- Pérez-Álvarez JM, Maté A, Gómez-López MT, Trujillo J. Tactical businessprocess-decision support based on KPIs monitoring and validation. Comput Ind 2018;102:23–39. http://dx.doi.org/10.1016/j.compind.2018.08.001.
- Micro T. Business process compromise (BPC). Tech. Rep., California, USA: Trend Micro Forward-Looking Threat Research (FTR) Team; 2017, Accessed: 2023-25-07.
- Lord Remorin RF, Matsukawa B. Tracking trends in business email compromise (BEC) schemes. Tech. Rep., California, USA: Trend Micro Forward-Looking Threat Research (FTR) Team; 2018, Accessed: 2023-25-07.
- Ross R, Pillitteri V, Graubart R, Bodeau D, McQuaid R. Developing cyber resilient systems: a systems security engineering approach. Tech. Rep., Maryland, USA: National Institute of Standards and Technology; 2019, http://dx.doi.org/10. 6028/NIST.SP.800-160v2r1.
- NIST Special Publication 800-37. Risk management framework for information systems and organizations: A system life cycle approach for security and privacy. Tech. Rep., Gaithersburg, MD: National Institute of Standards and Technology; 2018, http://dx.doi.org/10.6028/NIST.SP.800-37r2.
- Bakhtina M, Matulevičius R, Seeba M. Tool-supported method for privacy analysis of a business process model. J Inf Secur Appl 2023;76:103525. http: //dx.doi.org/10.1016/j.jisa.2023.103525, URL https://www.sciencedirect.com/ science/article/pii/S2214212623001096.
- Shameli-Sendi A. An efficient security data-driven approach for implementing risk assessment. J Inf Secur Appl 2020;54:102593. http://dx.doi.org/10.1016/j.jisa.2020.102593, URL https://www.sciencedirect.com/science/article/pii/S2214212620307614.
- Turskis Z, Goranin N, Nurusheva A, Boranbayev S. Information security risk assessment in critical infrastructure: A hybrid MCDM approach. Informatica (Ljubl) 2019;30(1):187 211. http://dx.doi.org/10.15388/Informatica.2019.203.
- Sun H, Xie X. Threat evaluation method of warships formation air defense based on AR(p)-DITOPSIS. J Syst Eng Electron 2019;30(2):297. http://dx.doi.org/10. 21629/JSEE.2019.02.09.
- Suriadi S, Weiss B, Winkelmann A, ter Hofstede A, Adams M, Conforti R, Fidge C, Rosa ML, Ouyang C, Pika A, Rosemann M, Wynn M. Current research in risk-aware business process management - overview, comparison, and gap analysis. Communications of the Association for Information Systems 2014;34:933–84. http://dx.doi.org/10.17705/1CAIS.03452, URL http://eprints. qut.edu.au/50606/.
- Varela-Vaca AJ, Parody L, Gasca RM, Gomez-Lopez MT. Automatic verification and diagnosis of security risk assessments in business process models. IEEE Access 2019;7:26448–65. http://dx.doi.org/10.1109/ACCESS.2019.2901408.
- Griffor E, Wollman D, Greer C. Framework for cyber-physical systems: Volume 1, overview. Tech. Rep., Gaithersburg, MD: National Institute of Standards andTechnology; 2017, http://dx.doi.org/10.6028/NIST.SP.1500-201.
- Wulff A, Wunck C. Integration of business process management and big data technologies. In: International conference on industrial engineering and operations management. 2016, p. 8–10. http://dx.doi.org/10.46254/AN06. 20160061.
- Janiesch C, Koschmider A, Mecella M, Weber B, Burattin A, Di Ciccio C, et al. The internet of things meets business process management: A manifesto. IEEE Syst Man Cybern Mag 2020;6(4):34–44. http://dx.doi.org/10.1109/MSMC.2020.3003135.
- Bazan P, Estevez E. Industry 4.0 and business process management: state of the art and new challenges. Bus Process Manag J 2021;28(1):62–80. http: //dx.doi.org/10.1108/bpmj-04-2020-0163.
- Pan L, Tomlinson A. A systematic review of information security risk assessment. Int J Saf Secur Eng 2016;6(2):270–81. http://dx.doi.org/10.2495/SAFE-V6-N2- 270-281.
