This document discusses conceptualizing an integration between Enterprise Architecture Management (EAM) and Information System Security Risk Management (ISSRM). It proposes mapping concepts from an ISSRM domain model to the ArchiMate enterprise architecture modeling language. This would allow security risks and their impacts on business services to be represented and analyzed within an enterprise's architecture. Key concepts from ISSRM like assets, security goals, risks and treatments are mapped to equivalent concepts in ArchiMate's business, application and technology layers. The mapping is meant to support a risk-oriented design of an enterprise architecture that meets business services' security goals.
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES ijwscjournal
Information security covers many areas within an enterprise. Each area has security vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and
provide better protection. The fundamental concepts in information security are the security model, which outlines how security is to be implemented. A security policy outlines how data is accessed, what level of security is required, and what actions should be taken when these requirements are not met. A security model is a statement that outlines the requirements necessary to properly support and implement a certain security policy. An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policy makers into a set of rules that are to be followed by a computer system. In the paper we propose a model driven security assessment and verification for business service. The Security Assessment and Verification verifies whether the Application and Services are secure based on the Service Level Agreement and generates the report on the level of security features. It is designed to help business owners, operators and staff to assess the security of their business. It covers potential areas of vulnerability, and provides suggestions for adapting your security to reduce the risk of crime against your business. A security policy states that no one from a lower security level should be able to view or modify information at a higher security level, the supporting security model will outline the necessary logic and rules that need to be implemented to
ensure that under no circumstances can a lower-level subject access a higher-level object in an unauthorized manner. The security policy is an abstract term that represents the objectives and goals a system must meet and accomplish to be deemed secure and acceptable.
RANKING CRITERIA OF ENTERPRISE INFORMATION SECURITY ARCHITECTURE USING FUZZY ...ijcsit
This document summarizes a research study that aimed to identify and prioritize important criteria for enterprise information security architecture (EISA) using a fuzzy TOPSIS method. The researchers first reviewed literature on EISA frameworks and extracted major criteria across dimensions like standards, policies, infrastructure, user training, risk assessment, and compliance. They designed a questionnaire to rate the criteria and analyzed the responses from 15 information security experts using fuzzy TOPSIS. The results showed that database/database security, internal software security, electronic data exchange security, and malware monitoring were high priority criteria for effective EISA.
Ea Relationship To Security And The Enterprise V1pk4
The document discusses different frameworks and methodologies for enterprise architecture (EA) and enterprise security architecture (SA). EA focuses on optimizing business value through mapping business activities, while SA focuses on protecting business assets through a balanced security program. SA goals depend on an organization's risk management culture, which can range from generative to bureaucratic to pathologic. The document provides examples of using the TOGAF and Federal EA frameworks to structure SA.
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
Several constraints, such as business, financial, and legal can lead organizations to outsource some of their IT services. Consequently, this might introduce different security risks to major security services such as confidentiality, integrity and availability. Analysing and managing the potential security risks in the early stages of project execution allows organizations to avoid or minimize such security risks. In this paper, we propose an approach that is capable of managing the security and compliance risks of outsourced IT projects. Such an approach aims to allow organizations to minimize, mitigate, or eliminate security risks in the early stages of project execution. It is designed to manage variation in security requirements, as well as provide a methodology to guide organizations for the purpose of security management and implementation
Enterprise Information Security Architecture_Paper_1206Apoorva Ajmani
1) The document discusses Enterprise Information Security Architecture (EISA), which provides a comprehensive approach to implement security architecture across an enterprise aligned with business objectives.
2) Implementing EISA has advantages like protecting the organization from cyber threats by identifying vulnerabilities, integrating security tools, and boosting stakeholder confidence, but faces challenges like identifying all organizational assets, prioritizing investments, customizing security tools to business processes, and changing organizational strategy.
3) The key steps to implement EISA include conducting a current state assessment, identifying critical assets and threats, designing and testing risk treatment plans and security controls, and periodically reviewing and updating the architecture.
Information Security Management System: Emerging Issues and ProspectIOSR Journals
This document discusses information security management systems (ISMS). It begins by defining ISMS as a collection of policies related to information technology risks and information security management. It notes that while many organizations have implemented ISMS frameworks focused on technology, information security also needs to be addressed at the organizational and strategic level. The document then provides an overview of common elements of ISMS, including risk assessment, policy development, and implementation. It discusses the impact of networks and the internet in driving increased focus on information security. In summary, the document outlines key concepts regarding ISMS and argues the need for holistic ISMS approaches in organizations.
This document discusses challenges with access rights management for information systems due to growing complexity from distributed systems and dynamic environments. It proposes an agent-based framework called SIM that focuses on aligning access policies with business objectives by linking them to processes and responsibilities defined in the ISO/IEC 15504 standard. The goals are to define policies based on business needs and automatically deploy them through IT infrastructure using a multi-agent system architecture.
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
The document discusses information security governance concepts. It defines information security governance as a job practice area that establishes policies and procedures to align information security strategies with business goals. The key tasks within this area include establishing an information security strategy and governance framework, developing security policies, and defining roles and responsibilities. Effective information security governance provides benefits such as reducing security risks and incidents, enhancing customer trust, and ensuring policy compliance. Senior management support is important for information security governance to be implemented successfully.
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES ijwscjournal
Information security covers many areas within an enterprise. Each area has security vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and
provide better protection. The fundamental concepts in information security are the security model, which outlines how security is to be implemented. A security policy outlines how data is accessed, what level of security is required, and what actions should be taken when these requirements are not met. A security model is a statement that outlines the requirements necessary to properly support and implement a certain security policy. An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policy makers into a set of rules that are to be followed by a computer system. In the paper we propose a model driven security assessment and verification for business service. The Security Assessment and Verification verifies whether the Application and Services are secure based on the Service Level Agreement and generates the report on the level of security features. It is designed to help business owners, operators and staff to assess the security of their business. It covers potential areas of vulnerability, and provides suggestions for adapting your security to reduce the risk of crime against your business. A security policy states that no one from a lower security level should be able to view or modify information at a higher security level, the supporting security model will outline the necessary logic and rules that need to be implemented to
ensure that under no circumstances can a lower-level subject access a higher-level object in an unauthorized manner. The security policy is an abstract term that represents the objectives and goals a system must meet and accomplish to be deemed secure and acceptable.
RANKING CRITERIA OF ENTERPRISE INFORMATION SECURITY ARCHITECTURE USING FUZZY ...ijcsit
This document summarizes a research study that aimed to identify and prioritize important criteria for enterprise information security architecture (EISA) using a fuzzy TOPSIS method. The researchers first reviewed literature on EISA frameworks and extracted major criteria across dimensions like standards, policies, infrastructure, user training, risk assessment, and compliance. They designed a questionnaire to rate the criteria and analyzed the responses from 15 information security experts using fuzzy TOPSIS. The results showed that database/database security, internal software security, electronic data exchange security, and malware monitoring were high priority criteria for effective EISA.
Ea Relationship To Security And The Enterprise V1pk4
The document discusses different frameworks and methodologies for enterprise architecture (EA) and enterprise security architecture (SA). EA focuses on optimizing business value through mapping business activities, while SA focuses on protecting business assets through a balanced security program. SA goals depend on an organization's risk management culture, which can range from generative to bureaucratic to pathologic. The document provides examples of using the TOGAF and Federal EA frameworks to structure SA.
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
Several constraints, such as business, financial, and legal can lead organizations to outsource some of their IT services. Consequently, this might introduce different security risks to major security services such as confidentiality, integrity and availability. Analysing and managing the potential security risks in the early stages of project execution allows organizations to avoid or minimize such security risks. In this paper, we propose an approach that is capable of managing the security and compliance risks of outsourced IT projects. Such an approach aims to allow organizations to minimize, mitigate, or eliminate security risks in the early stages of project execution. It is designed to manage variation in security requirements, as well as provide a methodology to guide organizations for the purpose of security management and implementation
Enterprise Information Security Architecture_Paper_1206Apoorva Ajmani
1) The document discusses Enterprise Information Security Architecture (EISA), which provides a comprehensive approach to implement security architecture across an enterprise aligned with business objectives.
2) Implementing EISA has advantages like protecting the organization from cyber threats by identifying vulnerabilities, integrating security tools, and boosting stakeholder confidence, but faces challenges like identifying all organizational assets, prioritizing investments, customizing security tools to business processes, and changing organizational strategy.
3) The key steps to implement EISA include conducting a current state assessment, identifying critical assets and threats, designing and testing risk treatment plans and security controls, and periodically reviewing and updating the architecture.
Information Security Management System: Emerging Issues and ProspectIOSR Journals
This document discusses information security management systems (ISMS). It begins by defining ISMS as a collection of policies related to information technology risks and information security management. It notes that while many organizations have implemented ISMS frameworks focused on technology, information security also needs to be addressed at the organizational and strategic level. The document then provides an overview of common elements of ISMS, including risk assessment, policy development, and implementation. It discusses the impact of networks and the internet in driving increased focus on information security. In summary, the document outlines key concepts regarding ISMS and argues the need for holistic ISMS approaches in organizations.
This document discusses challenges with access rights management for information systems due to growing complexity from distributed systems and dynamic environments. It proposes an agent-based framework called SIM that focuses on aligning access policies with business objectives by linking them to processes and responsibilities defined in the ISO/IEC 15504 standard. The goals are to define policies based on business needs and automatically deploy them through IT infrastructure using a multi-agent system architecture.
Information Security Governance: Concepts, Security Management & MetricsMarius FAILLOT DEVARRE
The document discusses information security governance concepts. It defines information security governance as a job practice area that establishes policies and procedures to align information security strategies with business goals. The key tasks within this area include establishing an information security strategy and governance framework, developing security policies, and defining roles and responsibilities. Effective information security governance provides benefits such as reducing security risks and incidents, enhancing customer trust, and ensuring policy compliance. Senior management support is important for information security governance to be implemented successfully.
Future internet articleermoctave a risk management fraarnit1
This document introduces a new risk management framework called ERMOCTAVE for assessing risks associated with adopting cloud computing. ERMOCTAVE combines two existing risk management methods - Enterprise Risk Management (ERM) and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) - to provide a more comprehensive approach. The framework distributes ERM components across the three phases of the OCTAVE method. A case study is presented to demonstrate how ERMOCTAVE can be applied to assess risks when migrating systems to the Microsoft Azure cloud.
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
The goal of information security governance is to establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.
The document proposes an agent-based architecture for multi-level security incident reaction in distributed telecommunication networks. The architecture has three levels: a low level interface with the infrastructure, an intermediate level using multi-agent systems to correlate alerts and deploy reactions across domains, and a high level for global supervision and policy management. The architecture was designed based on requirements like scalability, availability, autonomy, and robust reaction and alert management across distributed systems. It was successfully tested for implementing data access control policies.
CONTEXT, CONTENT, PROCESS” APPROACH TO ALIGN INFORMATION SECURITY INVESTMENTS...ijsptm
Today business environment is highly dependent on complex technologies, and information is considered
an important asset. Organizations are therefore required to protect their information infrastructure and
follow an inclusive risk management approach. One way to achieve this is by aligning the information
security investment decisions with respect to organizational strategy. A large number of information
security investment models have are in the literature. These models are useful for optimal and cost-effective
investments in information security. However, it is extremely challenging for a decision maker to select one
or combination of several models to decide on investments in information security controls. We propose a
framework to simplify the task of selecting information security investment model(s). The proposed
framework follows the “Context, Content, Process” approach, and this approach is useful in evaluation
and prioritization of investments in information security controls in alignment with the overall
organizational strategy.
This document discusses staffing the information security function within an organization. It covers placing the security function within the organizational structure, qualifications for security positions, and key information security roles. The main security roles discussed are the Chief Information Security Officer, Security Manager, and Security Technician. The CISO manages the overall security program, the manager oversees day-to-day operations, and the technician focuses on technical implementation and troubleshooting of security controls. Qualifications for security roles can include a technical background, understanding of business operations, and strong communication and policy development skills.
An overview of Enterprise Security Architecture (ESA), with a brief description of its key elements: TRA/PIA, Threat Modeling, Security Controls, Risk Assessment and Security Debt.
Personnel security involves managing the risks of employees exploiting their access to an organization's assets or premises for unauthorized purposes. It is important to maintain personnel security throughout employment through pre-employment screening, effective management, clear communication, and building a strong security culture. Personnel security also includes managing employees leaving the organization. When applied consistently, personnel security reduces vulnerabilities and helps build a beneficial security culture. It aims to employ reliable staff, minimize risks of employees becoming unreliable, and detect and address suspicious behavior. Personnel security risk assessments focus on individuals, their access, potential risks, and adequacy of countermeasures to inform security practices.
