Dataset: Measuring Vulnerabilities in a Business Process Model

This dataset is used in a study entitled: Measuring Vulnerabilities in a Business Process Model. In this study, we developed a method for scoring information security vulnerability in a business process model by adopting the CVSS metric. Our method consists of three stages. First, we measured technical impact using the vignette matrix. Second, we measured exploitability components using assumptions regarding the system’s implementation plan. Third, we predicted the base score using linear regression. We predicted the base score for vulnerabilities in business processes using linear regression because calculating the base score using the CVSS formula produces a significant error. We used the dataset for the third step. We retrieved e-commerce application vulnerability data from the National Vulnerability Database (NVD). We processed the data to get the CVSS components. We used this data as a training dataset to form a linear regression model. The dataset can be seen on the “Training” sheet. On the second to the fourth sheet is the dataset for testing. We used the linear regression model that has been formed to predict the base score on vulnerabilities in business processes. For each vulnerability, we scored the CVSS component. The rules for scoring vulnerabilities in business processes using CVSS can be seen in our published article. The second sheet, “Testing-Manage Account”, contains a dataset about vulnerabilities in the process of managing accounts in e-commerce applications. The third sheet, “Testing-Manage Comm Channel” and the fourth, “Testing-Manage Payment”, contain a dataset about vulnerabilities in managing communication channels and managing payments in e-commerce applications. This dataset has the same structure as the dataset on the “Testing-Manage Account” sheet.