Automated cybersecurity impact propagation across business processes using process mining techniques

Business Impact Analysis (BIA) evaluates how cyberattacks affect essential business processes and IT assets. Traditionally conducted through manual interviews by consultants, this approach is often inefficient and prone to errors and omissions. In this paper, we present an automated methodology leve...

Full description

Saved in:
Bibliographic Details
Published inInternational journal of information security Vol. 24; no. 3; p. 129
Main Authors Raptaki, Melina, Stergiopoulos, George, Gritzalis, Dimitris
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.06.2025
Springer Nature B.V
Subjects
Algorithms
Artificial intelligence
Automation
Case studies
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Graphs
Impact analysis
Information systems
Management of Computing and Information Systems
Methodology
Networks
Operating Systems
Propagation
Regular Contribution
Risk assessment
Process mining
Cybersecurity
Cyberattacks
Business impact analysis
Impact propagation
Online AccessGet full text
ISSN1615-5262
1615-5270
1615-5270
DOI10.1007/s10207-025-01040-0

Cover

More Information
Summary:Business Impact Analysis (BIA) evaluates how cyberattacks affect essential business processes and IT assets. Traditionally conducted through manual interviews by consultants, this approach is often inefficient and prone to errors and omissions. In this paper, we present an automated methodology leveraging process mining to assess the impact of cybersecurity incidents on business processes. This methodology extracts event logs from information systems to construct business dependency graphs, quantify impact propagation across them, and integrate cybersecurity risk inputs from security officers. Tested on procurement workflows for an international transportation company, and compared with established baselines as well as the insight and knowledge of the company itself, our methodology proved to be effective at identifying risks stemming from a cybersecurity incident without significant labor, as well as uncovering high-risk paths that weren’t yet identified, resulting in actionable insights. This is an extended and revised version of this methodology, evaluated with an extensive case study encompassing a company’s BIA, historical data and expert opinion, first presented in Raptaki (IEEE Access 12: 194322–194339, 2024).
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1615-5262
1615-5270
1615-5270
DOI:10.1007/s10207-025-01040-0