The document discusses mobile security and provides recommendations for organizations. It covers the following key points:
1. Mobility has introduced new security risks as the traditional network perimeter is broken and devices are used outside an organization's control. This includes risks from lost devices, insecure networks, overlap of personal and work usage, and cloud data storage.
2. A layered mobile security strategy is recommended, with security controls embedded in policies, infrastructure, applications, and data. Organizations should define acceptable usage policies and deploy mobile device management to monitor compliance.
3. Application security is also important, with recommendations to use secure development practices, test apps for vulnerabilities, and encrypt sensitive data. A defense-in-depth approach combining
This document discusses different methodologies for access control and their interactions. It begins by introducing access control as a major security component for organizations to implement regulatory constraints. It then describes several common access control models in more detail, including Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-Based Access Control (RBAC). MAC controls access based on a system-wide security policy, while DAC allows individual users some control over access permissions. The document analyzes advantages and limitations of each model and their suitability for different environments.
The document discusses the key participants and their responsibilities in developing an effective information security strategy. The three main participants are:
1. The board of directors/senior management who identify critical information assets and ensure strategy alignment with business objectives. Their responsibilities include approving policies and monitoring strategy implementation.
2. The executive management/steering committee who lead strategy implementation, ensure resource availability, and provide communication across stakeholders.
3. The chief information security officer/information security manager who develops security action plans, policies, and standards. They implement security programs and perform monitoring and reporting.
The information security strategy aims to securely protect information assets by aligning with business goals and moving security from its current to desired state through policies
The document discusses the challenges faced by corporate privacy departments and how they can better align with other business functions. It recommends that privacy departments find synergies with information security, product development, legal and other teams. It provides examples of how privacy can collaborate with different departments on tasks like product analysis, incident response and metrics. The document also outlines good practices for privacy programs, such as using recognized frameworks, conducting privacy assessments and demonstrating value through objective metrics.
Privacy Protection in Distributed Industrial Systemiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Regular technical testing also helps evaluate security weaknesses impacting data protection.
Strategies for assessing cloud securityArun Gopinath
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Thorough testing also examines network and application vulnerabilities from an attacker's perspective.
Yearly Achievement, Plan SS Securitym before and after.Louison Malu-Malu
Plan South Sudan did not previously have a formalized security management system in place. They have since established a comprehensive security system that includes continuously assessing risks, developing security plans and procedures, providing security training to staff, establishing communication systems, and ensuring security measures are in place at offices and facilities. The new security management system aims to reduce vulnerabilities by implementing recommendations from risk assessments and adapting plans based on changes in the security environment.
The document discusses strategies for moving beyond tokenism and promoting full participation and inclusion of self-advocates on boards. It provides 10 tools for boards including providing hospitality, orientation and training, defining roles, reviewing agendas in advance, ensuring accessible materials and communication, and establishing supportive policies. The overall goal is to help self-advocates feel respected, listened to, and able to contribute and influence decisions.
Modeling Enterprise Risk Management and Security with the ArchiMate LanguageIver Band
The document provides an overview of how the ArchiMate modeling language can be used to model enterprise risk management and security concepts and relationships. It summarizes relevant risk and security standards and frameworks and extracts a set of core concepts. It then demonstrates how these concepts can be modeled using the ArchiMate language by mapping the concepts to ArchiMate elements and including examples from case studies. The document concludes that the ArchiMate language allows for modeling of the majority of common risk and security concepts and their relationships to other enterprise architecture concepts.
This Case Study demonstrates the value of the ArchiMate® 2.1 modeling language for planning and expressing complex business transformation. The Case Study is about a fictitious manufacturer named ArchiMetal. Through high-level architecture modeling, the ArchiMate language illuminates the coherence between an organization, and its processes, applications, and infrastructure. This Case Study presents examples of ArchiMate models that can be elaborated as necessary for analysis, communication, decision support, and implementation.
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
IBM Pulse 2012 presentation by Alex Ivkin (Prolifics) and Grey Thrasher (IBM)
Synthesizing the business view of IT resources with the technical implementation of Role Based Access Control remains one of the toughest challenges in Identity Management today. We will walk through a real-world use case to understand how organizations can utilize the new IBM Role and Policy Modeler (RaPM) tool to discover essential business relationships and map them to IT access permissions, creating the schema for a comprehensive RBAC system. We will explain how the design criteria provided by RaPM has enabled the foundation of a comprehensive Identity and Role Lifecycle Management structure. The follow-on implementation of an RBAC system in the Identity Provisioning platform, IBM Tivoli Identity Manager, will be explored, as well as how this organization is automating access privileges, simplifying internal security controls and reducing the complexity of audit and compliance enforcement.
An Enterprise Risk Management (ERM) programme can help organizations achieve strategic objectives more effectively by taking a systematic approach to identifying, assessing, and addressing risks across the whole organization rather than operating in silos. Key aspects of an effective ERM programme include linking risk strategy to business strategy, establishing clear risk management responsibilities, and using risk information to improve decision-making and investment choices. Regular risk assessment and monitoring can optimize risk management and control activities while supporting organizational learning and competitiveness.
In today’s global and complex business environment, security is a major issue for any organization. All organizations should have the capability to plan and respond to incidents and business disruptions. Business continuity management is part of information security management and the process of Business continuity management (BCM) can meet these needs. Indeed, Business Continuity refers to the ability of a business to continue its operations even if some sort of failure or disaster occurs. Business continuity management (BCM) requires a holistic approach that considers technological and organizational aspects. Besides, Enterprise architecture (EA) is a comprehensive view of organizational architecture, business, and technology architecture and their relationships. EA is also considered by several studies as a foundation for BC and security management. Our research aims at studying how BCM aspect can be embedded into the enterprise architecture. In this sense, this paper proposes a metamodel and an implementation method that considers BC in the design and implementation of EA.
Future internet articleermoctave a risk management fraarnit1
This document introduces a new risk management framework called ERMOCTAVE for assessing risks associated with adopting cloud computing. ERMOCTAVE combines two existing risk management methods - Enterprise Risk Management (ERM) and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) - to provide a more comprehensive approach. The framework distributes ERM components across the three phases of the OCTAVE method. A case study is presented to demonstrate how ERMOCTAVE can be applied to assess risks when migrating systems to the Microsoft Azure cloud.
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
The goal of information security governance is to establish and maintain a framework to provide assurance that information security strategies are aligned with the business objectives and consistent with applicable laws and regulations.
The document proposes an agent-based architecture for multi-level security incident reaction in distributed telecommunication networks. The architecture has three levels: a low level interface with the infrastructure, an intermediate level using multi-agent systems to correlate alerts and deploy reactions across domains, and a high level for global supervision and policy management. The architecture was designed based on requirements like scalability, availability, autonomy, and robust reaction and alert management across distributed systems. It was successfully tested for implementing data access control policies.
CONTEXT, CONTENT, PROCESS” APPROACH TO ALIGN INFORMATION SECURITY INVESTMENTS...ijsptm
Today business environment is highly dependent on complex technologies, and information is considered
an important asset. Organizations are therefore required to protect their information infrastructure and
follow an inclusive risk management approach. One way to achieve this is by aligning the information
security investment decisions with respect to organizational strategy. A large number of information
security investment models have are in the literature. These models are useful for optimal and cost-effective
investments in information security. However, it is extremely challenging for a decision maker to select one
or combination of several models to decide on investments in information security controls. We propose a
framework to simplify the task of selecting information security investment model(s). The proposed
framework follows the “Context, Content, Process” approach, and this approach is useful in evaluation
and prioritization of investments in information security controls in alignment with the overall
organizational strategy.
This document discusses staffing the information security function within an organization. It covers placing the security function within the organizational structure, qualifications for security positions, and key information security roles. The main security roles discussed are the Chief Information Security Officer, Security Manager, and Security Technician. The CISO manages the overall security program, the manager oversees day-to-day operations, and the technician focuses on technical implementation and troubleshooting of security controls. Qualifications for security roles can include a technical background, understanding of business operations, and strong communication and policy development skills.
An overview of Enterprise Security Architecture (ESA), with a brief description of its key elements: TRA/PIA, Threat Modeling, Security Controls, Risk Assessment and Security Debt.
Personnel security involves managing the risks of employees exploiting their access to an organization's assets or premises for unauthorized purposes. It is important to maintain personnel security throughout employment through pre-employment screening, effective management, clear communication, and building a strong security culture. Personnel security also includes managing employees leaving the organization. When applied consistently, personnel security reduces vulnerabilities and helps build a beneficial security culture. It aims to employ reliable staff, minimize risks of employees becoming unreliable, and detect and address suspicious behavior. Personnel security risk assessments focus on individuals, their access, potential risks, and adequacy of countermeasures to inform security practices.
The document discusses mobile security and provides recommendations for organizations. It covers the following key points:
1. Mobility has introduced new security risks as the traditional network perimeter is broken and devices are used outside an organization's control. This includes risks from lost devices, insecure networks, overlap of personal and work usage, and cloud data storage.
2. A layered mobile security strategy is recommended, with security controls embedded in policies, infrastructure, applications, and data. Organizations should define acceptable usage policies and deploy mobile device management to monitor compliance.
3. Application security is also important, with recommendations to use secure development practices, test apps for vulnerabilities, and encrypt sensitive data. A defense-in-depth approach combining
This document discusses different methodologies for access control and their interactions. It begins by introducing access control as a major security component for organizations to implement regulatory constraints. It then describes several common access control models in more detail, including Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-Based Access Control (RBAC). MAC controls access based on a system-wide security policy, while DAC allows individual users some control over access permissions. The document analyzes advantages and limitations of each model and their suitability for different environments.
The document discusses the key participants and their responsibilities in developing an effective information security strategy. The three main participants are:
1. The board of directors/senior management who identify critical information assets and ensure strategy alignment with business objectives. Their responsibilities include approving policies and monitoring strategy implementation.
2. The executive management/steering committee who lead strategy implementation, ensure resource availability, and provide communication across stakeholders.
3. The chief information security officer/information security manager who develops security action plans, policies, and standards. They implement security programs and perform monitoring and reporting.
The information security strategy aims to securely protect information assets by aligning with business goals and moving security from its current to desired state through policies
The document discusses the challenges faced by corporate privacy departments and how they can better align with other business functions. It recommends that privacy departments find synergies with information security, product development, legal and other teams. It provides examples of how privacy can collaborate with different departments on tasks like product analysis, incident response and metrics. The document also outlines good practices for privacy programs, such as using recognized frameworks, conducting privacy assessments and demonstrating value through objective metrics.
Privacy Protection in Distributed Industrial Systemiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Regular technical testing also helps evaluate security weaknesses impacting data protection.
Strategies for assessing cloud securityArun Gopinath
IBM provides strategies for assessing cloud security risks. Key steps include developing a strategic cloud security roadmap, identifying risks specific to public and private cloud models, and conducting assessments of cloud security architectures. IBM security experts evaluate cloud security programs against best practices and provide recommendations to address gaps through additional controls, policies, identity management, or managed security services. Thorough testing also examines network and application vulnerabilities from an attacker's perspective.
Yearly Achievement, Plan SS Securitym before and after.Louison Malu-Malu
Plan South Sudan did not previously have a formalized security management system in place. They have since established a comprehensive security system that includes continuously assessing risks, developing security plans and procedures, providing security training to staff, establishing communication systems, and ensuring security measures are in place at offices and facilities. The new security management system aims to reduce vulnerabilities by implementing recommendations from risk assessments and adapting plans based on changes in the security environment.
The document discusses strategies for moving beyond tokenism and promoting full participation and inclusion of self-advocates on boards. It provides 10 tools for boards including providing hospitality, orientation and training, defining roles, reviewing agendas in advance, ensuring accessible materials and communication, and establishing supportive policies. The overall goal is to help self-advocates feel respected, listened to, and able to contribute and influence decisions.
Modeling Enterprise Risk Management and Security with the ArchiMate LanguageIver Band
The document provides an overview of how the ArchiMate modeling language can be used to model enterprise risk management and security concepts and relationships. It summarizes relevant risk and security standards and frameworks and extracts a set of core concepts. It then demonstrates how these concepts can be modeled using the ArchiMate language by mapping the concepts to ArchiMate elements and including examples from case studies. The document concludes that the ArchiMate language allows for modeling of the majority of common risk and security concepts and their relationships to other enterprise architecture concepts.
This Case Study demonstrates the value of the ArchiMate® 2.1 modeling language for planning and expressing complex business transformation. The Case Study is about a fictitious manufacturer named ArchiMetal. Through high-level architecture modeling, the ArchiMate language illuminates the coherence between an organization, and its processes, applications, and infrastructure. This Case Study presents examples of ArchiMate models that can be elaborated as necessary for analysis, communication, decision support, and implementation.
