A Risk Integration Framework for the Service-Oriented Enterprise

Enterprisearchitecturemanagementprovidesthemechanismforgoverningenterprisetransformations requiredbychangesintheenvironment.Inthisarticle,theauthorsfocusonchangesthatresultfromthe analysisofinformationsystemrisksandoftheirimpactsontheservicesdeliveredbytheenterprise. Theauthorspresenthowtheconceptsofaninformationsystemrisksmanagementdomaincanbe integratedintotheArchiMateenterprisearchitecturemodellinglanguage.Thisarticleapproachesthe conceptualintegrationintwodesigncycles:first,thisarticlewillconsiderinformationsecurityrisks, andthentheauthorsgeneralizetoinformationsystemrisks.Additionally,theauthorsillustratethe applicationoftheproposedapproachanddemonstratethebenefitsoftheintegratedmodelthrough thehandlingofacasestudy,firstinthedomainofinformationsecurity,andtheninthedomainof informationprivacy.Thegeneralizedrisk-orientedEAmodelleadstoariskintegrationframework fortheservice-orientedenterprise. KEywORdS ArchiMate, Enterprise Architecture, Enterprise Model Integration, Information Security Risk Management, Information System, Privacy Management, Risk Management

[1]  Nicolas Mayer,et al.  Sector-Based Improvement of the Information Security Risk Management Process in the Context of Telecommunications Regulation , 2013, EuroSPI.

[2]  Eric S. K. Yu,et al.  A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities , 2010, Requirements Engineering.

[3]  Ulrich Frank,et al.  Components of a multi-perspective modeling method for designing and managing IT security systems , 2016, Inf. Syst. E Bus. Manag..

[4]  Naomi B. Lefkovitz,et al.  An Introduction to Privacy Engineering and Risk Management in Federal Systems , 2017 .

[5]  Haralambos Mouratidis,et al.  Syntactic and Semantic Extensions to Secure Tropos to Support Security Risk Management , 2012, J. Univers. Comput. Sci..

[6]  José Luis Borbinha,et al.  Manage Risks through the Enterprise Architecture , 2012, 2012 45th Hawaii International Conference on System Sciences.

[7]  Nicolas Mayer,et al.  Towards the ENTRI Framework: Security Risk Management Enhanced by the Use of Enterprise Architectures , 2015, CAiSE Workshops.

[8]  Lou Schwartz,et al.  Participative Design of a Security Risk Reference Model: an Experience in the Healthcare Sector , 2015, PoEM.

[9]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[10]  Eric Dubois,et al.  Conceptual Integration of Enterprise Architecture Management and Security Risk Management , 2013, 2013 17th IEEE International Enterprise Distributed Object Computing Conference Workshops.

[11]  Nicolas Mayer,et al.  Integrating Security Risk Management into Business Process Management for the Cloud , 2014, 2014 IEEE 16th Conference on Business Informatics.

[12]  Christophe Feltus,et al.  Model-driven Approach for Privacy Management in Business Ecosystem , 2017, MODELSWARD.

[13]  Eric S. K. Yu,et al.  A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs , 2007, ER.

[14]  Frédéric Jouault,et al.  Model Driven Management of Complex Systems: Implementing the Macroscope's Vision , 2008, 15th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems (ecbs 2008).

[15]  Salvatore T. March,et al.  Design and natural science research on information technology , 1995, Decis. Support Syst..

[16]  Sandeep Purao,et al.  Action Design Research , 2011, MIS Q..

[17]  Anne Marsden,et al.  International Organization for Standardization , 2014 .

[18]  Piotr Szwed,et al.  A new lightweight method for security risk assessment based on fuzzy cognitive maps , 2014, Int. J. Appl. Math. Comput. Sci..

[19]  Nicolas Biri,et al.  JSMF: a Javascript Flexible Modelling Framework , 2016, FlexMDE@MoDELS.

[20]  Jeremy Hilton,et al.  A Reference Model of Information Assurance & Security , 2013, 2013 International Conference on Availability, Reliability and Security.

[21]  Paul P. Maglio,et al.  Steps Toward a Science of Service Systems , 2007, Computer.

[22]  Wilco Engelsman,et al.  Modeling enterprise risk management and security with the ArchiMate language , 2015 .