- Marcinkowski B, Kuciapski M. A business process modeling notation extension for risk handling. In: Cortesi A, Chaki N, Saeed K, Wierzchoń S, editors. Computer information systems and industrial management. Berlin, Heidelberg: Springer Berlin Heidelberg; 2012, p. 374–81. http://dx.doi.org/10.1007/978-3-642-33260-9_32.
- Abioye TE, Arogundade OT, Misra S, Adesemowo K, Damasevicius R. Cloud-based business process security risk management: A systematic review, taxonomy, and future directions. Computers 2021;10(12). http://dx.doi.org/10.3390/ computers10120160.
- Aleksandrov MN, Vasiliev VA, Aleksandrova SV. Implementation of the riskbased approach methodology in information security management systems. In: 2021 international conference on quality management, transport and information security, information technologies (IT QM IS). 2021, p. 137–9. http://dx.doi.org/ 10.1109/ITQMIS53292.2021.9642767.
- Alshawabkeh M, Li X, Sullabi M. New information security risk management framework as an integral part of project life cycle. In: Proceedings of the 2019 5th international conference on humanities and social science research (ICHSSR 2019). Paris, France: Atlantis Press; 2019, p. 133–9. http://dx.doi.org/10.2991/ ichssr-19.2019.24.
- Javaid MI, Iqbal MMW. A comprehensive people, process and technology (PPT) application model for information systems (IS) risk management in small/medium enterprises (SME). In: 2017 international conference on communication technologies (ComTech). 2017, p. 78–90. http://dx.doi.org/10.1109/ COMTECH.2017.8065754.
- Alhawari S, Karadsheh L, Nehari Talet A, Mansour E. Knowledge-Based Risk Management framework for Information Technology project. Int J Inf Manage 2012;32(1):50–65. http://dx.doi.org/10.1016/j.ijinfomgt.2011.07.002.
- Zambon E, Etalle S, Wieringa RJ, Hartel P. Model-based qualitative risk assessment for availability of IT infrastructures. Softw Syst Model 2011;10(4):553–80. http://dx.doi.org/10.1007/s10270-010-0166-8.
- Argyropoulos N, Mouratidis H, Fish A. Enhancing secure business process design with security process patterns. Softw Syst Model 2020;19(3):555–77. http://dx. doi.org/10.1007/S10270-019-00743-Y/FIGURES/16, URL https://link.springer.com/article/10.1007/s10270-019-00743-y.
- Adebukola, A. A., Navya, A. N., Jordan, F. J., Jenifer, N. J., & Begley, R. D. (2020). Cyber security as a threat to health care. Journal of Technology and Systems, 4(1), 32-64.
- Samuel O,D, Adedolapo Omotosho, Odunayo Josephine Akindote, Abimbola Oluwatoyin Adegbite4, & Sarah Kuzankah Ewuga ,CYBERSECURITY RISK ASSESSMENT IN BANKING: METHODOLOGIES AND BEST PRACTICES, Computer Science & IT Research Journal, Volume 4, Issue 3, December 2023 ,DOI: 10.51594/csitrj.v659
- Rosado DG, Moreno J, Sánchez LE, Santos-Olmo A, Serrano MA, Fernández- Medina E. MARISMA-BiDa pattern: Integrated risk analysis for big data. Comput Secur 2021;102:102155. http://dx.doi.org/10.1016/j.cose.2020.102155.
- Rosado DG, Santos-Olmo A, Sánchez LE, Serrano MA, Blanco C, Mouratidis H, et al. Managing cybersecurity risks of cyber-physical systems: The MARISMA-CPS pattern. Comput Ind 2022;142:103715. http://dx.doi.org/10.1016/j.compind. 2022.103715.
- E. Indriasari, H. Prabowo, F. Gaol, and B. Purwandari, "Digital Banking: Challenges, Emerging Technology Trends, and Future Research Agenda," Int. J. E Bus. Res., vol. 18, pp. 1-20, 2022, doi: 10.4018/ijebr.309398.
- B. Balkan, "Impacts of Digitalization on Banks and Banking," in Digital Transformation in Industry, pp. 33-50, 2021, doi: 10.1007/978-981-33-6811-8_3.