Role Discovery and RBAC Design: A Case Study with IBM Role and Policy ModelerProlifics
IBM Pulse 2012 presentation by Alex Ivkin (Prolifics) and Grey Thrasher (IBM)
Synthesizing the business view of IT resources with the technical implementation of Role Based Access Control remains one of the toughest challenges in Identity Management today. We will walk through a real-world use case to understand how organizations can utilize the new IBM Role and Policy Modeler (RaPM) tool to discover essential business relationships and map them to IT access permissions, creating the schema for a comprehensive RBAC system. We will explain how the design criteria provided by RaPM has enabled the foundation of a comprehensive Identity and Role Lifecycle Management structure. The follow-on implementation of an RBAC system in the Identity Provisioning platform, IBM Tivoli Identity Manager, will be explored, as well as how this organization is automating access privileges, simplifying internal security controls and reducing the complexity of audit and compliance enforcement.
An Enterprise Risk Management (ERM) programme can help organizations achieve strategic objectives more effectively by taking a systematic approach to identifying, assessing, and addressing risks across the whole organization rather than operating in silos. Key aspects of an effective ERM programme include linking risk strategy to business strategy, establishing clear risk management responsibilities, and using risk information to improve decision-making and investment choices. Regular risk assessment and monitoring can optimize risk management and control activities while supporting organizational learning and competitiveness.
In today’s global and complex business environment, security is a major issue for any organization. All organizations should have the capability to plan and respond to incidents and business disruptions. Business continuity management is part of information security management and the process of Business continuity management (BCM) can meet these needs. Indeed, Business Continuity refers to the ability of a business to continue its operations even if some sort of failure or disaster occurs. Business continuity management (BCM) requires a holistic approach that considers technological and organizational aspects. Besides, Enterprise architecture (EA) is a comprehensive view of organizational architecture, business, and technology architecture and their relationships. EA is also considered by several studies as a foundation for BC and security management. Our research aims at studying how BCM aspect can be embedded into the enterprise architecture. In this sense, this paper proposes a metamodel and an implementation method that considers BC in the design and implementation of EA.
TOWARDS AN APPROACH FOR INTEGRATING BUSINESS CONTINUITY MANAGEMENT INTO ENTER...ijcsit
In today’s global and complex business environment, security is a major issue for any organization. All
organizations should have the capability to plan and respond to incidents and business disruptions.
Business continuity management is part of information security management and the process of Business
continuity management (BCM) can meet these needs. Indeed, Business Continuity refers to the ability of a
business to continue its operations even if some sort of failure or disaster occurs. Business continuity
management (BCM) requires a holistic approach that considers technological and organizational aspects.
Besides, Enterprise architecture (EA) is a comprehensive view of organizational architecture, business,
and technology architecture and their relationships. EA is also considered by several studies as a
foundation for BC and security management. Our research aims at studying how BCM aspect can be
embedded into the enterprise architecture. In this sense, this paper proposes a metamodel and an
implementation method that considers BC in the design and implementation of EA.
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICES ijwscjournal
Information security covers many areas within an enterprise. Each area has security
vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and provide better protection. The fundamental concepts in information security are the security model, which outlines how security is to be implemented. A security policy outlines how data is accessed, what level of security is required, and what actions should be taken when these requirements are not met. A security model is a statement that outlines the requirements necessary to properly support and implement a certain security policy. An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policy makers into a set of rules that are to be followed by a computer system. In the paper we propose a model driven security assessment and verification for business service. The Security Assessment and Verification verifies whether the Application and Services are secure based on the Service Level Agreement and generates the report on the level of security features. It is designed to help business owners, operators and staff to assess the security of their business. It covers potential areas of vulnerability, and provides suggestions for adapting your security to reduce the risk of crime against your business. A security policy states that no one from a lower security level should be able to view or modify information at a higher security level, the supporting security model will outline the necessary logic and rules that need to be implemented to ensure that under no circumstances can a lower-level subject access a higher-level object in an unauthorized manner. The security policy is an abstract term that represents the objectives and goals a system must meet and accomplish to be deemed secure and acceptable.
MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION FOR BUSINESS SERVICESijwscjournal
Information security covers many areas within an enterprise. Each area has security vulnerabilities and, hopefully, some corresponding countermeasures that raise the security level and provide better protection. The fundamental concepts in information security are the security model, which outlines how security is to be implemented. A security policy outlines how data is accessed, what level of security is required, and what actions should be taken when these requirements are not met. A security model is a statement that outlines the requirements necessary to properly support and implement a certain security policy. An important concept in the design and analysis of secure systems is the security model, because it incorporates the security policy that should be enforced in the system. A model is a symbolic representation of a policy. It maps the desires of the policy makers into a set of rules that are to be followed by a computer system. In the paper we propose a model driven security assessment and verification for business service. The Security Assessment and Verification verifies whether the Application and Services are secure based on the Service Level Agreement and generates the report on the level of security features. It is designed to help business owners, operators and staff to assess the security of their business. It covers potential areas of vulnerability, and provides suggestions for adapting your security to reduce the risk of crime against your business. A security policy states that no one from a lower security level should be able to view or modify information at a higher security level, the supporting security model will outline the necessary logic and rules that need to be implemented to ensure that under no circumstances can a lower-level subject access a higher-level object in an unauthorized manner. The security policy is an abstract term that represents the objectives and goals a system must meet and accomplish to be deemed secure and acceptable.
future internetArticleERMOCTAVE A Risk Management Fra.docxgilbertkpeters11344
This document introduces a new risk management framework called ERMOCTAVE for assessing risks associated with adopting cloud computing. ERMOCTAVE combines two existing risk management methods - Enterprise Risk Management (ERM) and Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE). It structures the processes of OCTAVE into three phases and maps the components of ERM to each phase to provide a more comprehensive approach. The document then describes ERMOCTAVE in detail and provides a case study example of how it can be applied by a company migrating parts of its system to Microsoft Azure cloud.
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
future internet
Article
ERMOCTAVE: A Risk Management Framework for IT
Systems Which Adopt Cloud Computing
Masky Mackita 1, Soo-Young Shin 2 and Tae-Young Choe 3,*
1 ING Bank, B-1040 Brussels, Belgium; [email protected]
2 Department of IT Convergence Engineering, Kumoh National Institute of Technology, Gumi 39177, Korea;
[email protected]
3 Department of Computer Engineering, Kumoh National Institute of Technology, Gumi 39177, Korea
* Correspondence: [email protected]; Tel.: +82-54-478-7526
Received: 22 June 2019; Accepted: 3 September 2019; Published: 10 September 2019
����������
�������
Abstract: Many companies are adapting cloud computing technology because moving to the cloud
has an array of benefits. During decision-making, having processed for adopting cloud computing,
the importance of risk management is progressively recognized. However, traditional risk management
methods cannot be applied directly to cloud computing when data are transmitted and processed by
external providers. When they are directly applied, risk management processes can fail by ignoring
the distributed nature of cloud computing and leaving numerous risks unidentified. In order to fix
this backdrop, this paper introduces a new risk management method, Enterprise Risk Management
for Operationally Critical Threat, Asset, and Vulnerability Evaluation (ERMOCTAVE), which combines
Enterprise Risk Management and Operationally Critical Threat, Asset, and Vulnerability Evaluation for
mitigating risks that can arise with cloud computing. ERMOCTAVE is composed of two risk management
methods by combining each component with another processes for comprehensive perception of risks.
In order to explain ERMOCTAVE in detail, a case study scenario is presented where an Internet seller
migrates some modules to Microsoft Azure cloud. The functionality comparison with ENISA and
Microsoft cloud risk assessment shows that ERMOCTAVE has additional features, such as key objectives
and strategies, critical assets, and risk measurement criteria.
Keywords: risk management; ERM; OCTAVE; cloud computing; Microsoft Azure
1. Introduction
Cloud computing is a technology that uses virtualized resources to deliver IT services through the
Internet. It can also be defined as a model that allows network access to a pool of computing resources
such as servers, applications, storage, and services, which can be quickly offered by service providers [1].
One of properties of the cloud is its distributed nature [2]. Data in the cloud environments had become
gradually distributed, moving from a centralized model to a distributed model. That distributed nature
causes cloud computing actors to face problems like loss of data control, difficulties to demonstrate
compliance, and additional legal risks as data migration from one legal jurisdiction to another. An example
is Salesforce.com, which suffered a huge outage, locking more than 900,000 subscribers out of important
resources needed for business trans ...
Discussion 1Recommend three countermeasures that could enhance.docxelinoraudley582231
Discussion 1
Recommend three countermeasures that could enhance the information security measures of an enterprise. Justify your recommendations.
1. Upon extensive review of existing IT EBK and what new measures needed to be taken, Homeland Security came to the conclusion that a comprehensive approach information security including the steps of manage, design, implement, and evaluate would best serve to safeguard against future threats. Manage: calls for the oversight of security programs to come from the highest levels of chains of command with constant focus on “ensuring its currency with changing risk and threat” (2007, p. 9). Design: calls for analyzing a program to assess what types of “procedures and processes” will best direct its successful execution. Implement: refers to how programs and policies are instituted within the company. Evaluate: this final step calls for a final critique of the new program or policy’s successful ability to [achieve] its purpose (2007, p. 9).
2. Homeland Security also recommended a “Competency and Functional Framework for IT Workplace Development” that placed strong emphasis on a clear chain of command and communication with clear job titles and IT employee roles being placed into a group of Executive, Functional or Corollary employees (2007, p. 17).
3. The report stressed the primary role of “the IT Security Compliance Professional is . . . overseeing, evaluating, and supporting compliance issues pertinent to the organization” (Homeland Security, 2007, p.16). Thus, the report logically concluded that IT professionals must know and be able to properly define terms such as evaluation, compliance and assessment in order to properly perform their duties (p. 14).
Propose three cybersecurity benefits that could be derived from the development of a strategic governance process. Select the benefit you find most important and explain why.
The National Computing Centre points out that there are numerous benefits to having a rigorous strategic governance process in place. Among them, increased transparency and accountability which leads to an “improved transparency of IT costs, IT process, [and] IT portfolio (2005, p. 6). This increased transparency and accountability also leads to an “improved understanding of overall IT costs and their input to ROI cases” which in turn often brings about “an increased return on investment/stakeholder value” (p. 6). Finally, the authors point to the fact that with increased transparency comes increased accountability and companies avoid “unnecessary expenditures” (p. 7).
Discussion 2
Categorize the roles described by the Information Technology Security Essential Body of Knowledge (EBK), in terms of executive, functional, and corollary competencies. Select two of these roles that you believe enhance the security countermeasures of an organization the most and justify your response.
As mentioned previously, Homeland Security’s 2007 report emphasized the importance of properly .
An Effective Cybersecurity Awareness Training Model: First Defense of an Orga...IRJET Journal
This document discusses the importance of cybersecurity awareness training for organizations and proposes an effective training model. It analyzes how artificial intelligence (AI) can enhance security awareness programs. Specifically, it examines the Technology Acceptance Model (TAM) and how AI-enabled tools like the viCyber system can help design training based on the National Initiative for Cybersecurity Education (NICE) framework. The study concludes that regular, comprehensive security awareness training is critical to address the human factors that can weaken an organization's cyber defenses. AI tools show promise in developing trainings but require further evaluation of their usability and reliability.
The Significance of IT Security Management & Risk AssessmentBradley Susser
The Significance of IT Security Management & Risk Assessment
An overview of IT Security Management, which is comprised of standards, policies, plans, and procedures as well as risk assessment and the various techniques and approaches to minimize an organization’s financial impact due to the exploitation of numerous organizational assets.
A DECISION-MAKING MODEL FOR REINFORCING A CORPORATE INFORMATION SECURITY SYSTEMLeslie Schulte
This summary provides the key points from the document in 3 sentences:
This study examines factors that influence corporate information security systems using the technology-organization-environment (TOE) framework. The study conducted an Analytic Hierarchy Process (AHP) survey with 24 participants to determine the most significant factors. The results showed that environmental factors had the strongest influence on information security systems, and compliance with legal requirements, protection of information subjects' rights, and increasing information security awareness were particularly important.
A model based security requirements engineering frameworkiaemedu
This document presents a framework for security requirements engineering. It discusses how security requirements are often not properly considered early in the development process. It reviews related work on security requirements engineering, including a previous framework by Haley et al. that defined criteria for adequate security requirements. The proposed framework aims to improve on previous approaches by integrating security requirements elicitation and analysis into the core requirements engineering activities from the start. It then compares the proposed framework to Haley's framework, highlighting differences in how security requirements are handled.
