An integrated conceptual model for information system security risk management supported by enterprise architecture management

被引:0
|
作者
Nicolas Mayer
Jocelyn Aubert
Eric Grandry
Christophe Feltus
Elio Goettelmann
Roel Wieringa
机构
[1] Luxembourg Institute of Science and Technology,
[2] University of Twente,undefined
来源
Software & Systems Modeling | 2019年 / 18卷
关键词
Risk management; Security; Enterprise architecture; ArchiMate;
D O I
暂无
中图分类号
学科分类号
摘要
Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.
引用
收藏
页码:2285 / 2312
页数:27
相关论文
共 50 条
  • [1] An integrated conceptual model for information system security risk management supported by enterprise architecture management
    Mayer, Nicolas
    Aubert, Jocelyn
    Grandry, Eric
    Feltus, Christophe
    Goettelmann, Elio
    Wieringa, Roel
    [J]. SOFTWARE AND SYSTEMS MODELING, 2019, 18 (03): : 2285 - 2312
  • [2] An Integrated Conceptual Model for Information System Security Risk Management and Enterprise Architecture Management Based on TOGAF
    Mayer, Nicolas
    Aubert, Jocelyn
    Grandry, Eric
    Feltus, Christophe
    [J]. PRACTICE OF ENTERPRISE MODELING, POEM 2016, 2016, 267 : 353 - 361
  • [3] Conceptual Integration of Enterprise Architecture Management and Security Risk Management
    Grandry, Eric
    Feltus, Christophe
    Dubois, Eric
    [J]. 17TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOCW 2013), 2013, : 114 - 123
  • [4] Enterprise architecture to enhance security and risk management of information systems
    School of Software, Tsinghua University, Beijing 100084, China
    [J]. Qinghua Daxue Xuebao, 2009, SUPPL. 2 (2073-2086):
  • [5] Conceptual Model of Enterprise Architecture Management
    Kotusev, Svyatoslav
    [J]. INTERNATIONAL JOURNAL OF COOPERATIVE INFORMATION SYSTEMS, 2017, 26 (03)
  • [6] Towards an Integration of Information Security Management, Risk Management and Enterprise Architecture Management - a Literature Review
    Diefenbach, Thomas
    Lucke, Carsten
    Lechner, Ulrike
    [J]. 11TH IEEE INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM 2019), 2019, : 326 - 333
  • [7] Improving Information Security Through Risk Management and Enterprise Architecture Integration
    Nather, Sarah
    [J]. PROCEEDINGS OF THE 13TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY (ICCWS 2018), 2018, : 420 - 426
  • [8] From information security management to enterprise risk management
    Stoll, Margareth
    [J]. Lecture Notes in Electrical Engineering, 2015, 313 : 9 - 16
  • [9] A conceptual model for enterprise risk management
    Almeida, Rafael
    Teixeira, Jose Miguel
    da Silva, Miguel Mira
    Faroleiro, Paulo
    [J]. JOURNAL OF ENTERPRISE INFORMATION MANAGEMENT, 2019, 32 (05) : 843 - 868
  • [10] Enterprise Integrated Knowledge Management System Conceptual Model: An Empirical Research
    Qi, Xiao-yan
    Hu, Han-hui
    Wang, Xiao-man
    [J]. 2008 4TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-31, 2008, : 11693 - 11698
12345