A Key Business Node Identification Model for Business Process Based on AE-VIKOR Method

Abstract

Based on the research of information security and business continuity management, a key business node identification model for the business process based on AE-VIKOR (Analytic hierarchy process and Entropy weighting VIKOR, AE-VIKOR) method is proposed. Firstly, the business nodes are obtained based on the business process, and the importance decision matrix of business nodes is constructed by quantifying the evaluation attributes of nodes. Secondly, the attribute weight is improved from subjective and objective dimensions to form the combination weight decision matrix, and the AE-VIKOR method is used to calculate the business importance coefficient to identify the key nodes. Finally, when an information security event occurs in the system, the impact of key business nodes on business continuity is analyzed, and the business continuity risk value is calculated to evaluate the business risk to prove the effectiveness of the model. The experimental results of civil aviation departure control system show that the AE-VIKOR method can effectively identify key business nodes, and the impact of key business nodes on business continuity is analyzed, which further proves the efficiency and accuracy of the model.

1 Introduction

Nowadays, with the rapid development of the Internet, related research fields are more concerned about information security and business continuity management recently. The multi system cooperation of smart mobile devices is closely related to its business continuity. Therefore, when an information security event occurs in a system, it may lead to delay or stagnation of business execution, which will inevitably affect business continuity. Based on the management of business continuity, at present, there are many achievements in the research of business continuity security [1,2,3,4,5]. Key business node identification is very important for business recovery which is one of the research hotspots in the field of risk assessment for the business process. Based on information security risk assessment and business continuity management, Torabi et al. [6] put business continuity risk management into the framework of information security risk assessment through business continuity risk analysis. Belov et al. [7] proposed a risk value calculation of the business completion rate by studying the situation of the business resource completion rate and quantitatively assessed the business system risk. Hariyanti et al. [8] proposed a new ISRA (Information security risk assessment) model based on the business process to improve the model based on the organization’s assets. VIKOR (Vise Kriterijumska Optimizacija I Kompromisno Resenje in Serbian) is one of the common methods of multi attribute decision making which is often used in risk assessment [9], economics, management and other hot fields.

The contributions of this paper can be summarized as follows. A key business node identification model for the business process based on AE-VIKOR is proposed. The model mainly focused on as follows: 1) The combined weighting from the subjective and objective dimensions is used to improve the attribute weights of the VIKOR method of multi attribute decision-making. 2) When information security events occur in the system, the model can analyze the impact of key business nodes on business continuity, calculate the risk value of business continuity.

The organization of this paper is described as follows: In Sect. 2, data preparation module and data operation module are described in detail. Decision module and analysis module are expounded in Sect. 3. In Sect. 4, the effectiveness of the model is verified by analyzing the business continuity of the departure business and the loading business. Conclusion is given in Sect. 5.

2 Data Preparation Module and Data Operation Module

The key business node identification model is composed of four modules: data preparation module, data operation module, decision module and analysis module (see Fig. 1). Data preparation module and data operation module are described in detail in Sect. 2.

Fig. 1.

Key business node identification model

2.1 Data Preparation Module

Through the analysis of the business process, this model extracts all businesses into nodes to form the business node set to be evaluated, which is recorded as M = {n₁, n₂, n₃ … n_m}. Three factors are used to evaluate business importance, which are business node relevance, business user, and business priority. The specific process of indicator quantification of the business node importance attribute is as follows.

According to node centrality theory [10], business relevance can be measured according to the direct relationship between other business nodes and the business node, the value of business node relevance is calculated in Eq. (1). The larger the value is, the more important the business node is. In Eq. (1), g_i is the ratio of connected nodes number of business node i to total nodes number except for it. h_i means nodes number directly connected to node i. m is the total number of business nodes.

$$ g_{i} \, = \,{{h_{i} } \mathord{\left/ {\vphantom {{h_{i} } {(m\, - \,1}}} \right. \kern-0pt} {(m\, - \,1}}) $$

(1)

In this paper, business user types are divided into staff, ordinary users, both staff and ordinary users, and 1, 2, 3 level is used to assignment for business user types. The larger the value is, the more important the business is. The importance levels for business user types are defined in Table 1.

Table 1. Importance level of business user type

The higher business priority level, the higher the importance of business. The business priority assignment is based on the service characteristics and application types of the business. The business priority level is divided into 1, 2, 3, and 4 levels. The assignment table is shown in Table 2.