A model based security requirements engineering frameworkIAEME Publication
This document presents a framework for security requirements engineering. It discusses how security requirements are often not properly considered early in the development process. It reviews related work on security requirements engineering, including a previous framework by Haley et al. that defined criteria for adequate security requirements. The proposed framework aims to improve on previous approaches by integrating security requirements elicitation and analysis into mainstream requirements activities from the beginning. It then compares the proposed framework to Haley's framework.
A model based security requirements engineering frameworkiaemedu
This document presents a framework for security requirements engineering. It discusses how security requirements are often not properly considered early in the development process. It reviews related work on security requirements engineering, including a previous framework by Haley et al. that defined criteria for adequate security requirements. The proposed framework aims to improve on previous approaches by integrating security requirements elicitation and analysis into the core requirements engineering activities from the start. It then compares the proposed framework to Haley's framework, highlighting differences in how security requirements are treated.
A model based security requirements engineering frameworkiaemedu
This document presents a framework for security requirements engineering. It discusses how security requirements are often not properly considered early in the development process. It reviews related work on security requirements engineering, including a previous framework by Haley et al. that defined criteria for adequate security requirements. The proposed framework aims to improve on previous approaches by integrating security requirements elicitation and analysis into the core requirements engineering activities from the start. It then compares the proposed framework to Haley's framework, highlighting differences in how security requirements are handled.
A Practical Approach to Managing Information System Riskamiable_indian
This document provides a 3-step process for managing information system risk:
1. Conduct a risk assessment to determine the risk level of the system and classify data sensitivity. This informs the selection of security controls.
2. Select security controls to mitigate risks while balancing business needs. Controls should be tailored to risk levels and applied in multiple layers for defense in depth.
3. Obtain management approval for the controls and manage risk over the system's lifetime by ensuring controls continue to properly operate and risk levels remain acceptable.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxMargenePurnell14
This document provides an overview of standards for information security risk management, highlighting challenges in implementing assessments and drivers for adopting standards. It analyzes frameworks including ISO 27001, ISO 27002, ISO 27005, ITIL, COBIT, Risk IT, Basel II, PCI DSS, and OCTAVE. While these frameworks provide guidance, there is no single best solution, and organizations face challenges selecting and properly implementing a framework given their unique needs and resources. The document concludes more research is needed to guide selection of the most appropriate framework.
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE Walid.docxbagotjesusa
INTERNATIONAL JOURNAL OF INFORMATION SECURITY SCIENCE
Walid Al-Ahmad, Bassil Mohammed, Vol. 2, No. 2
28
Addressing Information Security Risks by Adopting
Standards
Walid Al-Ahmad*‡, Bassil Mohammad**
*Computer Science Department, Faculty of Arts and Science, Gulf University for Science & Technology, Kuwait
**Ernst & Young, Amman, Jordan
‡
P.O.Box 7207 Hawally, 32093 Kuwait, Tel: +96525307321, Fax: +965 25307030, e-mail: [email protected]
Abstract- Modern society depends on information technology in nearly every facet of human activity including, finance,
transportation, education, government, and defense. Organizations are exposed to various and increasing kinds of risks,
including information technology risks. Several standards, best practices, and frameworks have been created to help
organizations manage these risks. The purpose of this research work is to highlight the challenges facing enterprises in their
efforts to properly manage information security risks when adopting international standards and frameworks. To assist in
selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used
standards and identifies selection criteria. It suggests an approach to proper implementation as well. A set of recommendations
is put forward with further research opportunities on the subject.
Keywords- Information security; risk management; security frameworks; security standards; security management.
1. Introduction
The use of technology is increasingly covering
most aspects of our daily life. Businesses which
are heavily dependent on this technology use
information systems which were designed and
implemented with concentration on functionality,
costs reduction and ease of use. Information
security was not incorporated early enough into
systems and only recently has it started to get the
warranted attention. Accordingly, there is a need to
identify and manage these hidden weaknesses,
referred to as systems vulnerabilities, and to limit
their damaging impact on the information systems
integrity, confidentiality, and availability.
Vulnerabilities are exploited by attacks which are
becoming more targeted and sophisticated.
Attacking techniques and methods are virtually
countless and are evolving tremendously [1, 2].
In any enterprise, information security risks
must be identified, evaluated, analyzed, treated and
properly reported. Businesses that fail in
identifying the risks associated with the
technology they use, the people they employ, or
the environment where they operate usually
subject their business to unforeseen consequences
that might result in severe damage to the business
[3]. Therefore, it is critical to establish reliable
information security risk assessment and treatment
frameworks to guide organizations during the risk
management process.
Because risks cannot be complete.
CISSPills are short-lasting presentations covering topics to study in order to prepare CISSP exam. CISSPills is a digest of my notes and doesn't want to replace a studybook, it wants to be only just another companion for self-paced students.
Every issue covers different topics of CISSP's CCBK and the goal is addressing all the 10 domains which compose CISSP.
IN THIS ISSUE:
Domain 3: Information Security Governance and Risk Management
- Enterprise Architectures
- Enterprise Security Architectures
- Capability Maturity Model Integration (CMMI)
A DECISION-MAKING MODEL FOR REINFORCING A CORPORATE INFORMATION SECURITY SYSTEMIAEME Publication
Recently, information security incidents such as personal information leakage have been regarded as serious risk factors that directly affect corporate sales reduction and corporate image loss. In order to manage information security systematically, enterprises have been introducing information security systems more than ever before. This study aims to derive major items of the information security system mainly for corporate organizational management, with a focus on the technology-organizationenvironment (TOE) framework, and suggests a direction for system build-up and management. To this end, the Analytic Hierarchy Process (AHP) was conducted on 20 items derived from previous studies. A survey was conducted among 24 individuals, including 12 corporate internal administrators and 12 corporate external consultants. As a result, it turned out that environmental factors affected the information security system more significantly among technical, organizational, and environmental factors. Notably, 'compliance with legal requirements,' 'protection of information subjects' rights,' and 'increase of the information security awareness' affected the operation of the information security system or related decision-making processes. This finding suggests that although technical and organizational management is also essential when it comes to corporate information security system operation, the system needs to respond swiftly to rapid market changes and legal and administrative changes concerning information security.
A Resiliency Framework For An Enterprise CloudJeff Nelson
The document summarizes a research paper that proposes a resiliency framework called the Cloud Computing Adoption Framework (CCAF) for enterprise clouds. CCAF includes four major emerging services - software resilience, service components, guidelines, and real case studies - that are designed to improve an organization's security when adopting cloud computing. The framework was validated through a large survey that provided user requirements to guide the system's design and development. CCAF aims to illustrate how software resilience and security can be improved for enterprises moving to the cloud.
Similar to Conceptual integration of enterprise architecture management and security risk management (20)
Multi-Agent System (MAS) monitoring solutions are designed for a plethora of usage topics. Existing approach mostly used cloned back-end architectures while front-end monitoring interface tends to constitute the real specificity of the solution. These interfaces are recurrently structured around three dimensions: access to informed knowledge, agent’s behavioural rules, and restitution of real-time states of specific system sector. In this paper, we propose prototyping a sector-agnostic MAS platform (Smart-X) which gathers in an integrated and independent platform all the functionalities required to monitor and to govern a wide range of sector specific environments. For illustration and validation purposes, the use of Smart-X is introduced and explained with a smart-mobility case study.
This document provides an agenda and overview for a joint workshop on security modeling hosted by the ArchiMate Forum and Security Forum. The workshop aims to identify opportunities to improve the conceptual and visual modeling of enterprise information security using TOGAF and ArchiMate. The agenda includes introductions, a research spotlight on strengthening role-based access control with responsibility modeling, an open discussion on complementing TOGAF and ArchiMate with enhanced security modeling, and identifying next steps. The workshop purpose is to enable better security architecture decisions and drive usage of TOGAF and ArchiMate for security architecture.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
This document proposes an innovative systemic approach to risk management across interconnected sectors. It suggests using enterprise architecture models to manage cross-sector risks in Luxembourg's complex ICT ecosystem. The approach would provide regulators an overview of all players and systems, as well as models of different sectors to analyze collected data and risks at a national level, fostering accurate and reactive risk mitigation across economic domains.
This document proposes extending the HL7 standard with a responsibility perspective to better manage access rights to patient health records. It presents the ReMMo responsibility metamodel, which defines actors' responsibilities and associated access rights. The paper aims to align ReMMo with the HL7-based eSanté healthcare platform model in Luxembourg to semantically enhance access controls based on users' real responsibilities rather than just roles. It will first map concepts between the two models, then evaluate the alignment through a prototype applying inference rules.
This document presents a study that aims to develop and validate a responsibility model to improve IT governance. It analyzes concepts of responsibility from literature and frameworks like COBIT. The researchers developed a responsibility model with key concepts like obligation, accountability, right, and commitment. They then compare this model to COBIT's representation of responsibility to identify areas for potential enhancement, like adding concepts that COBIT lacks. The document illustrates how the responsibility model could be used to refine COBIT's process for identifying system owners and their responsibilities.
This document proposes an innovative approach called SIM (Secure Identity Management) that aims to make access management policies closer aligned with business objectives. It does this in two ways:
1) By focusing the policy engineering process on business goals and responsibilities defined in processes, using concepts from the ISO/IEC 15504 standard. This links capabilities and accountabilities to process outcomes and work products.
2) By defining a multi-agent system architecture to automate the deployment of policies across heterogeneous IT components and devices. The agents provide autonomy and ability to adapt rapidly according to context.
The approach was prototyped using open source components and aims to improve how access rights are defined according to business needs and deployed across an organization
This document proposes a methodological approach for specifying services and analyzing service compliance considering the responsibility dimension of stakeholders. The approach includes a product model and process model. The product model has three layers: an informational layer describing service context and concepts, an organizational layer describing business rules and roles, and a responsibility dimension layer linking the two. The process model outlines steps for service architects to identify context, define concepts and rules, specify services, and analyze compliance. The approach is illustrated with an example of managing access rights for sensitive healthcare data exchange between organizations.
This document discusses integrating responsibility aspects into service engineering for e-government. It proposes a multi-layered approach including an ontological layer defining legal concepts, an organizational layer describing roles and stakeholders, an informational layer representing data structures and integrity constraints, and a technical layer representing IT components. A responsibility meta-model is also introduced to align responsibilities across these layers and facilitate interoperability between services that share data. The approach aims to ensure service compliance and manage risks associated with e-government services.
1) The document proposes a dynamic approach for assigning functions and responsibilities to agents in a multi-agent system for critical infrastructure management.
2) The approach uses an agent's reputation, which is based on past performance, to determine which agents receive which responsibilities as crisis situations change over time.
3) Assigning responsibilities dynamically based on reputation allows the system to continue operating effectively if an agent becomes isolated or has reduced capabilities during a crisis.
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates concepts from the business and technical layers, with the concept of employee responsibility bridging the two. It incorporates four types of obligations from the COBIT framework to refine employee responsibilities and better assign access rights. ReMoLa maps responsibilities to roles in the RBAC model to leverage its advantages for access right management while ensuring responsibilities align with business tasks and employee commitment.
The document describes the NOEMI assessment methodology, which was developed as part of a research project to help very small enterprises (VSEs) improve their IT practices. The methodology aims to assess VSEs' IT capabilities in order to facilitate collaborative IT management across organizations. It was designed to be aligned with common IT standards like ISO/IEC 15504 and ITIL, but adapted specifically for VSEs. The methodology has been tested through several case studies with VSEs in Luxembourg, with promising results.
This document provides a preliminary literature review of policy engineering methods related to the concept of responsibility. It summarizes key access control models and discusses how they address concepts like capability, accountability, and commitment. The document also reviews engineering methods and how they incorporate responsibility considerations. The overall goal is to orient further research towards a new policy model and engineering method that more fully addresses stakeholder responsibility.
This document proposes an extension of the ArchiMate enterprise architecture framework to model multi-agent systems for critical infrastructure governance. The authors develop a responsibility-driven policy concept and metamodel layers to represent agent behavior and organizational policies across technical, application, and organizational layers. The approach is illustrated through a case study of a financial transaction processing system.
This document summarizes an experimental prototype of the OpenSST protocol for secured electronic transactions. OpenSST was developed to achieve high security, simplicity in software engineering, and compatibility with existing standards. The prototype uses OpenSST for the authorization portion of electronic payments in an e-business clearing solution. It describes the OpenSST message format and types, and discusses how OpenSST is implemented in the prototype's three-element architecture of an OpenSST proxy, reverse proxy, and server.
This document proposes an automatic reaction strategy for critical infrastructure SCADA systems. It defines a three-layer metamodel for modeling SCADA components and two types of policies (cognitive and permissive) that govern component behavior. It then presents a two-phase method for identifying these policies from the SCADA architecture and formalizing them to support an automatic reaction strategy. This strategy is modeled as an integral part of the SCADA architecture using the defined metamodel and policy identification method. It includes organizational and application layers with main actors, strategies, and components that realize the reaction policies based on expected automation levels.
