An integrated conceptual model for information system security risk management supported by enterprise architecture management

N.  Mayer; E. Grandry; C. Feltus; E. Goettelmann; Roelf Johannes Wieringa

doi:10.1007/s10270-018-0661-x

An integrated conceptual model for information system security risk management supported by enterprise architecture management

N. Mayer (Corresponding Author)
, E. Grandry
, C. Feltus
, E. Goettelmann
, Roelf Johannes Wieringa

Research output: Contribution to journal › Article › Academic › peer-review

54 Citations (Scopus)

51 Downloads (Pure)

Abstract

Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.

Original language	English
Pages (from-to)	2285-2312
Number of pages	28
Journal	Software and systems modeling
Volume	18
Issue number	3
Early online date	13 Feb 2018
DOIs	https://doi.org/10.1007/s10270-018-0661-x
Publication status	Published - 1 Jun 2019

Keywords

Information system security
n/a OA procedure

Access to Document

10.1007/s10270-018-0661-x

Cite this

@article{d20784dc1ecc4d6682c423229122e515,

title = "An integrated conceptual model for information system security risk management supported by enterprise architecture management",

abstract = "Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.",

keywords = "Information system security, n/a OA procedure",

author = "N. Mayer and E. Grandry and C. Feltus and E. Goettelmann and Wieringa, \{Roelf Johannes\}",

year = "2019",

month = jun,

day = "1",

doi = "10.1007/s10270-018-0661-x",

language = "English",

volume = "18",

pages = "2285--2312",

journal = "Software and systems modeling",

issn = "1619-1366",

publisher = "Springer",

number = "3",

}

TY - JOUR

T1 - An integrated conceptual model for information system security risk management supported by enterprise architecture management

AU - Mayer, N.

AU - Grandry, E.

AU - Feltus, C.

AU - Goettelmann, E.

AU - Wieringa, Roelf Johannes

PY - 2019/6/1

Y1 - 2019/6/1

N2 - Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.

AB - Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.

KW - Information system security

KW - n/a OA procedure

U2 - 10.1007/s10270-018-0661-x

DO - 10.1007/s10270-018-0661-x

M3 - Article

SN - 1619-1366

VL - 18

SP - 2285

EP - 2312

JO - Software and systems modeling

JF - Software and systems modeling

IS - 3

ER -

An integrated conceptual model for information system security risk management supported by enterprise architecture management

Abstract

Keywords

Access to Document

Fingerprint

Cite this