Table 2. Business priority table

The data preparation module forms the node importance decision matrix X through the quantification of attributes and the nodes obtained. The matrix X is normalized by Eq. (2) for comparison. Where, \( {\text{x}}_{\text{j}}^{ \hbox{max} } \,{ = }\,{\text{max\{ x}}_{\text{i1}} ,\,{\text{x}}_{\text{i2}} ,\,{\text{x}}_{\text{i3}} {\text{\},}}\) \( {\text{x}}_{\text{j}}^{ \hbox{min} } \,{ = }\,{\text{min\{ x}}_{\text{i1}} ,\,{\text{x}}_{\text{i2}} ,\,{\text{x}}_{\text{i3}} {\text{\}.}}\) The standardized matrix is R.

$$ {R}\, = \,\left[ {\begin{array}{*{20}c} {r_{11} } & {r_{12} } & {r_{13} } \\ {r_{21} } & {r_{22} } & {r_{23} } \\ \vdots & \vdots & \vdots \\ {r_{m1} } & {r_{m2} } & {r_{m3} } \\ \end{array} } \right] $$

$$ r_{ij} \, = \,{{(x_{ij} \, - \,x_{j}^{\hbox{min} } )} \mathord{\left/ {\vphantom {{(x_{ij} \, - \,x_{j}^{\hbox{min} } )} {(x_{j}^{\hbox{max} } \, - \,x_{j}^{\hbox{min} } )}}} \right. \kern-0pt} {(x_{j}^{\hbox{max} } \, - \,x_{j}^{\hbox{min} } )}} $$

(2)

2.2 Data Operation Module

This paper uses the combined weighting to determine the attribute weight to eliminate some subjective influence of attributes and enhance the accuracy of the model.

AHP is used to calculate the subjective weight. Firstly, the business relevance is the local attribute of the business nodes, and its impact is relatively low. Users’ impact is stronger than that of the business relevance, and the impact of the business type is greater than others. Therefore, the comparison of the attribute of node importance evaluation is shown in Table 3. Where, 2, 4 indicates that the influence degree of attribute i and attribute j is between 3, 5. According to the subjective influence of business attributes on business importance, an initial comparison matrix A is constructed. Matrix A is normalized to form matrix B according to Eq. (3) Calculate the sum of each row of matrix B and get the set S is {0.3185, 0.7815, 1.9000}. The set is standardized to get the other set S₁ is {0.1062, 0.2605, 0.6333}. The element of set S₁ is the subjective weight. After the consistency test, the calculation of consistency test index CI is shown in Eq. (4)–(5). After testing, the subjective weight assignment conforms to the consistency test index. Therefore, the subjective weight of each attribute is obtained which are \( w_{1}^{A} \) = 0.1062, \( w_{2}^{A} \) = 0.2065, \( w_{3}^{A} \) = 0.6333.

$$ B\, = \,{{A_{ij} } \mathord{\left/ {\vphantom {{A_{ij} } {\sum\limits_{j = 1}^{3} {A_{ij} } }}} \right. \kern-0pt} {\sum\limits_{j = 1}^{3} {A_{ij} } }} $$

(3)

$$ {A}\, = \,\left[ {\begin{array}{*{20}c} 1 & {\frac{1}{3}} & {\frac{1}{5}} \\ 3 & 1 & {\frac{1}{3}} \\ 5 & 3 & 1 \\ \end{array} } \right]\begin{array}{*{20}c} {\begin{array}{*{20}c} {} \\ \end{array} } \\ \end{array} \begin{array}{*{20}c} {} \\ \end{array} {B}\, = \,\left[ {\begin{array}{*{20}c} {\frac{1}{9}} & {\frac{1}{13}} & {\frac{3}{23}} \\ {\frac{3}{9}} & {\frac{3}{13}} & {\frac{5}{23}} \\ {\frac{5}{9}} & {\frac{9}{13}} & {\frac{15}{23}} \\ \end{array} } \right] $$

$$ CI\, = \,{{(\lambda_{ \hbox{max} } \, - \,n)} \mathord{\left/ {\vphantom {{(\lambda_{ \hbox{max} } \, - \,n)} {(n\, - \,1}}} \right. \kern-0pt} {(n\, - \,1}}) $$

(4)

$$ {AW}\, = \,\lambda_{\hbox{max} } {W} $$

(5)

