span class="journal-title">INTERNATIONAL JOURNAL OF INFORMATION SECURITY</span> <span class="journal-issn">(<a target="_blank" href="https://portal.issn.org/resource/ISSN/1615-5262">1615-5262</a> <a target="_blank" href="https://portal.issn.org/resource/ISSN/1615-5270">1615-5270</a>)</span>: <span class="journal-volume">24</span> <span class="journal-issue">3</span> <span class="page"> pp 1-17 Paper 129. </span> <span class="year">(2025)</span> </div> <div class="pub-footer"> <span class="language" xmlns="http://www.w3.org/1999/html">Nyelv: Angol | </span> <span class="identifiers"> <span class="id identifier oa_none" title="none"> <a style="color:black" title="10.1007/s10207-025-01040-0" target="_blank" href="https://doi.org/10.1007/s10207-025-01040-0"> DOI </a> </span> <span class="id identifier oa_none" title="none"> <a style="color:black" title="https://link.springer.com/10.1007/s10207-025-01040-0" target="_blank" href="https://link.springer.com/10.1007/s10207-025-01040-0"> Egyéb URL </a> </span> </span> <div class="publication-citation"> <a target="_blank" href="/api/publication?cond=citations.related;eq;36147531&sort=publishedYear,desc&sort=title"> Idézett közlemények száma: 1 </a> </div> <div class="mtid"><span class="long-pub-mtid">Közlemény: 36147531</span> | <span class="status-data status-APPROVED"> Nyilvános </span> Idéző | <span class="type-subtype">Folyóiratcikk ( Szakcikk ) </span> | <span class="pub-category">Tudományos</span> | <span class="publication-sourceOfData">kézi felvitel</span> </div> <div class="lastModified">Utolsó módosítás: 2025.05.17. 20:06 Bognár Ferenc (gazdálkodás és szervezéstudományok) </div> </div></div>