Towards the ENTRI Framework: Security Risk Management Enhanced by the Use of Enterprise Architectures

被引：6

作者：

Mayer, Nicolas ^{[1
]}

Grandry, Eric ^{[1
]}

Feltus, Christophe ^{[1
]}

Goettelmann, Elio ^{[1
]}

机构：

[1] Luxembourg Inst Sci & Technol, L-4362 Esch Sur Alzette, Luxembourg

来源：

ADVANCED INFORMATION SYSTEMS ENGINEERING WORKSHOPS, CAISE 2015 | 2015年 / 215卷

关键词：

Security risk management; Enterprise Architecture; Governance; Compliance;

D O I：

10.1007/978-3-319-19243-7_42

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the increasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and propose a research agenda towards a complete framework integrating both domains.

引用

页码：459 / 469

页数：11

共 50 条

[41] Enterprise Risk Management Framework and The Empirical Determinants of Its Implementation
Lai, Fong-Woon
Samad, Fazilah A.
BUSINESS AND ECONOMICS RESEARCH, 2011, 1 : 340 - +
[42] Towards Design and Development of a Data Security and Privacy Risk Management Framework for WBAN Based Healthcare Applications
Paul, Pangkaj Chandra
Loane, John
McCaffery, Fergal
Regan, Gilbert
APPLIED SYSTEM INNOVATION, 2021, 4 (04)
[43] IoT Security Risk Management: A Framework and Teaching Approach
Affia, Abasi-amefon O.
Nolte, Alexander
Matulevicius, Raimundas
INFORMATICS IN EDUCATION, 2023, 22 (04): : 555 - 588
[44] A risk management framework for security and integrity of networks and services
Mayer, Nicolas
Aubert, Jocelyn
JOURNAL OF RISK RESEARCH, 2021, 24 (08) : 987 - 998
[45] An Empirical Risk Management Framework for Monitoring Network Security
Awan, Malik Shahzad Kaleem
Burnap, Pete
Rana, Omer
CIT/IUCC/DASC/PICOM 2015 IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY - UBIQUITOUS COMPUTING AND COMMUNICATIONS - DEPENDABLE, AUTONOMIC AND SECURE COMPUTING - PERVASIVE INTELLIGENCE AND COMPUTING, 2015, : 1765 - 1772
[46] Towards a Systemic Approach for Information Security Risk Management
Naudet, Yannick
Mayer, Nicolas
Feltus, Christophe
PROCEEDINGS OF 2016 11TH INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, (ARES 2016), 2016, : 177 - 186
[47] Risk management in enterprise resource planning implementation: a new risk assessment framework
Dey, Prasanta Kumar
Clegg, Ben
Cheffi, Walid
PRODUCTION PLANNING & CONTROL, 2013, 24 (01) : 1 - 14
[48] Constructing Enterprise Information Network Security Risk Management Mechanism by Ontology
Liu, Fong-Hao
Lee, Wei-Tsong
JOURNAL OF APPLIED SCIENCE AND ENGINEERING, 2010, 13 (01): : 79 - 87
[49] Improving Information Security Through Risk Management and Enterprise Architecture Integration
Nather, Sarah
PROCEEDINGS OF THE 13TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY (ICCWS 2018), 2018, : 420 - 426
[50] HIPAA and information security risk: Implementing an enterprise-wide risk management strategy
Alberts, C
Dorofee, A
MEDICAL IMAGING 2001: PACS AND INTEGRATED MEDICAL INFORMATION SYSTEMS: DESIGN AND EVALUATION, 2001, 4323 : 97 - 108

← 1 2 3 4 5 →