Towards the ENTRI Framework: Security Risk Management Enhanced by the Use of Enterprise Architectures

被引：6

作者：

Mayer, Nicolas ^{[1
]}

Grandry, Eric ^{[1
]}

Feltus, Christophe ^{[1
]}

Goettelmann, Elio ^{[1
]}

机构：

[1] Luxembourg Inst Sci & Technol, L-4362 Esch Sur Alzette, Luxembourg

来源：

ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS, CAISE 2015 | 2015年 / 215卷

关键词：

Security risk management; Enterprise Architecture; Governance; Compliance;

D O I：

10.1007/978-3-319-19243-7_42

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the increasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and propose a research agenda towards a complete framework integrating both domains.

引用

页码：459 / 469

页数：11

共 50 条

[21] Overview of Information Security Management-Based on Enterprise Risk Management
She, Jing-Huai
Zhang, Run-Qiang
She, Yuan
Hou, Bing-Xin
INTERNATIONAL CONFERENCE ON COMPUTER NETWORKS AND INFORMATION SECURITY (CNIS 2015), 2015, : 384 - 387
[22] Towards a Knowledge-based Framework for Enterprise Content Management
Le Dinh, Thang
Rickenberg, Tim A.
Fill, Hans-Georg
Breitner, Michael H.
2014 47TH HAWAII INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES (HICSS), 2014, : 3543 - 3552
[23] Towards the Use of Formal Ontologies in Enterprise Architecture Framework Repositories
Gerber, Aurona
van der Merwe, Alta
ADVANCED TECHNOLOGIES AND TECHNIQUES FOR ENTERPRISE INFORMATION SYSTEMS, 2009, : 114 - 129
[24] Enterprise risk management in SMEs: Towards a structural model
Brustbauer, Johannes
INTERNATIONAL SMALL BUSINESS JOURNAL-RESEARCHING ENTREPRENEURSHIP, 2016, 34 (01): : 70 - 85
[25] Enterprise Risk Management and Value Creation: A Conceptual Framework
Sprcic, Danijela Milos
INNOVATION MANAGEMENT AND EDUCATION EXCELLENCE THROUGH VISION 2020, VOLS I -XI, 2018, : 1360 - 1368
[26] Towards flexible management in enterprise network: an enhanced routing protocol
Shu Yang
Yuanyuan He
Mingwei Xu
Yong Jiang
International Journal of Machine Learning and Cybernetics, 2018, 9 : 125 - 132
[27] Towards flexible management in enterprise network: an enhanced routing protocol
Yang, Shu
He, Yuanyuan
Xu, Mingwei
Jiang, Yong
INTERNATIONAL JOURNAL OF MACHINE LEARNING AND CYBERNETICS, 2018, 9 (01) : 125 - 132
[28] INFORMATION SECURITY MANAGEMENT FRAMEWORK SUITABILITY ESTIMATION FOR SMALL AND MEDIUM ENTERPRISE
Kauspadiene, Laima
Ramanauskaite, Simona
Cenys, Antanas
TECHNOLOGICAL AND ECONOMIC DEVELOPMENT OF ECONOMY, 2019, 25 (05) : 979 - 997
[29] IT Security Risk Management: An Early Assessment Framework
Sinclaire, Jollean K.
Simon, Judith C.
Campbell, Charles J.
Wilkes, Ronald B.
JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2011, 6 (04): : 248 - 261
[30] Towards the Development of a Data Security Risk Management Framework for Medical Device Software AI Models
Jayaneththi, Buddhika
McCaffery, Fergal
Regan, Gilbert
SYSTEMS, SOFTWARE AND SERVICES PROCESS IMPROVEMENT, EUROSPI 2024, PT I, 2024, 2179 : 216 - 230

← 1 2 3 4 5 →