- M. Tashtamirov, "Financial Innovation and Digital Technology in the Banking System: An Institutional Perspective," SHS Web of Conferences, 2023, doi: 10.1051/shsconf/202317202004.
- L. Wewege, J. Lee, and M. Thomsett, "Disruptions and Digital Banking Trends," Journal of Applied Finance and Banking, vol. 10, pp. 1-2, 2020.
- R. Sebti, "BANKING IN THE DIGITAL AGE: ISSUES AND CHALLENGES," RIMAK International Journal of Humanities and Social Sciences, 2022, doi: 10.47832/2717-8293.18.12.
- S.B Nuthalapati, “AI-Enhanced Detection and Mitigation of Cybersecurity Threats in Digital Banking”, 2023, Doi: 10.53555/kuey.v29i1.6908.
- S.O. Dawodu, A.Omotosho, O. J. Akindote ,A.O.Adegbite, S.K.Ewuga, “Current Research in Risk-aware Business Process Management―Overview, Comparison, and Gap Analysis”, Volume 4, Issue 3, P.220-243, December 2023,DOI: 10.51594/csitrj.v659
- Magerit. Magerit_v3: Methodology for information systems risk analysis and management. Tech. Rep., Ministry of Public Administration; 2012, URL https://administracionelectronica.gob.es/pae_Home/pae_Documentacion/pae_Metodolog/pae_Magerit.html.
- Caralli RA, Stevens JF, Young LR, Wilson WR. Introducing octave allegro: Improving the information security risk assessment process. Tech. Rep., Pittsburgh PA, USA: Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst; 2007,http://dx.doi.org/10.1184/R1/6574790.v1.
- Klipper S. ISO/IEC 27005. In: Information security risk management: risikomanagement mit ISO/IEC 27001, 27005 und 31010. Wiesbaden: Vieweg+Teubner; 2022, p. 63–97. http://dx.doi.org/10.1007/978-3-8348-9870-8_3.
- ISO/IEC 21827:2008. Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®). Tech. Rep., International Organization for Standardization & International Electrotechnical Commission; 2008, https://www.iso.org/standard/44716.html.
- De Haes S, Van Grembergen W, Joshi A, Huygh T. COBIT as a framework for enterprise governance of IT. In: Enterprise governance of information technology:achieving alignment and value in digital organizations. Cham: Springer International Publishing; 2020, p. 125–62. http://dx.doi.org/10.1007/978-3-030-25918-1_5.
- Ross M, Jara AJ, Cosenza A. Baseline security recommendations for IoT in the context of critical information infrastructures. Tech. Rep., (November). European Union Agency For Network And Information Security; 2017, http://dx.doi.org/10.2824/03228.
- NIST Special Publication 800-37. Risk management framework for information systems and organizations: A system life cycle approach for security and privacy. Tech. Rep., Gaithersburg, MD: National Institute of Standards and Technology;2018, http://dx.doi.org/10.6028/NIST.SP.800-37r2.
- ISO/IEC 27002:2022. Information security, cybersecurity and privacy protection — Information security controls. Tech. Rep., https://www.iso.org/standard/75652.html: International Organization for Standardization & International Electrotechnical Commission; 2022.
- ISO/IEC 27002:2022 - "Information security, CyberSecurity and Privacy Protection- Information Security Control”, https://www.iso.org/standard/75652.html.
- NIST Special Publication 800-53rev5. Security and privacy controls for information systems and organizations. Tech. Rep., National Institute of Standards and Technology; 2020, http://dx.doi.org/10.6028/NIST.SP.800-53r5.
- Goettelmann E, Dahman K, Gateau B, Dubois E, Godart C. A security risk assessment model for business process deployment in the cloud. In: 2014 IEEE international conference on services computing. 2014, p. 307–14. http://dx.doi. org/10.1109/SCC.2014.48.
- Hariyanti E, Djunaidy A, Siahaan DO. A conceptual model for information security risk considering business process perspective. In: 2018 4th international conference on science and technology. ICST, 2018, p. 1–6. http://dx.doi.org/10.1109/ICSTC.2018.8528678.
