Manage Risks through the Enterprise Architecture

The goal of Risk Management activities is to define prevention and control mechanisms to address the risks attached to specify activities and valuable assets. Many Risk Management efforts operate in silos with narrowly focused, functionally driven, and disjointed activities. That fact leads to a fragmented view of risks, where each activity uses its own language, customs and metrics. The lack of interconnection and holistic view of risks limits an organization-wide perception of risks, where interdependent risks are not anticipated, controlled or managed. In order to address the Risk Management interoperability and standardization issues, this paper proposes an alignment between Risk Management, Governance and Enterprise Architecture activities, providing a systematic support to map and trace identified risks to enterprise artifacts modeled within the Enterprise Architecture, supporting the overall strategy of any organization. We discuss the main relationships between Risk Management and Enterprise Architecture and propose an architecture to integrate risks concerns into the overall organization environment.

[1]  M. Varga Framework for Information Systems Architecture , 2003 .

[2]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[3]  Bernhard Rumpe,et al.  Evolving Software Architecture Descriptions of Critical Systems , 2010, Computer.

[4]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[5]  John A. Zachman,et al.  A Framework for Information Systems Architecture , 1987, IBM Syst. J..

[6]  Van Haren,et al.  TOGAF Version 9.1 , 2011 .

[7]  Stefano Biazzo,et al.  Process mapping techniques and organisational analysis: Lessons from sociotechnical system theory , 2002, Bus. Process. Manag. J..

[8]  Ian Sommerville,et al.  Software Engineering (7th Edition) , 2004 .

[9]  John Lane,et al.  IEEE Standard Computer Dictionary: Compilation of IEEE Standard Computer Glossaries , 1991 .

[10]  Annie I. Antón,et al.  Goal-based requirements analysis , 1996, Proceedings of the Second International Conference on Requirements Engineering.

[11]  James H. Lambert,et al.  Integration of risk identification with business process models , 2006 .

[12]  Makis Stamatelatos,et al.  Fault tree handbook with aerospace applications , 2002 .

[13]  S. Anand Enterprise Risk Management-Integrated Framework , 2012 .

[14]  Matt Nelson,et al.  Software Engineering Institute Capability Maturity Model , 2007, Information Security Management Handbook, 6th ed..

[15]  Stephen N. Luko,et al.  Risk Management Principles and Guidelines , 2013 .

[16]  Paolo Giorgini,et al.  Modelling Risk and Identifying Countermeasure in Organizations , 2006, CRITIS.

[17]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[18]  André Vasconcelos,et al.  Enterprise Architecture Modeling with the Unified Modeling Language , 2007 .

[19]  James H. Lambert,et al.  Integration of risk identification with business process models , 2006, Syst. Eng..

[20]  IEEE-SA Standards Board , 2000 .