Affiliation:
1. Luxembourg Institute of Science and Technology (LIST), Luxembourg
Abstract
Enterprise architecture management provides the mechanism for governing enterprise transformations required by changes in the environment. In this article, the authors focus on changes that result from the analysis of information system risks and of their impacts on the services delivered by the enterprise. The authors present how the concepts of an information system risks management domain can be integrated into the ArchiMate enterprise architecture modelling language. This article approaches the conceptual integration in two design cycles: first, this article will consider information security risks, and then the authors generalize to information system risks. Additionally, the authors illustrate the application of the proposed approach and demonstrate the benefits of the integrated model through the handling of a case study, first in the domain of information security, and then in the domain of information privacy. The generalized risk-oriented EA model leads to a risk integration framework for the service-oriented enterprise.
Reference38 articles.
1. Band, I., Engelsman, W., Feltus, C., Paredes, S. J., Hietala, J., Jonkers, H., & Massart, S. (2015). Modeling Enterprise Risk Management and Security with the ArchiMate Language (White Paper WP150). The Open Group.
2. Manage Risks through the Enterprise Architecture
3. Barbero, M., Jouault, F., & Bézivin, J. (2008). Model driven management of complex systems: Implementing the macroscope’s vision. In Engineering of Computer Based Systems.
4. Brooks, S., Brooks, S., Garcia, M., Lefkovitz, N., Lightman, S., & Nadeau, E. (2017). An introduction to privacy engineering and risk management in federal systems. US Department of Commerce, National Institute of Standards and Technology.
5. Cherdantseva, Y., & Hilton, J. (2013). A Reference Model of Information Assurance & Security. In Availability, Reliability and Security (ARES).