More from Luxembourg Institute of Science and Technology (20)
Anti-Universe And Emergent Gravity and the Dark UniverseSérgio Sacani
Recent theoretical progress indicates that spacetime and gravity emerge together from the entanglement structure of an underlying microscopic theory. These ideas are best understood in Anti-de Sitter space, where they rely on the area law for entanglement entropy. The extension to de Sitter space requires taking into account the entropy and temperature associated with the cosmological horizon. Using insights from string theory, black hole physics and quantum information theory we argue that the positive dark energy leads to a thermal volume law contribution to the entropy that overtakes the area law precisely at the cosmological horizon. Due to the competition between area and volume law entanglement the microscopic de Sitter states do not thermalise at sub-Hubble scales: they exhibit memory effects in the form of an entropy displacement caused by matter. The emergent laws of gravity contain an additional ‘dark’ gravitational force describing the ‘elastic’ response due to the entropy displacement. We derive an estimate of the strength of this extra force in terms of the baryonic mass, Newton’s constant and the Hubble acceleration scale a0 = cH0, and provide evidence for the fact that this additional ‘dark gravity force’ explains the observed phenomena in galaxies and clusters currently attributed to dark matter.
Evidence of Jet Activity from the Secondary Black Hole in the OJ 287 Binary S...Sérgio Sacani
Wereport the study of a huge optical intraday flare on 2021 November 12 at 2 a.m. UT in the blazar OJ287. In the binary black hole model, it is associated with an impact of the secondary black hole on the accretion disk of the primary. Our multifrequency observing campaign was set up to search for such a signature of the impact based on a prediction made 8 yr earlier. The first I-band results of the flare have already been reported by Kishore et al. (2024). Here we combine these data with our monitoring in the R-band. There is a big change in the R–I spectral index by 1.0 ±0.1 between the normal background and the flare, suggesting a new component of radiation. The polarization variation during the rise of the flare suggests the same. The limits on the source size place it most reasonably in the jet of the secondary BH. We then ask why we have not seen this phenomenon before. We show that OJ287 was never before observed with sufficient sensitivity on the night when the flare should have happened according to the binary model. We also study the probability that this flare is just an oversized example of intraday variability using the Krakow data set of intense monitoring between 2015 and 2023. We find that the occurrence of a flare of this size and rapidity is unlikely. In machine-readable Tables 1 and 2, we give the full orbit-linked historical light curve of OJ287 as well as the dense monitoring sample of Krakow.
Discovery of An Apparent Red, High-Velocity Type Ia Supernova at 𝐳 = 2.9 wi...Sérgio Sacani
We present the JWST discovery of SN 2023adsy, a transient object located in a host galaxy JADES-GS
+
53.13485
−
27.82088
with a host spectroscopic redshift of
2.903
±
0.007
. The transient was identified in deep James Webb Space Telescope (JWST)/NIRCam imaging from the JWST Advanced Deep Extragalactic Survey (JADES) program. Photometric and spectroscopic followup with NIRCam and NIRSpec, respectively, confirm the redshift and yield UV-NIR light-curve, NIR color, and spectroscopic information all consistent with a Type Ia classification. Despite its classification as a likely SN Ia, SN 2023adsy is both fairly red (
�
(
�
−
�
)
∼
0.9
) despite a host galaxy with low-extinction and has a high Ca II velocity (
19
,
000
±
2
,
000
km/s) compared to the general population of SNe Ia. While these characteristics are consistent with some Ca-rich SNe Ia, particularly SN 2016hnk, SN 2023adsy is intrinsically brighter than the low-
�
Ca-rich population. Although such an object is too red for any low-
�
cosmological sample, we apply a fiducial standardization approach to SN 2023adsy and find that the SN 2023adsy luminosity distance measurement is in excellent agreement (
≲
1
�
) with
Λ
CDM. Therefore unlike low-
�
Ca-rich SNe Ia, SN 2023adsy is standardizable and gives no indication that SN Ia standardized luminosities change significantly with redshift. A larger sample of distant SNe Ia is required to determine if SN Ia population characteristics at high-
�
truly diverge from their low-
�
counterparts, and to confirm that standardized luminosities nevertheless remain constant with redshift.
Candidate young stellar objects in the S-cluster: Kinematic analysis of a sub...Sérgio Sacani
Context. The observation of several L-band emission sources in the S cluster has led to a rich discussion of their nature. However, a definitive answer to the classification of the dusty objects requires an explanation for the detection of compact Doppler-shifted Brγ emission. The ionized hydrogen in combination with the observation of mid-infrared L-band continuum emission suggests that most of these sources are embedded in a dusty envelope. These embedded sources are part of the S-cluster, and their relationship to the S-stars is still under debate. To date, the question of the origin of these two populations has been vague, although all explanations favor migration processes for the individual cluster members. Aims. This work revisits the S-cluster and its dusty members orbiting the supermassive black hole SgrA* on bound Keplerian orbits from a kinematic perspective. The aim is to explore the Keplerian parameters for patterns that might imply a nonrandom distribution of the sample. Additionally, various analytical aspects are considered to address the nature of the dusty sources. Methods. Based on the photometric analysis, we estimated the individual H−K and K−L colors for the source sample and compared the results to known cluster members. The classification revealed a noticeable contrast between the S-stars and the dusty sources. To fit the flux-density distribution, we utilized the radiative transfer code HYPERION and implemented a young stellar object Class I model. We obtained the position angle from the Keplerian fit results; additionally, we analyzed the distribution of the inclinations and the longitudes of the ascending node. Results. The colors of the dusty sources suggest a stellar nature consistent with the spectral energy distribution in the near and midinfrared domains. Furthermore, the evaporation timescales of dusty and gaseous clumps in the vicinity of SgrA* are much shorter ( 2yr) than the epochs covered by the observations (≈15yr). In addition to the strong evidence for the stellar classification of the D-sources, we also find a clear disk-like pattern following the arrangements of S-stars proposed in the literature. Furthermore, we find a global intrinsic inclination for all dusty sources of 60 ± 20◦, implying a common formation process. Conclusions. The pattern of the dusty sources manifested in the distribution of the position angles, inclinations, and longitudes of the ascending node strongly suggests two different scenarios: the main-sequence stars and the dusty stellar S-cluster sources share a common formation history or migrated with a similar formation channel in the vicinity of SgrA*. Alternatively, the gravitational influence of SgrA* in combination with a massive perturber, such as a putative intermediate mass black hole in the IRS 13 cluster, forces the dusty objects and S-stars to follow a particular orbital arrangement. Key words. stars: black holes– stars: formation– Galaxy: center– galaxies: star formation
Dr. Firoozeh Kashani-Sabet is an innovator in Middle Eastern Studies and approaches her work, particularly focused on Iran, with a depth and commitment that has resulted in multiple book publications. She is notable for her work with the University of Pennsylvania, where she serves as the Walter H. Annenberg Professor of History.
This presentation offers a general idea of the structure of seed, seed production, management of seeds and its allied technologies. It also offers the concept of gene erosion and the practices used to control it. Nursery and gardening have been widely explored along with their importance in the related domain.
Evaluation and Identification of J'BaFofi the Giant Spider of Congo and Moke...MrSproy
ABSTRACT
The J'BaFofi, or "Giant Spider," is a mainly legendary arachnid by reportedly inhabiting the dense rain forests of
the Congo. As despite numerous anecdotal accounts and cultural references, the scientific validation remains more elusive.
My study aims to proper evaluate the existence of the J'BaFofi through the analysis of historical reports,indigenous
testimonies and modern exploration efforts.
Embracing Deep Variability For Reproducibility and Replicability
Abstract: Reproducibility (aka determinism in some cases) constitutes a fundamental aspect in various fields of computer science, such as floating-point computations in numerical analysis and simulation, concurrency models in parallelism, reproducible builds for third parties integration and packaging, and containerization for execution environments. These concepts, while pervasive across diverse concerns, often exhibit intricate inter-dependencies, making it challenging to achieve a comprehensive understanding. In this short and vision paper we delve into the application of software engineering techniques, specifically variability management, to systematically identify and explicit points of variability that may give rise to reproducibility issues (eg language, libraries, compiler, virtual machine, OS, environment variables, etc). The primary objectives are: i) gaining insights into the variability layers and their possible interactions, ii) capturing and documenting configurations for the sake of reproducibility, and iii) exploring diverse configurations to replicate, and hence validate and ensure the robustness of results. By adopting these methodologies, we aim to address the complexities associated with reproducibility and replicability in modern software systems and environments, facilitating a more comprehensive and nuanced perspective on these critical aspects.
https://hal.science/hal-04582287
Microbial interaction
Microorganisms interacts with each other and can be physically associated with another organisms in a variety of ways.
One organism can be located on the surface of another organism as an ectobiont or located within another organism as endobiont.
Microbial interaction may be positive such as mutualism, proto-cooperation, commensalism or may be negative such as parasitism, predation or competition
Types of microbial interaction
Positive interaction: mutualism, proto-cooperation, commensalism
Negative interaction: Ammensalism (antagonism), parasitism, predation, competition
I. Mutualism:
It is defined as the relationship in which each organism in interaction gets benefits from association. It is an obligatory relationship in which mutualist and host are metabolically dependent on each other.
Mutualistic relationship is very specific where one member of association cannot be replaced by another species.
Mutualism require close physical contact between interacting organisms.
Relationship of mutualism allows organisms to exist in habitat that could not occupied by either species alone.
Mutualistic relationship between organisms allows them to act as a single organism.
Examples of mutualism:
i. Lichens:
Lichens are excellent example of mutualism.
They are the association of specific fungi and certain genus of algae. In lichen, fungal partner is called mycobiont and algal partner is called
II. Syntrophism:
It is an association in which the growth of one organism either depends on or improved by the substrate provided by another organism.
In syntrophism both organism in association gets benefits.
Compound A
Utilized by population 1
Compound B
Utilized by population 2
Compound C
utilized by both Population 1+2
Products
In this theoretical example of syntrophism, population 1 is able to utilize and metabolize compound A, forming compound B but cannot metabolize beyond compound B without co-operation of population 2. Population 2is unable to utilize compound A but it can metabolize compound B forming compound C. Then both population 1 and 2 are able to carry out metabolic reaction which leads to formation of end product that neither population could produce alone.
Examples of syntrophism:
i. Methanogenic ecosystem in sludge digester
Methane produced by methanogenic bacteria depends upon interspecies hydrogen transfer by other fermentative bacteria.
Anaerobic fermentative bacteria generate CO2 and H2 utilizing carbohydrates which is then utilized by methanogenic bacteria (Methanobacter) to produce methane.
ii. Lactobacillus arobinosus and Enterococcus faecalis:
In the minimal media, Lactobacillus arobinosus and Enterococcus faecalis are able to grow together but not alone.
The synergistic relationship between E. faecalis and L. arobinosus occurs in which E. faecalis require folic acid
Mechanisms and Applications of Antiviral Neutralizing Antibodies - Creative B...Creative-Biolabs
Neutralizing antibodies, pivotal in immune defense, specifically bind and inhibit viral pathogens, thereby playing a crucial role in protecting against and mitigating infectious diseases. In this slide, we will introduce what antibodies and neutralizing antibodies are, the production and regulation of neutralizing antibodies, their mechanisms of action, classification and applications, as well as the challenges they face.
Presentation of our paper, "Towards Quantitative Evaluation of Explainable AI Methods for Deepfake Detection", by K. Tsigos, E. Apostolidis, S. Baxevanakis, S. Papadopoulos, V. Mezaris. Presented at the ACM Int. Workshop on Multimedia AI against Disinformation (MAD’24) of the ACM Int. Conf. on Multimedia Retrieval (ICMR’24), Thailand, June 2024. https://doi.org/10.1145/3643491.3660292 https://arxiv.org/abs/2404.18649
Software available at https://github.com/IDT-ITI/XAI-Deepfakes
Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
Sexuality - Issues, Attitude and Behaviour - Applied Social Psychology - Psyc...
Conceptual integration of enterprise architecture management and security risk management
1. Conceptual Integration of Enterprise Architecture
Management and Security Risk Management
Eric Grandry, Christophe Feltus, Eric Dubois
Service Science and Innovation
CRP Henri Tudor
Luxembourg
{eric.grandry, christophe.feltus, eric.dubois}@tudor.lu
Abstract—Enterprise Architecture Management (EAM) is
considered to provide the mechanism for, amongst others,
governing enterprise transformations required by changes in the
environment. In this paper, we focus on changes that result from
the analysis of information security risks and of their impacts on
the services delivered by an enterprise. We present how the
concepts of an information system security risks management
domain can be mapped into the ArchiMate enterprise
architecture modeling language. We illustrate the application of
the proposed approach through the handling of a lab case.
