An integrated conceptual model for information system security risk management supported by enterprise architecture management

N. Mayer (Corresponding Author), E. Grandry, C. Feltus, E. Goettelmann, Roelf Johannes Wieringa

    Research output: Contribution to journalArticleAcademicpeer-review

    33 Citations (Scopus)

    Abstract

    Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.
    Original languageEnglish
    Pages (from-to)2285-2312
    Number of pages28
    JournalSoftware and systems modeling
    Volume18
    Issue number3
    Early online date13 Feb 2018
    DOIs
    Publication statusPublished - 1 Jun 2019

    Keywords

    • Information system security
    • n/a OA procedure

    Fingerprint

    Dive into the research topics of 'An integrated conceptual model for information system security risk management supported by enterprise architecture management'. Together they form a unique fingerprint.

    Cite this