Towards the ENTRI Framework: Security Risk Management Enhanced by the Use of Enterprise Architectures

被引：6

作者：

Mayer, Nicolas ^{[1
]}

Grandry, Eric ^{[1
]}

Feltus, Christophe ^{[1
]}

Goettelmann, Elio ^{[1
]}

机构：

[1] Luxembourg Inst Sci & Technol, L-4362 Esch Sur Alzette, Luxembourg

来源：

ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS, CAISE 2015 | 2015年 / 215卷

关键词：

Security risk management; Enterprise Architecture; Governance; Compliance;

D O I：

10.1007/978-3-319-19243-7_42

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the increasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and propose a research agenda towards a complete framework integrating both domains.

引用

页码：459 / 469

页数：11

共 50 条

[1] A Security Audit Framework for Security Management in the Enterprise
Onwubiko, Cyril
GLOBAL SECURITY, SAFETY, AND SUSTAINABILITY, PROCEEDINGS, 2009, 45 : 9 - 17
[2] Anomaly Detection System Towards a framework for enterprise log management of security services
Ozulku, Omer
Fadhel, Nawfal F.
Argles, David
Wills, Gary B.
2014 WORLD CONGRESS ON INTERNET SECURITY (WORLDCIS), 2014, : 97 - 102
[3] Towards an Integration of Information Security Management, Risk Management and Enterprise Architecture Management - a Literature Review
Diefenbach, Thomas
Lucke, Carsten
Lechner, Ulrike
11TH IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM 2019), 2019, : 326 - 333
[4] A System Framework of Security Management in Enterprise Systems
Wang, Feng
Ge, Baoshan
Zhang, Li
Chen, Yong
Xin, Yang
Li, Xiayuan
SYSTEMS RESEARCH AND BEHAVIORAL SCIENCE, 2013, 30 (03) : 287 - 299
[5] Virtual enterprise risk and security management
Feglar, T
ISC'2005: 3rd Industrial Simulation Conference 2005, 2005, : 145 - 149
[6] A Security Risk Assessment Framework for the Enterprise Intranet
Lou, Fang
Tian, Zhi-hong
Fu, Yun-sheng
2016 INTERNATIONAL CONFERENCE ON ELECTRICAL ENGINEERING AND AUTOMATION (ICEEA 2016), 2016,
[7] Pension Risk Management in the Enterprise Risk Management Framework
Lin, Yijia
MacMinn, Richard D.
Tian, Ruilin
Yu, Jifeng
JOURNAL OF RISK AND INSURANCE, 2017, 84 : 345 - 365
[8] From information security management to enterprise risk management
Stoll, Margareth
Lecture Notes in Electrical Engineering, 2015, 313 : 9 - 16
[9] Enterprise Risk Management and Information Systems Security Risk
Olson, David L.
Wu, Desheng
PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON RISK MANAGEMENT & GLOBAL E-BUSINESS, VOLS I AND II, 2009, : 1 - 5
[10] Enterprise Systems Security Management: a Framework for Breakthrough Protection
Farroha, Bassam S.
Farroha, Deborah L.
DEFENSE TRANSFORMATION AND NET-CENTRIC SYSTEMS 2010, 2010, 7707

← 1 2 3 4 5 →