Improvement of Information System Security Risk Management

被引:0
|
作者
Abbass, Wissam [1 ]
Baina, Amine [1 ]
Bellafkih, Mostafa [1 ]
机构
[1] Natl Inst Posts & Telecommun INPT, STRS Lab, RAI2S Team, Rabat, Morocco
来源
2016 4TH IEEE INTERNATIONAL COLLOQUIUM ON INFORMATION SCIENCE AND TECHNOLOGY (CIST) | 2016年
关键词
Information system security risk management; Information system security risk management alignement; Security modeling; Entreprise Architecture Management; IT risk management;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The Information System Security Risk management (ISSRM) in organizations is ultimate for business success. ISSRM protects information availability, integrity, and privacy. However, this latter remains a difficult area to establish and maintain, especially in the environment of today's organizations where operations are conducted in a complex and interconnected context. The aim of this paper is to highlight the contribution of Enterprise Architecture Management (EAM) in order to improve ISSRM. When organization business services and strategic planning are aligned with proactive ISSRM activities, a well-defined strategy to reach business value is achieved. For this purpose, we will first explore risk management methods and security modeling languages to understand why EAM would be benefic. The contribution of this paper is an ISSRM model described by the constructs of ArchiMate, a well-known EAM modeling language.
引用
收藏
页码:182 / 187
页数:6
相关论文
共 50 条
  • [21] Security of Tax Management Information System
    Yan, Bo
    Chen, Yiyun
    Huang, Guangwen
    [J]. 2009 INTERNATIONAL CONFERENCE ON E-BUSINESS AND INFORMATION SYSTEM SECURITY, VOLS 1 AND 2, 2009, : 1162 - 1165
  • [22] An integrated conceptual model for information system security risk management supported by enterprise architecture management
    Mayer, Nicolas
    Aubert, Jocelyn
    Grandry, Eric
    Feltus, Christophe
    Goettelmann, Elio
    Wieringa, Roel
    [J]. SOFTWARE AND SYSTEMS MODELING, 2019, 18 (03): : 2285 - 2312
  • [23] An integrated conceptual model for information system security risk management supported by enterprise architecture management
    Nicolas Mayer
    Jocelyn Aubert
    Eric Grandry
    Christophe Feltus
    Elio Goettelmann
    Roel Wieringa
    [J]. Software & Systems Modeling, 2019, 18 : 2285 - 2312
  • [24] A Dependency analysis for Information Security and Risk Management
    Krishna, B. Chaitanya
    Subrahmanyam, Kodukula
    Kim, Tai-hoon
    [J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2015, 9 (08): : 205 - 210
  • [25] The Case for improvisation in information Security Risk Management
    Njenga, Kennedy
    Brown, Irwin
    [J]. E-GOVERNMENT, E-SERVICES AND GLOBAL PROCESSES, 2010, 334 : 220 - +
  • [26] INFORMATION SECURITY ASPECT OF OPERATIONAL RISK MANAGEMENT
    Zawila-Niedzwiecki, Janusz
    Byczkowski, Maciej
    [J]. FOUNDATIONS OF MANAGEMENT, 2009, 1 (02) : 45 - 60
  • [27] Information technology, security and risk management (paperback)
    Fitz-Gerald, S.
    [J]. JOURNAL OF THE OPERATIONAL RESEARCH SOCIETY, 2008, 59 (08) : 1146 - 1147
  • [28] Performance metrics for information security risk management
    Ryan, Julie J. C. H.
    Ryan, Daniel J.
    [J]. IEEE SECURITY & PRIVACY, 2008, 6 (05) : 38 - 44
  • [29] Information Chaos, Risk Management and Cyber Security
    Capek, Jan
    [J]. PROCEEDINGS OF THE 11TH INTERNATIONAL CONFERENCE ON STRATEGIC MANAGEMENT AND ITS SUPPORT BY INFORMATION SYSTEMS, 2015, : 36 - 45
  • [30] Information Security Risk Management for Air Transport
    Volner, Rudolf
    Volner, L'ubomir
    [J]. 2011 IEEE INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2011,
12345