Table 3. Comparison of business importance assessment attribute indexes

Using entropy value to modify the objective weight provides a more reliable basis for the evaluation of business importance. The objective weight is calculated in Eq. (6)–(8).

$$ S_{ij} \, = \,{{r_{ij} } \mathord{\left/ {\vphantom {{r_{ij} } {\sum\limits_{i = 1}^{m} {r_{ij} } }}} \right. \kern-0pt} {\sum\limits_{i = 1}^{m} {r_{ij} } }} $$

(6)

$$ e_{j} \, = \, - k\sum\limits_{j = 1}^{n} {S_{ij} } \ln S_{ij} ,\,j\, = \,1,\,2\, \cdots \,,\,n $$

(7)

$$ w_{j} \, = \,1\, - \,{{e_{j} } \mathord{\left/ {\vphantom {{e_{j} } {\sum\limits_{j = 1}^{n} {(1\, - \,} }}} \right. \kern-0pt} {\sum\limits_{j = 1}^{n} {(1\, - \,} }}e_{j} ) $$

(8)

Where S_ij is the proportion of each indicator of each node in Eq. (6). In Eq. (7), e_j is the information entropy of the j-th index. The objective weight of each attribute is obtained, which are defined as \( {\text{w}}_{ 1}^{\text{A}} \), \( {\text{w}}_{ 2}^{\text{A}} \), \( {\text{w}}_{ 3}^{\text{A}} \).

Combined weight combines subjective weight and objective weight Firstly, weight matrix Y is constructed based on the subjective and the objective method. The combined weight of attributes is calculated by (9)–(11), which is defined as \( {\text{w}}_{\text{z}}^{\text{A}} \), \( {\text{w}}_{\text{z}}^{\text{A}} \), \( {\text{w}}_{\text{z}}^{\text{A}} \).

$$ {\boldsymbol{Y}}\, = \,\left[ {\begin{array}{*{20}l} {w_{1}^{A} } \hfill & {w_{1}^{O} } \hfill \\ {} \hfill & {} \hfill \\ {w_{2}^{A} } \hfill & {w_{2}^{O} } \hfill \\ {} \hfill & {} \hfill \\ {w_{3}^{A} } \hfill & {w_{3}^{O} } \hfill \\ \end{array} } \right] $$

$$ [( {\boldsymbol R}^{T} {\boldsymbol Y})^{T} \,( {\boldsymbol R}^{T} {\boldsymbol Y})] {\boldsymbol X}^{ * } \, = \,\lambda_{\hbox{max} } {\boldsymbol X}^{ * } $$

(9)

$$ {\boldsymbol W}^{ * } \, = \, {\boldsymbol YX}^{ * } $$

(10)

$$ w_{i}^{z} \, = \,\left( {{{w_{1}^{ * } } \mathord{\left/ {\vphantom {{w_{1}^{ * } } {\sum\limits_{j = 1}^{3} {w_{j}^{ * } } }}} \right. \kern-0pt} {\sum\limits_{j = 1}^{3} {w_{j}^{ * } } }},\,{{w_{2}^{ * } } \mathord{\left/ {\vphantom {{w_{2}^{ * } } {\sum\limits_{j = 1}^{3} {w_{j}^{ * } } }}} \right. \kern-0pt} {\sum\limits_{j = 1}^{3} {w_{j}^{ * } } }},\,{{w_{3}^{ * } } \mathord{\left/ {\vphantom {{w_{3}^{ * } } {\sum\limits_{j = 1}^{3} {w_{j}^{ * } } }}} \right. \kern-0pt} {\sum\limits_{j = 1}^{3} {w_{j}^{ * } } }}} \right) $$

(11)

$$ {\boldsymbol C}\, = \,w_{i}^{z} \, \times \, {\boldsymbol R} $$

(12)

\( \lambda_{ \hbox{max} } \), \( \varvec{X}^{\varvec{*}} \) are the largest eigenvalue and the largest eigenvector of respectively in the Eq. (9).The standardized decision matrix C of node importance combined weight is calculated by Eq. (12).

