An integrated conceptual model for information system security risk management supported by enterprise architecture management
| Autor: | Nicolas Mayer, Roel Wieringa, Christophe Feltus, Eric Grandry, Elio Goettelmann, Jocelyn Aubert |
|---|---|
| Jazyk: | angličtina |
| Rok vydání: | 2019 |
| Předmět: |
Process management
business.industry Process (engineering) Computer science Conceptual model (computer science) 020207 software engineering Usability 02 engineering and technology Domain model Information system security n/a OA procedure Domain (software engineering) Enterprise architecture management Modeling and Simulation 0202 electrical engineering electronic engineering information engineering Information system business Software Risk management |
| Zdroj: | Software and systems modeling, 18(3), 2285-2312. Springer |
| ISSN: | 1619-1366 |
| Popis: | Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full text from SpringerLink