Keywords—EAM, Information Security Risk Management,
ArchiMate, Enterprise Model Integration.
I. INTRODUCTION
To remain competitive in the growing services economies,
enterprises have to transform themselves in business service
oriented enterprises. Business services are delivered by service
system defined as “a configuration of people, processes,
technology and shared information connected through a value
proposition with the aim of a dynamic co-creation of value
through the participation in the exchanges with customers and
external/internal service systems” [1]. According to this view, a
service system can be composed of service systems,
cooperating to produce the business service. It is typically
observed in value constellation like a cloud ecosystem, where
the final user of the cloud service (whether IaaS, PaaS or SaaS)
depends on a chain of business partners.
The value proposition of a service system can be refined
into a number of requirements characterizing the expected
qualities of the business services. Usually a distinction is made
between functional and non-functional requirements. In this
paper, we investigate a specific type of non-functional
requirements which are those related to security qualities
associated with information delivered through business
services. Today, many business services are information
intensive and thus security requirements like e.g. information
confidentiality or privacy are essential. According to the usual
requirements engineering terminology [26, 27], we call
“security goals” these requirements in the rest of the paper.
The sources for these security goals are customers’ needs (e.g.
need for confidentiality of the information stored on the cloud)
but also, in an increased regulated market, the compliance with
regulations and norms (e.g. the compliance with privacy of
information manipulated by the service provider). The
achievement of security goals associated with the business
services delivered by a service system is heavily depending on
the quality of the Information System (IS) implementing it.
Thus the alignment of the deployed information system with
the business perspective is a key issue.
One of the main purposes of Enterprise Architecture
Management (EAM) is to align an enterprise to its
requirements and business goals, and specifically in our
context business services goals. EAM helps to design and
guarantee a coherent enterprise’s organizational structure,
business processes, and infrastructure [2] through a set of
models. It transforms enterprise governance into informed
enterprise governance [3]. The occurrence of security breaches
(for example the corruption of a database) may result in
deviations (misalignments) between the business goals of the
enterprise and their realization in terms of its implemented
information system. The solutions to overcome these
misalignments are more and more complex and it is not always
either technically or economically sustainable for an enterprise
to solve all the potential breaches. Risk Management (RM) as a
decision tool therefore becomes a central activity in the design
of the architecture components (the so-called “counter-
measures”) preventing these misalignments.
There exist many Information System Security Risk
Management (ISSRM) approaches for analyzing and managing
the potential security breaches. The first objective of the paper
is to report about our contribution in an extended EAM
supporting a security risk-oriented design of an Enterprise
Architecture (EA), meeting its associated business services
security goals. The core of the framework relies on the
integration of ISSRM concepts into EA constructs with a
service system perspective.
The second objective of the paper is to address the
representation of the performed security risk analysis. A large
majority of existing ISSRM approaches are based on the
production of textual information, some of them being
structured in tabular forms. Thus in general they lack from
formal notation and representation. Moreover the traceability
between the different elements of the risk model is also
difficult to manage. To overcome these difficulties, our
proposed extended EAM is embedded in the ArchiMate
modeling language [4]. ArchiMate has been purposely
designed for supporting EAM, and recent extensions include
constructs supporting the service-oriented enterprise. Our
2. proposal aims at using it in conjunction with concepts of
information security risks analysis. Of a particular interest is
the Business Motivation Model, which we use through the
ArchiMate Motivation Extension, for expressing the specific
risk analysis related motivations for architecture principles and
decisions.
The rest of the paper is structured as follows. In section II,
we provide some background knowledge regarding our
proposed extended EAM. On the one hand, this includes an
introduction to a previous research work performed at the
Tudor Centre with respect to the definition of a domain model
associated with the concepts that can be found in security risks
analysis methods. On the other hand we recall the modeling
concepts available in the ArchiMate language and emphasize
motivational elements included in the ArchiMate Motivation
Extension. In Section III the core of the proposed extended
EAM is presented through the study of the mapping that can be
made between the security risk metamodel concepts and those
of the ArchiMate metamodel. This mapping is done within the
perspective of service oriented EA. By doing so, we explain
how security risks concepts can be embedded in the ArchiMate
language. We illustrate the result of this embedding in Section
IV where we apply the proposed security extended EAM in the
context of a case study and show how its application can be
captured in terms of an ArchiMate model. Section V reviews
existing approaches with similar research objectives and
Section VI concludes with some future perspectives regarding
the positioning of our work.
II. BACKGROUND KNOWLEDGE
In this section, we introduce our two main sources of
knowledge on which our research built upon, namely a
conceptual security risk model and the ArchiMate language.
A. Risk Management
Information System Security Risk Management (ISSRM) is
paramount because it helps companies to adopt cost-effective
security measures. Indeed, security threats are so numerous that
it is impossible to act on all of them because (1) every
technological security solution has a cost, and (2) companies
have limited resources. Hence, companies want to make sure
that they adopt only solutions for which the Return On Security
Investment (ROSI) is positive. This is done by comparing the
cost of a solution with the risk of not using it, e.g. the cost of a
business disruption due to a successful security attack.
There exist a lot of ISSRM approaches. One of the main
problems is that they all rely on different concepts and
terminologies. Despite efforts started at the standardization
level, there is still a need for a common unifying set of
concepts. In a previous research performed at Tudor Centre,
the different concepts of ISSRM and their relationships have
been formalized under the form of a domain metamodel (Fig.
1), i.e. a conceptual model depicting the studied domain [5],
[6]. The ISSRM domain model has been established through
the analysis of the related literature: risk management standards
[7], [8] security-related standards [9], [10] security risk
management standards [11]-[14] and methods [15]-[19] and
security requirements engineering frameworks [20]-[22].
The ISSRM domain model is organized in three groups of
concepts, as represented on Fig. 1:
Asset-related concepts describe assets and the goals
which guarantee asset security.
Risk-related concepts present how the risk itself is
defined.
Risk treatment-related concepts describe what
decisions, requirements and controls should be defined
and implemented in order to mitigate possible risks.
In this paper, we use the concept of Security Goal, which
merges the concepts of Security Criterion and Security
Objective defined in the initial model.
Fig. 1. ISSRM domain model (extracted from [5])
The description of the main concepts of the ISSRM domain
model is summarized in TABLE I.
TABLE I. ISSRM CONCEPTS (EXTRACTED FROM [5])
Concept Description
Asset
Anything that has value to the organization and is
necessary for achieving its objectives
Business Asset
Describes information, processes, capabilities and
skills inherent to the business and core mission of
the organization, having value for it
IS Asset
A component of the IS supporting business assets
like a database where information is stored
Security Goal
A property or constraint on business assets
describing their security needs, usually for
confidentiality, integrity and availability
Risk
The combination of a threat with one or more
vulnerabilities leading to a negative impact
harming the assets
Impact
The potential negative consequence of a risk that
may harm assets of a system or an organization,
when a threat (or the cause of a risk) is
accomplished
Vulnerability
A characteristic of an IS asset or group of IS assets
that can constitute a weakness or a flaw in terms of
IS security
Threat
A potential attack or incident, which targets one or
more IS assets and may lead to the assets being
harmed
Risk Treatment An intentional decision to treat identified risks
Security
Requirement
The refinement of a treatment decision to mitigate
the risk
Control
Controls (countermeasures or safeguards) are
designed to improve security, specified by a
3. Concept Description
security requirement, and implemented to comply
with it
The ISSRM domain model is neutral with respect to the
types of business, of industries and sectors. In section III, we
will discuss of its specialization with respect to the service
sector.
B. EAML and ArchiMate
The Open Group proposes ArchiMate as a standard
Enterprise Architecture Modeling Language (EAML), which
provides the capability to represent an enterprise in a uniform
way, according to the multiple stakeholders’ viewpoints, across
business, IS and IT architecture layers [2]. Although it has not
been specifically developed for the service system domain,
ArchiMate introduces constructs supporting the concept of
service as an abstraction of the behavior exposed by a system
[4]. In enterprise engineering, an enterprise is viewed as a
complex designed system, and a service-oriented enterprise can
therefore be considered as a set of services exposed to the
enterprise’s environment.
ArchiMate introduces a layered representation of the
enterprise architecture, organized in 3 abstraction layers:
business, application and technology. The layers conform to
strict dependencies going from upper layer (business) to
bottom layer (infrastructure), i.e. the elements of the business
layer have dependencies on elements of the application layer,
which have dependencies on elements of the technology layer.
There are no dependencies permitted the other way round.
The modeling pattern exposed in Figure 2 forms the
foundation of the language: a service at the same time abstracts
a behavior (that realizes the service) and is a part of a behavior
(composed of services). The pattern is instantiated in each
abstraction layer, contextualized with the relevant concepts of
that layer introducing the concepts of business service,
application service and infrastructure service.
Fig. 2. ArchiMate modeling pattern (extracted from [4])
Two extensions have been introduced in the version 2.0 of
the language specification: the Motivation extension and the
Implementation and Migration extension. The Motivation
extension (Fig. 3) defines the motivational element, abstracting
“the reason lying behind the architecture of an enterprise”. A
motivational element is related to a core element of the
architecture through the concept of requirement: a requirement
is realized by a (set of) core elements of the architecture. The
motivation extension has been developed to support an
additional dimension of the architecture: besides the what
(passive structure), who (active structure) and how (behavior),
the motivation supports the why dimension. The motivation is
relevant in each of the 3 abstraction layers (business,
application and technology) and allows tracing the rationale
behind the elements of the architecture.
Fig. 3. ArchiMate Motivation Extension (extracted from [4])
The definition of the main concepts of the ArchiMate
metamodel is summarized in TABLE II.
TABLE II. ARCHIMATE CONCEPTS (EXTRACTED FROM [4])
Concept Description
Business Service
A service that fulfills a business need for a
customer (internal or external to the organization).
Business Object
A passive element that has relevance from a
business perspective.
Business Process
A behavior element that groups behavior based on
an ordering of activities. It is intended to produce
a defined set of products or business services.
Business Actor
An organizational entity that is capable of
performing behavior.
Business Role
The responsibility for performing specific
behavior, to which an actor can be assigned.
Application
Service
A service that exposes automated behavior.
Application
Component
A modular, deployable, and replaceable part of a
software system that encapsulates its behavior and
data and exposes these through a set of interfaces.
Data Object
A passive element suitable for automated
processing.
Infrastructure
Service
An externally visible unit of functionality,
provided by one or more nodes, exposed through
well-defined interfaces, and meaningful to the
environment.
Node
A computational resource upon which artifacts
may be stored or deployed for execution.
Device
A hardware resource upon which artifacts may be
stored or deployed for execution.
Network
A communication medium between two or more
devices.
System Software
A software environment for specific types of
components and objects that are deployed on it in
the form of artifacts.
Artifact
A physical piece of data that is used or produced
in a software development process, or by
deployment and operation of a system.
Value
The relative worth, utility, or importance of a
business service or product.
Driver
Something that creates, motivates, and fuels the
change in an organization.
Assessment The outcome of some analysis of some driver.
Goal An end state that a stakeholder intends to achieve.
4. Concept Description
Requirement
A statement of need that must be realized by a
system.
Principle
A normative property of all systems in a given
context, or the way in which they are realized.
III. MAPPING OF CONCEPTS
The purpose of our research is to build an extended EAM
supporting a security risk-oriented design of an EA meeting its
associated business services goals. This extended EAM is the
result of the integration of ISSRM and EAM through the
Enterprise Model Integration (EMI) approach [23], [24]. Given
the two metamodels to integrate (ArchiMate and ISSRM), we
concentrate on resolving the semantic heterogeneity through
concept mapping and integration rules [25]: neither the
syntactical nor the structural heterogeneity is indeed relevant in
our case, as the ISSRM metamodel does not currently propose
any concrete syntax. A concept mapping introduces a
correspondence between at least one concept of each of the
source model. The major correspondences are: Equivalence,
Relation and Non-Relation. A relation between two concepts
can be a generalization (and reversely specialization), a
composition, an aggregation, an association, a classification.
While the concept mapping addresses what is integrated, the
integration rules addresses how the integration is actually
performed, depending on the defined mapping. Equivalent
concepts are integrated through an alignment rule (merge,
mapping, abstraction), while related concepts are integrated
through a connection rule (generalization, aggregation,
composition, association, classification).
In this paper, we specifically develop the mapping of
concepts between both metamodels, also encompassing the
service dimension. The result of the application of the
integration rules is only briefly illustrated.