- Santos-Olmo A, Sánchez L, Rosado D, Fernández-Medina E, Piattini M. Applying the action-research method to develop a methodology to reduce the installation and maintenance times of information security management systems. Future Internet 2016;8(3):36. http://dx.doi.org/10.3390/fi8030036, URL http://www.mdpi.com/1999-5903/8/3/36.
- ISO/IEC TR 15443-1:2012. Information technology – Security techniques – Aframework for IT security assurance – Part 1: Overview and framework. 2012,URL https://www.iso.org/standard/59138.html.
- Vilarinho S, Mira da Silva M. Risk management model in ITIL. In: Cruz-Cunha MM, Varajão Ja, Trigo A, editors. Sociotechnical enterprise information systems design and integration. Hershey, PA, USA: IGI Global; 2013, p. 207–14.http://dx.doi.org/10.4018/978-1-4666-3664-4.ch013.
- Cebula J, Popeck M, Young L. A taxonomy of operational cyber security risks version 2. Tech. Rep. CMU/SEI-2014-TN-006, Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University; 2014, http://dx.doi.org/10. 1184/R1/6571784.v1.
- Marinos L. ENISA threat taxonomy: A tool for structuring threat information. Initial report. Tech. Rep., (January):European Union Agency For Network And Information Security; 2016, p. 1–24, URL https://www.enisa.europa.eu/topics/threat-risk-management/threats-andtrends/ enisa-threat-landscape/threat-taxonomy/view.
- Marinos L, Lourenço M. ENISA threat landscape report 2018: 15 top cyberthreats and trends. European Union Agency for Network and Information Security (ENISA); 2019, URL https://www.enisa.europa.eu/publications/enisathreat-landscape-report-2018/at_download/fullReport.
- Barnum MS. Common attack pattern enumeration and classification (CAPEC) schema. Tech. Rep., Dulles, VA: Department of Homeland Security; 2008, URL https://capec.mitre.org/documents/documentation/CAPEC_Schema_Description_v1.3.pdf.
- Hacks S, Lagerström R, Ritter D. Towards automated attack simulations of BPMN-based processes. In: 2021 IEEE 25th international enterprise distributed object computing conference. EDOC, 2021, p. 182–91. http://dx.doi.org/10. 1109/EDOC52215.2021.00029.
- Cherdantseva Y, Hilton J. A reference model of information assurance amp; security. In: 2013 international conference on availability, reliability and security. 2013, p. 546–55. http://dx.doi.org/10.1109/ARES.2013.72.
- Salnitri M, Dalpiaz F, Giorgini P. Designing secure business processes with SecBPMN. Softw Syst Model 2017;16(3):737–57. http://dx.doi.org/10.1007/ s10270-015-0499-4.
- Chinosi M, Trombetta A. BPMN: An introduction to the standard. Comput Stand Interfaces 2012;34(1):124–34. http://dx.doi.org/10.1016/j.csi.2011.06.002.
- Aagesen G, Krogstie J. BPMN 2.0 for modeling business processes. In: vom Brocke J, Rosemann M, editors. Handbook on business process management 1: introduction, methods, and information systems. Berlin, Heidelberg: Springer Berlin Heidelberg; 2015, p. 219–50. http://dx.doi.org/10.1007/978-3-642-45100-3_10.
- Zarour K, Benmerzoug D, Guermouche N, Drira K. A systematic literature review on BPMN extensions. Bus Process Manag J 2019;26(6):1473–503. http://dx.doi.org/10.1108/BPMJ-01-2019-0040.
- Salnitri M, Dalpiaz F, Giorgini P. Designing secure business processes with SecBPMN. Softw Syst Model 2017;16(3):737–57. http://dx.doi.org/10.1007/s10270-015-0499-4.
- Antunes P, Mourão H. Resilient Business Process Management: Framework and services. Expert Syst Appl 2011;38(2):1241–54. http://dx.doi.org/ 10.1016/j.eswa.2010.05.017, URL https://linkinghub.elsevier.com/retrieve/pii/S0957417410004288.
- Zahoransky RM, Koslowski T, Accorsi R. Toward resilience assessment in business process architectures. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8696 LNCS, Springer Verlag; 2014, p. 360–70. http://dx.doi.org/10.1007/978-3- 319-10557-4_39/COVER, URL https://link.springer.com/chapter/10.1007/978- 3-319-10557-4_39