3 Decision Module and Analysis Module

3.1 Decision Module

The business importance coefficient is calculated and sorted based on the AE-VIKOR method in the module. AE-VIKOR method improves the evaluation attribute weight of the VIKOR method by combined weighting in the data operation module. VIKOR method is one of the common methods of the multi attribute decision model. The method considers both the maximum group utility and the minimum individual regret effect of the object, it focuses on ranking and selecting from a set of alternatives, and determines compromise solutions for a problem with conflicting criteria, which can help the decision-makers to reach a final decision. TOPSIS (Technique for Order Performance by Similarity to Ideal Solution) [11] is also one of the classic multi attribute evaluation methods. AE-VIKOR and TOPSIS are compared by experiments. The maximum group utility value is measured by U_i, the minimum individual regret effect value is calculated by K_i, and Q_i is decision value calculated by the Eq. (13)–(15), v is the coefficient of decision-making mechanism, v = 1/2.

$$ U_{i} \, = \,\sum\limits_{i = 1}^{3} {w_{i}^{z} } c_{ij} $$

(13)

$$ K_{i} \, = \,\mathop {\hbox{max} }\nolimits_{i} (w_{i}^{z} c_{ij} ) $$

(14)

$$ Q_{i} \, = \,v({{U_{i} \, - \,U^{*} )} \mathord{\left/ {\vphantom {{U_{i} \, - \,U^{*} )} {(U^{ - } \, - \,U^{*} )\, + \,}}} \right. \kern-0pt} {(U^{ - } \, - \,U^{*} )\, + \,}}(1\, - \,v)({{K_{i} \, - \,K^{*} )} \mathord{\left/ {\vphantom {{K_{i} \, - \,K^{*} )} {(K^{ - } \, - \,K^{*} )}}} \right. \kern-0pt} {(K^{ - } \, - \,K^{*} )}} $$

(15)

Where \( U^{*} \, = \,\min_{i} U_{i} \), \( U^{ - } \, = \,\max_{i} U_{i} \), \( K^{*} \, = \,\min_{i} \,K_{i} \), \( K^{ - } = \max_{i} K_{i} \).

AE-VIKOR method is also a compromise ranking method, the feasible solution of which is closest to the ideal solution. Therefore, the AE-VIKOR method is without loss of generality to meet the following two conditions: Condition 1: Acceptable advantage. The first two nodes in sorting are Q_i, Q_j. The conditions shown in formula (16) need to be met. Condition 2: Acceptable stability. The importance coefficients of key business nodes rank first in U_i, K_i. If the above two conditions are met at the same time, the model recognition results are considered valid. Where m is the number of business nodes.

$$ Q_{i} \, - \,Q_{j} \, \ge \,{1 \mathord{\left/ {\vphantom {1 {(m\, - \,1}}} \right. \kern-0pt} {(m\, - \,1}}) $$

(16)

The value of Q_i calculated based on the AE-VIKOR method is the business importance coefficient. The key business node is the largest business importance coefficient. Through the calculation of the AE-VIKOR method, the business importance coefficient is between [0, 1].

3.2 Analysis Module

Information security is closely related to business continuity management in the Internet era. The relationship between information security and business continuity is shown in Fig. 2.

Fig. 2.

Relationship between information security and business continuity

The business continuity risk value is calculated by combining the importance coefficient of key business according to business user number, business average execution time of, and resource utilization in this paper. The maximum of business user’s numbers, average execution time and resource utilization are respectively set as u_max, t_max, r_max. When an information security event occurs, the number of business users, business execution time, and resource utilization rate at i time are defined as u_i, t_i, r_i and the business continuity risk value is calculated by Eq. (17)–(19).

$$ P_{i} \, = \,1\, - \,\frac{1}{3}\sum {{{(u_{i} ,\,r_{i} ,\,t_{i} )} \mathord{\left/ {\vphantom {{(u_{i} ,\,r_{i} ,\,t_{i} )} {(u_{\hbox{max} } ,\,r_{\hbox{max} } ,\,t_{\hbox{max} } )}}} \right. \kern-0pt} {(u_{\hbox{max} } ,\,r_{\hbox{max} } ,\,t_{\hbox{max} } )}}} $$

(17)

$$ \Delta P\, = \,P_{1} \, - \,P_{2} $$

(18)

$$ L\, = \,Q_{i} \,*\,\Delta P $$

(19)

Where, the business importance coefficient is Q_i, L is the business continuity risk value. \( \Delta P \) is between 0 and 1, and the business importance coefficient is between 0 and 1, business continuity risk is classified according to business continuity risk value. When the risk value of business continuity is higher than 0.15, it is considered that business continuity is at higher risk. The business risk value is between 0 and 0.15, so the business continuity risk level table is shown in Table 4 below.