A. Asset-Related Concepts
The ISSRM distinguishes between business assets and IS
assets (resources), as exposed in Section II. Security risk
management practitioners usually classify business processes,
information, skills and capabilities as business assets. We apply
this classification and consider that in EAM, a Business
Process, a Business Object, a Business Actor and a Business
Role are all business assets. These elements deliver Value
through the central concept of Business Service: information,
business processes and skills are leveraged for the service-
oriented enterprise to deliver its value (through the business
service). The Business Service encapsulates these business
assets and abstracts the value they bring to the enterprise.
We therefore introduce the first mapping of concepts: a
Business Process, a Business Object, a Business Actor and a
Business Role, all are specializations of a Business Asset in
terms of risk management.
The concept of IS Asset in ISSRM abstracts a component
of the IS that support the business asset. It is very close to the
EAM domain that considers that elements of the application
layer realize (or are used by) the elements of the business layer.
Application and infrastructure services are the major
abstractions of the application and technology layers. They are
however not sufficient to be considered in the mapping of the
IS Asset in terms of risk management: the vulnerabilities are
indeed not the characteristics of the packaged set of resources
(which the service abstracts), but of the actual components that
the service is made of, i.e. of the structural elements of the
technology architecture.
A second mapping of concepts is therefore introduced in
the form of specialization between the structural elements of
the technology and application layers and the IS Asset concept
of ISSRM: a node, a device, a system software, a network and
an application component, all are specialization of IS Asset.
This means that the vulnerabilities of all these elements need to
be identified in a risk assessment exercise.
B. Risk-Related Concepts
A Security Goal represents an intention of securing the
business assets in order to increase the value of the associated
business service. For example, the confidentiality of the
information manipulated by the business service increases the
value of the service when it is relevant for the business.
Although it could be tempting associating the Security Goal
with a goal in terms of EAM, it is important to remind that risk
management defines the Security Goal as an indicator to assess
the significance of the risks. We therefore choose to map the
Security Goal to the concept of Driver in terms of EAM (a
Security Goal is-a Driver), and the concept of Risk to the
concept of Assessment (a Risk is-a Assessment). The mapping
of the relation between Security Goal and Business Asset
requires additional concepts to be considered: ArchiMate
indeed does not support direct relation between Driver
(Security Goal) and the elements of the business layer
(Business Asset). However, a Driver influences the Value of a
Business Service: the Security Goal associated with a Business
Asset influences the value of the Business Service
encapsulating these assets, e.g. the confidentiality of the
information manipulated by the business service increases the
value of the business service in today’s context of cloud
infrastructure. Given this mapping of concepts, security risk
management can therefore be expressed in the following way:
the risk is the outcome of the analysis made on the intention to
secure business elements of the enterprise in order to increase
the value of the associated business service.
The components of the Risk (Event and Impact) are also
modeled with the concept of Assessment and the composition
relation (an Assessment composed of other Assessments), as
they are the results of the risk analysis. The same approach is
applied to map the Threat and the Vulnerability.
As explained in Section II, there are causal chains of
impacts. Final elements of these chains (like, the loss of
reputation) negatively impact the value of one or several
business services, through a negative influence on a Driver. We
propose modeling the chain of impacts in ArchiMate with a
composition of impacts. It should be noted that the final
element of a chain of impact might negatively influence
another driver than the one that initiated the risk assessment,
and even a non-security driver. For instance, the ‘Reputation of
the Enterprise’ is a strategic driver that is not a security goal. It
is however negatively influenced by the impact ‘loss of
reputation’ associated with the security risk ‘identification
5. theft’ associated with the security goal ‘Guarantee integrity of
information’. It is therefore very relevant to integrate the
analysis of security risks as a strategic activity of the enterprise,
and not perform it in a silo.
C. Risk Treatment-Related Concepts
Risk treatment deals with the decisions and solutions
developed to overcome the risks after they have been identified
and assessed. The goal of that part of the model is very relevant
to EAM as a governing tool.
The Risk Treatment is the decision of how to treat the Risk:
retention, reduction, transfer, avoidance. It is mapped to the
EAM concept of Goal: the Goal (Risk Treatment) addresses the
Assessment (Risk) of the Driver (Security Goal). The Security
Requirement is introduced when the Risk Treatment decision is
to reduce the risk. The Security Requirement is naturally
modeled with the EAM concept of Requirement: they are the
means to reach the end, i.e. to realize the Goal. Finally, the
Control as the abstraction of the solution that implements the
Security Requirement is mapped to a (set of) Core Elements of
the architecture: the realization relation between Requirement
and Core Element is used to trace the rationale behind the
elements of the solution. The solution to a security requirement
can be realized by elements of the business layer, application
layer and/or infrastructure layer. When multiple solutions can
be envisaged, the enterprise architecture models represent a
support to take the final decision, potentially based on an ROI
analysis.
It should be noted that ArchiMate introduces also the
concept of Principle, supporting an indirection between the
Goal and the Requirements. It might be very useful in the
design of the Security solution that addresses the security risks:
the security guidelines that are very common in the security
domain (although not part of the ISSRM model) can benefit
from this modeling element.
D. Integrated Metamodel
The mapping between the concepts of ISSRM and EAM is
summarized in TABLE III.
TABLE III. ISSRM-EAM CONCEPTS MAPPING
ISSRM Concept EAM Concept Mapping
Business Asset Business Process Generalisation
Business Asset Business Object Generalisation
Business Asset Business Actor Generalisation
Business Asset Business Role Generalisation
IS Asset
Application
Component
Generalisation
IS Asset System Software Generalisation
IS Asset Node Generalisation
IS Asset Device Generalisation
IS Asset Network Generalisation
Security
Objective
Driver Specialisation
ISSRM Concept EAM Concept Mapping
Risk Assessment Specialisation
Event Assessment Specialisation
Impact Assessment Specialisation
Threat Assessment Specialisation
Vulnerability Assessment Specialisation
Risk Treatment Goal Specialisation
Security
Requirement
Requirement Specialisation
Control Core Element Specialisation
Once the concepts are mapped, the rules (how) to integrate
the concepts within the integrated metamodel are defined. The
concepts are mainly mapped through generalisation (or
specialisation) relation and we apply the related generalisation
(or specialisation) integration rule. When it comes to adopt a
representation of the risk concepts (concrete syntax) within the
integrated model, we decide at this stage to reuse the existing
ArchiMate notation: a Security Goal is a Driver, and reuses the
Driver symbol as representation. A part of the resulting
integrated metamodel is illustrated in Fig. 4, in the ArchiMate
notation.
Fig. 4. ISSRM in Relation with EAM
IV. CASE STUDY – @RCHIMED
The metamodel integration is illustrated with a lab case study,
@rchimed1
, which is a reference case study for the EBIOS
method [15]. This latter is a risk analysis method defined by
the French Ministry of Defense which firstly allows evaluating
security risks of the IS and secondly allows elaborating
appropriate policies according to the organization needs. The
description of the case study is organized in two parts. In the
first part, we present the context and the existing enterprise
architecture of @rchimed. During this part, we identify the
assets of the enterprise and we elaborate a standard
ArchiMate-based EA model that highlights the connections
between the business assets and the IS assets. The second part
of the case study concerns the security risk management
extension. We model the @rchimed enterprise risks following
the mapping realized in Section III.
1
http://www.ssi.gouv.fr/IMG/pdf/EBIOS-EtudeDeCas-Archimed-
2010-01-25.pdf
6. A. @rchimed architecture
@rchimed is an AEC company specialized in the design of
blueprints for the building of new factories and offices. To that
end, @rchimed offers, to its customers, services related to the
analysis of building stability and estimations of the costs. The
reputation of the enterprise is a very important factor to win
market shares in a more and more competitive market.
@rchimed’s strategy is based on two drivers: on one hand
improving the reputation of the company, and on the other
hand reducing the costs to remain competitive.
We focus on the studies elaboration business service,
exploited by external customers, and achieved by three
processes performed by the @rchimed experts, namely: the
visualization elaboration, the structures calculation and the
technical plans elaboration. These processes generate two
business objects: the building structure calculations and the
structural parameters. Amongst these processes, the structures
calculation is supported by the calculation service which is
itself realized by the Structure Management Software. This
application is accessed by the experts through the parameters
setting interface and generates the calculations on files, listings
and USB supports. The value of the studies elaboration
business service relies upon the accuracy of the delivered
product (to know: the structural parameters business object).
This part of @rchimed has been modeled with ArchiMate and
presented on the left top part of Figure 5. Regarding the
management of the risks, we consider, that the studies
elaboration business service corresponds to the business asset
and that the Structure Management software application and
parameters setting interface correspond to the IS assets.
B. Risk management
This second part of the case study corresponds to the
deployment of a classical risk analysis that we have addressed
through 3 steps (according to ISO 27005 [12]): definition of
the security goals, analysis of the risks and definition of the
risks treatment.
1) Definition of the security goals
In order to support and increase the value of its studies
elaboration business service, @rchimed identifies that from a
security perspective it is of paramount importance to guarantee
the integrity of the calculation (more than its availability or
confidentiality). In terms of ArchiMate model, the security goal
integrity of calculation is therefore modeled as a driver
positively influencing the value of the business service studies
elaboration.
2) Risk analysis
The second step of the analysis consists in determining the
security risks and assessing them from the perspective of the
identified security goal. Regarding the integrity of the
calculation goals, the risk is naturally to have calculation
alteration. This latter could happen following an identity theft
due to a lack of access control on the information system. This
risk has an impact on the loss of integrity, and according to a
chain of impacts on the loss of reputation, the stability of
building not guaranteed, building collapse, lawsuits.
In terms of ArchiMate model, the calculation alteration is a
risk modeled with the assessment construct. This assessment is
a combination of two other assessments which correspond
respectively to the impact and the event. In our case the impact
is the loss of integrity as well as the chain of impacts (modeled
as aggregated assessments), and the event corresponds to the
identity theft. In the same way, the event is an assessment
supported by a combination of two other assessments
corresponding to the threat and to the vulnerability. According
to the case study, these latter are, namely, the identity theft and
the lack of access control. This lack of access control is a
vulnerability that may be exploited when the expert introduces
the structural parameters in the parameters setting interface:
the vulnerability is characteristic of this interface, while the
threat targets the expert actor.
The impact loss of integrity negates the initial security goal
integrity of the calculation and therefore has a negative
influence on the value of the associated service. Moreover, the
deduced impacts also have negative impacts for the strategy of
the company: the loss of reputation negatively influences the
strategic driver reputation of @rchimed, while the lawsuit
negatively influences the strategic driver reduce costs.
This second step of the case study highlights that it is
possible with the ArchiMate language to identify the risks
associated to (security) goals and to describe them in terms of
impact, event, threat and vulnerability. However, the
ArchiMate language does not allow relating the assessment
concept to the core concepts with anything else than the very
weak association relation. Thereby, it does not allow strongly
typing the relation between the vulnerability and threat
concepts with the core EAM concepts.
C. Risk treatment
The threat composing the calculation alteration risk being
identified as a potential identity theft, a risk treatment action
has to be undertaken. Although @rchimed is looking for cost
reduction, the impacts of this risk are too high for the company
to live with it. The risk treatment decision could typically be
supported with a cost-impact analysis. @rchimed decides for a
risks reduction action associated with the deployment of an
access right management. This control should guarantee the
integrity of the parameters settings interface.
This risk treatment is mapped on the concept of goal from the
EAML and influences the value of confidentiality/integrity of
the parameter settings interface. This goal is realized by a
security requirement which requests to have an access right
control service. This security requirement is mapped on the
requirement concept from EAML and is realized by an access
control service. This one is depicted on the left bottom part of
Fig. 5. The service is realized by three security processes,
namely: the policy elaboration (that generates the Security
policies business object), the exceptions management and the
access rights audit. All these processes are assigned to the
security department and use the access right management
application service. This latter is realized by an access control
application that read the access control security policy data
object and that collaborates with the parameters setting
interface in order to control the user’s access rights.
7. Fig. 5. @rchimed Extended Enterprise Architecture Model
V. RELATED WORKS
There exist many practical security risks management
methods (like BSI, EBIOS, CRAMM, and Octave). However,
they lack in formality for their produced analyses which are
mostly based on natural language descriptions sometimes
complemented with tables and informal diagrams. As stated in
[6], the introduction of a model-based approach for ISSRM is
relevant. It is motivated first by an efficiency improvement of
the ISSRM process, and second by the enhancement of the
product resulting of the performed process.
In Requirements Engineering (RE), concepts associated
with the analysis and the reasoning on security goals and
requirements are introduced in languages like Secure i* [26]
addressing security trade-offs, KAOS’ extension to security
[27], and Secure Tropos [28] extending the language by
considering security constraints and attack methods. Abuse
cases [29], misuse cases [30] are other RE languages which
extend the UML Use Case with a focus on threats and
vulnerabilities. In Software Engineering, other extensions to
UML have also been proposed for dealing with security issues
at the design stages (security requirements and controls), like
UMLsec [31] and SecureUML [32] but with less focus on
business assets and high-level security requirements.
