BPMN extension evaluation for security requirements engineering framework.

In this paper we present an in-depth evaluation of the Business Process Management Notation (BPMN) security extension. The evaluation mechanism is based on a conceptual model, particularly the Method Evaluation Model (MEM). The model is tested by engaging participants from different domains and possessing variable expertise level, related to security requirements and business process management systems. In particular, the BPMN security extension is evaluated for acceptance by end-users. Towards this, we conducted workshops and meetings with participants as part of our experimentation for BPMN extension evaluation. Three groups of participants participated in the evaluation process and are grouped based on their expertise level, including (i) experts, (ii) participants with some knowledge, and (iii) novices. We present an in depth quantitative and statistical analysis for the usability of the proposed framework, which includes parameters such as perceived ease of use, perceived usefulness, and intention to use. An empirical evaluation of results shows that the extended model is easy to use within the security requirements engineering framework, and participants are highly likely to adapt it in their future system development. [ABSTRACT FROM AUTHOR]