Table 4. The risk level of business continuity

4 Experimental Results and Analysis

4.1 Calculate the Business Importance Coefficient

The civil aviation industry is one of the key industries of information security. Therefore, the experimental object is the civil aviation departure control business process. Its business process is shown in Fig. 3.

Fig. 3.

Departure control business

All businesses in the departure business process are extracted into nodes to form the business node set to be evaluated, which is recorded as N = {n₁, n₂, n₃, n₄, n₅, n₆, n₇, n₈, n₉}.respectively represents every business in departure control system in Fig. 3. The decision matrix of node importance is formed by the node and the attributes of each node. According to the assignment of node attribute indicators in the data module, the assignment of departure business node importance attribute indicators is shown in Table 5 The standardized node importance decision matrix R is formed as follows.

$$ {R}\, = \,\left[ {\begin{array}{*{20}c} { 0. 2 9 1 7} & { 0. 4 3 3 0} & { 0. 1 9 6 1} \\ { 0. 4 3 7 6} & { 0. 2 8 8 7} & { 0. 1 9 6 1} \\ { 0. 2 9 1 7} & { 0. 4 3 3 0} & { 0. 3 9 2 2} \\ { 0. 5 8 3 5} & { 0. 4 3 3 0} & { 0. 5 8 8 3} \\ { 0. 1 4 5 9} & { 0. 2 8 8 7} & { 0. 3 9 2 2} \\ { 0. 2 9 1 7} & { 0. 2 8 8 7} & { 0. 3 9 2 2} \\ { 0. 1 4 5 9} & { 0. 2 8 8 7} & { 0. 1 9 6 1} \\ { 0. 2 9 1 7} & { 0. 1 4 4 3} & { 0. 1 9 6 1} \\ { 0. 2 9 1 7} & { 0. 2 8 8 7} & { 0. 1 9 6 1} \\ \end{array} } \right] $$

Table 5. Assignment table of the important attribute index of departure business nodes

The subjective weight is w^A= {0.1062, 0.2605, 0.6333}, which calculated by the AHP method. According to the objective weight calculated by the Entropy method in Sect. 2.2 is w^O = {0.3273, 0.3298, 0.3429}, the combined weight of the two is w^Z = {0.2228, 0.2756, 0.5016}. The importance coefficient of departure business node is calculated as D_i = {0.1975, 0.1464, 0.5199, 1.000, 0.4844, 0.4947, 0.1048, 0.057, 0.1176} by the AE-VIKOR. It can be seen that the most important factor of n₄ the node is that check-in is the key business of the departure control system.

4.2 Business Continuity Analysis and Risk Assessment

The maximum number of business users, average execution time, and resource utilization rate of the passenger check-in system at T₀ time are respectively corresponding to 1000, 10 s, and 90%. After the information security event occurs in the check-in system at T₀ time, the check-in system data within 1 h can be obtained through monitoring. The loading system is specially monitored and obtained to compare with the check-in system. Table 6 shows the execution of the check-in business system after the information security event.

Table 6. Execution of the check-in business system after an information security event

It can be seen from Fig. 4 that the business continuity risk value of check-in business increases rapidly after T₀ time, while that of the loading business is relatively slow compared with the check-in business. At T₄ time, the check-in business continuity risk is close to the higher risk, and the loading business continuity at T₄ time is medium. Therefore, the experiment further proves the validity and accuracy of the model.

Fig. 4.

Business continuity analysis of check-in and loading business

4.3 Comparison of Key Business Identification Methods

In this paper, the AE-VIKOR method is compared with the other four methods. The calculation method and business node ranking of business nodes are shown in Fig. 5 As can be seen from Fig. 5, the AE-VIKOR method is more accurate than the other four methods.

Fig. 5.

Different methods used to calculate nodes importance

A combined weight to improve the attribute weight in the AE-VIKOR method used to calculate the business importance coefficient to ensure the accuracy of the results to facilitate the analysis and management of business continuity.

5 Conclusion

The attribute weight is improved by the combined weight and the AE-VIKOR method is used to identify the key business node in this paper. Business continuity risk assessment is carried out by analyzing the key business node’s impact on business continuity. The experimental results show that the key business node identification model based on the AE-VIKOR method is more accurate, and the business continuity risk assessment is carried out reasonably. The next step is to analyze the impact of key business on business recovery priority after information security events occur in the system, and further improve the recognition ability and adaptive ability of the model.