In the languages mentioned above, only a part of the
ISSRM concepts introduced in Section II is taken into account.
A larger coverage of the risk related concepts is provided in the
UML profile CORAS [33], in another extension of the i*
framework [34] and in [35] where a full alignment of Secure
Tropos with the ISSRM is presented. Despite these progresses,
we argue that theses languages still lack from a crosscutting
viewpoint relating all three conceptual areas of risk
management together- assets, risks and risk treatments. We
advocate that Enterprise Architecture Management (EAM) [3]
provides an answer to this by acknowledging that an enterprise
is a system that requires modeling from multiple perspectives
8. and at different levels of abstraction. The EAM discipline
permits the realization of informed enterprise governance, i.e.
enterprise governance based on relevant information.
Governance is associated with decision taking and associated
risk assessment. Some recent works include the analysis of
risks in relation with the business/IT alignment dimension [36]
and within the context of the global GRC (Governance, Risk,
Compliance) dimension [37]. Our work deepens these results
by considering specific information security risks management
in the line of [38] but by considering a larger ISSRM
metamodel as well as its mapping into ArchiMate
Integrating security risks management and enterprise
architecture is also investigated by the ArchiMate forum2
. The
primary objective of this workgroup is to issue a white paper
for guidelines about the Risk and Security extensions of
ArchiMate. This extension foresees using existing ArchiMate
concepts AS-IS to model risk/security aspects, to elaborate
risk/security-specific specializations (stereotypes/profiles) and
to define new concepts. We take part to this work and expect to
leverage the results of the proposed mapping as an input to this
activity.
VI. CONCLUSIONS AND FUTURE WORK
In this paper, we have proposed an integration of security
risk management and enterprise architecture management in
the form of concepts mapping between the metamodels of both
domains. The proposed mapping of concepts allows moving
further into the integration of risk management and enterprise
architecture, especially in terms of method. The benefits of this
integration have been illustrated with a case study. The
approach leverages enterprise architecture modeling to support
the identification of business and IS assets. It also proposes to
model the treatment of the risk, especially in relation with the
value of the risk treatment and with the rationale behind the
elements of the architecture. It however does not give real
support in the identification of the threats and vulnerabilities
associated with the elements of the architecture: EAML indeed
lacks the possibility to express the relations between the risk
and assessed element (no direct relationship between
Motivational Element and Core Element, at the exception of
Requirement). This confirms that the Motivation Extension has
been developed to explain the rationale behind the architecture,
but not to support analysis of an existing architecture.
The proposed extended EAM also addresses the mechanism
to support the service industry with a model of risk that was
initially targeting the security of information systems. We are
currently investigating the extension of the ISSRM model to
apply security risk management to service systems. It is
specifically interesting in order to tackle the chain of risks
through the networked enterprises.
The extended EAM presented in this paper has been
applied in a collaborative R&D project, and more specifically
in the definition of a risk management method for the
telecommunication sector, in collaboration with the national
regulator in Luxembourg. Preliminary results have been
presented in [40].
2
http://www.opengroup.org/archimate/
Although requirements to manage risks might be initiated
by regulators in all industries, some organizations now
consider their risk management capabilities as an opportunity
to drive competitive advantage. In its 2011 study on Global
Risk Management [39], Accenture identifies that “risk
management is now more closely integrated with strategic
planning and is conducted proactively, with an eye on how
[risk management] capabilities might help a company move
into new markets faster or pursue other evolving growth
strategies. At its best, risk management is a matter of balance
— the balance between a company’s appetite for risks and its
ability to manage them”. We assist to the transformation of risk
management from an operational regulatory constraint, to a
mean to drive strategic enterprise transformation. This new
perspective on risk management enforces the need to integrate
risk management and EAM.
ACKNOWLEDGMENT
We acknowledge the Fond National de la Recherche (FNR)
in Luxembourg that partially supports this work through the
PEARL program ASINE. We also thank our colleague Nicolas
Mayer for his valuable advises in the field of risk management,
and his time spent in very intense discussions around this topic.
REFERENCES
[1] J. Spohrer, P. Maglio, J. Bailey, D. Gruhl, "Steps toward a science of
service sytems". IEEE Computer, 40, pp. 71–77, 2007
[2] M. Lankhorst, Enterprise Architecture at Work - Modelling,
Communication and Analysis, 3rd ed. Springer Berlin Heidelberg, 2013
[3] M. Op ’t Land, Proper, M. Waage, J. Cloo, and C. Steghuis, Enterprise
Architecture - Creating Value by Informed Governance. Springer Berlin
Heidelberg, 2008
[4] The Open Group, ArchiMate 2.0 Specification. Van Haren Publishing,
The Netherlands, 2012
[5] N. Mayer, “Model-based Management of Information System Security
Risk,” PhD Dissertation, University of Namur, 2009.
[6] E. Dubois, P. Heymans, N. Mayer, and R. Matulevičius, “A Systematic
Approach to Define the Domain of Information System Security Risk
Management,” in Intentional Perspectives on Information Systems
Engineering, S. Nurcan, C. Salinesi, C. Souveyet, and J. Ralyté, Eds.
Berlin, Heidelberg: Springer Berlin Heidelberg, 2010, pp. 289–306.
[7] AS/NZS 4360, Risk management. SAI Global, 2004.
[8] ISO/IEC Guide 73, Risk management – Vocabulary – Guidelines for use
in standards. Geneva: International Organization for Standardization,
2002.
[9] ISO/IEC 13335-1, Information technology – Security techniques –
Management of information and communications technology security –
Part 1: Concepts and models for information and communications
technology security management. Geneva: International Organization
for Standardization, 2004.
[10] Common Criteria version 3.1, Common Methodology for Information
Technology Security Evaluation - Evaluation methodology. 2007.
[11] ISO/IEC 27001, Information technology – Security techniques –
Information security management systems – Requirements. Geneva:
International Organization for Standardization, 2005.
[12] ISO/IEC 27005, Information technology – Security techniques –
Information security risk management. Geneva: International
Organization for Standardization, 2008.
[13] G. Stoneburner, C. Hayden, and A. Feringa, NIST Special Publication
800-27 Rev. A: Engineering Principles for Information Technology
Security (A Baseline for Achieving Security). Gaithersburg: National
Institute of Standards and Technology, 2004.
9. [14] Bundesamt für Sicherheit in der Informationstechnik, The IT-
Grundschutz Catalogues. 2005.
[15] DCSSI, EBIOS - Expression of Needs and Identification of Security
Objectives. France:
http://www.ssi.gouv.fr/en/confidence/ebiospresentation.html, 2004.
[16] CLUSIF, MEHARI 2007: Concepts and Mechanisms. France: , 2007.
[17] C. J. Alberts and A. J. Dorofee, “OCTAVE criteria, Version 2.0,”
Carnegie Mellon University - Software Engineering Institute, Pittsburgh,
Pennsylvania, CMU/SEI-2001-TR-016, 2001.
[18] Insight Consulting, CRAMM (CCTA Risk Analysis and Management
Method) User Guide version 5.0. SIEMENS, 2003.
[19] F. Vraalsen, T. Mahler, M. S. Lund, I. Hogganvik, F. den Braber, and K.
Stølen, “Assessing Enterprise Risk Level: The CORAS Approach,” in
Advances in Enterprise Information Technology Security, D. Khadraoui
and F. Herrmann, Eds. Idea group, 2007, pp. 311–333.
[20] D. G. Firesmith, “Common Concepts Underlying Safety, Security, and
Survivability Engineering,” Carnegie Mellon University - Software
Engineering Institute, Pittsburgh, Pennsylvania, CMU/SEI-2003-TN-
033, 2003.
[21] C. B. Haley, R. C. Laney, J. D. Moffett, and B. Nuseibeh, “Security
Requirements Engineering: A Framework for Representation and
Analysis,” IEEE Transactions on Software Engineering, vol. 34, no. 1,
pp. 133–153, 2008.
[22] S.-W. Lee, R. A. Gandhi, and G.-J. Ahn, “Security Requirements Driven
Risk Assessment for Critical Infrastructure Information Systems,” in
Proceedings of the 3rd Symposium on Requirements Engineering for
Information Security (SREIS ’05), in conjunction with the 13th IEEE
International Requirements Engineering Conference (RE ’05), 2005.
[23] Kühn, H., Bayer, F., Junginger, S. and Karagiannis, D. (2003).
Enterprise Model Integration. In:Proceedings of the 4th International
Conference EC-Web 2003 (DEXA 2003), Czech Republic, 2003, LNCS
2738, Springer, pp. 379-392.
[24] Karagiannis, D. and Kühn, H. (2002). Metamodelling Platforms. In:
Proceedings of the Third International Conference EC-Web 2002 – Dexa
2002, Aix-en-Provence, France, September 2-6, 2002, LNCS 2455,
Springer-Verlag, p. 182. Full version: http://www.dke.univie.ac.at/mmp
[25] Zivkovic, S.; Kuhn, H.; and Karagiannis, Dimitris, "Facilitate Modelling
Using Method Integration: An Approach Using Mappings and
Integration Rules" (2007). ECIS 2007 Proceedings. Paper 122.
http://aisel.aisnet.org/ecis2007/122
[26] G. Elahi and E. Yu. A Goal Oriented Approach for Modeling and
Analyzing Security Trade-Os. In C. Parent, K.-D. Schewe, V. C. Storey,
and B. Thalheim, editors, Proceedings of the 26th International
Conference on Conceptual Modelling (ER 2007), volume 4801, pages
87{101. Springer-Verlag Berlin Heidelberg, 2007
[27] van Lamsweerde A (2004) Elaborating security requirements by
construction of intentional anti-models. In: Proceedings of the 26th
international conference on software engineering (ICSE’04), IEEE
Computer Society, pp 148–157
[28] H. Mouratidis and P. Giorgini, Secure Tropos: A Security-oriented
Extension of the Tropos Methodology, International Journal of Software
Engineering and Knowledge Engineering (IJSEKE), vol. 17, no. 2,
pp.285-309, 2007.
[29] McDermott J, Fox C (1999) Using abuse case models for security
requirements analysis. In: Proceedings of the 15th annual computer
security applications conference (ACSAC’99), IEEE Computer Society,
pp 55–65
[30] Sindre G, Opdahl AL (2004) Eliciting security requirements with misuse
cases. Reqs Eng J 10(1):34–44
[31] Jürjens J (2002) UMLsec: extending uml for secure systems
development. In: Proceedings of the 5th international conference on the
unified modeling language (UML’02). LNCS, vol 2460. Springer, pp
412–425
[32] Lodderstedt T, Basin D, Doser J (2002) SecureUML: a UML-based
modeling language for model-driven security. In: Proceedings of the 5th
international conference on the unified modeling language (UML’02),
Springer, pp 426–441
[33] Lund, Mass Soldal, Bjørnar Solhaug, and Ketil Stølen. "Risk analysis of
changing and evolving systems using CORAS." Foundations of security
analysis and design VI. Springer Berlin Heidelberg, 2011. 231-274.
[34] Elahi G, Yu E, Zannone N (2010) A vulnerability-centric requirements
engineering framework: analyzing security attacks, countermeasures,
and requirements based on vulnerabilities. Reqs Eng J 15(1):41–62
[35] Matulevičius, R.; Mouratidis, H.; Mayer, N.; Dubois, E.; Heymans, P.
(2012). Syntactic and Semantic Extensions to Secure Tropos to Support
Security Risk Management. Journal of Universal Computer Science,
18(6), (pp. 816-844).
[36] Nurcan, Selmin, Bruno Claudepierre, and Islem Gmati. "Conceptual
Dependencies between two connected IT domains: Business/IS
alignment and IT governance." Research Challenges in Information
Science, 2008. RCIS 2008. Second International Conference on. IEEE,
2008.
[37] Vicente, Pedro, and Miguel Mira da Silva. "A conceptual model for
integrated governance, risk and compliance." Advanced Information
Systems Engineering. Springer Berlin Heidelberg, 2011.
[38] Innerhofer-Oberperfler, Frank, and Ruth Breu. "Using an enterprise
architecture for IT risk management." Information Security South Africa
Conference, ISSA. 2006.
[39] Accenture, “Report on the Accenture 2011 Global Risk Management
Study.” 2011
[40] Mayer, N., Aubert, J., Cholez, H., Grandry, E. “Sector-Based
Improvement of the Information Security Risk Management Process in
the Context of Telecommunications Regulation”, 20th EuroSPI
Conference, CCIS in press.