Modeling enterprise risk management and security with the ArchiMate language

Iver Band; Wilco Engelsman; Christophe Feltus; Sonia González Paredes; Jim Hietala; Henk Jonkers; Sébastien Massart

Modeling enterprise risk management and security with the ArchiMate language

Iver Band, Wilco Engelsman, Christophe Feltus, Sonia González Paredes, Jim Hietala, Henk Jonkers, Sébastien Massart

Research output: Other contribution

4081 Downloads (Pure)

Abstract

Enterprise Architects can use the ArchiMate® language to model Enterprise Risk Management (ERM) and security concepts and relationships. This widely accepted open standard provides the modeling constructs to describe and interconnect business and technical architectures. Applying the ArchiMate language to represent risk and security concepts results in the ideal vehicle to consider these aspects in an integral way. The ArchiMate language fits well with other Enterprise Architecture (EA) frameworks and standards, such as the TOGAF® standard and the Zachman framework, as well as enterprise security management frameworks such as the Sherwood Applied Business Security Architecture (SABSA).
Through its Motivation extension, the ArchiMate language makes it possible to link control measures to security requirements, principles, and goals, as well as to the results of a risk analysis. On the other hand, ArchiMate models can be linked to design languages for business processes and IT solutions such as BPMN and UML. These linkages enable precise gathering of a set of broadly accepted risk and security concepts, analysis of their semantics, and consensus regarding the most important ones of the full scope of enterprise risk.
This White Paper, a joint project of The Open Group ArchiMate Forum and The Open Group Security Forum, demonstrates this approach and identifies opportunities for future work that would enhance it.

Original language	English
Type	A White Paper Published by The Open Group
Number of pages	42
Publication status	Published - Jan 2015
Externally published	Yes

Access to Document

Modeling Enterprise Risk Management and Secutity with the ArchiMate LanguageSubmitted manuscript, 2.66 MB
Modeling Enterprise Risk Management and Security with the ArchiMate LanguageSubmitted manuscript, 162 KB

Cite this

@misc{d2d92390811345be868098a06f243a96,

title = "Modeling enterprise risk management and security with the ArchiMate language",

abstract = "Enterprise Architects can use the ArchiMate{\textregistered} language to model Enterprise Risk Management (ERM) and security concepts and relationships. This widely accepted open standard provides the modeling constructs to describe and interconnect business and technical architectures. Applying the ArchiMate language to represent risk and security concepts results in the ideal vehicle to consider these aspects in an integral way. The ArchiMate language fits well with other Enterprise Architecture (EA) frameworks and standards, such as the TOGAF{\textregistered} standard and the Zachman framework, as well as enterprise security management frameworks such as the Sherwood Applied Business Security Architecture (SABSA). Through its Motivation extension, the ArchiMate language makes it possible to link control measures to security requirements, principles, and goals, as well as to the results of a risk analysis. On the other hand, ArchiMate models can be linked to design languages for business processes and IT solutions such as BPMN and UML. These linkages enable precise gathering of a set of broadly accepted risk and security concepts, analysis of their semantics, and consensus regarding the most important ones of the full scope of enterprise risk.This White Paper, a joint project of The Open Group ArchiMate Forum and The Open Group Security Forum, demonstrates this approach and identifies opportunities for future work that would enhance it.",

author = "Iver Band and Wilco Engelsman and Christophe Feltus and {Gonz{\'a}lez Paredes}, Sonia and Jim Hietala and Henk Jonkers and S{\'e}bastien Massart",

note = "Document No.: W150",

year = "2015",

month = jan,

language = "English",

type = "Other",

}

TY - GEN

T1 - Modeling enterprise risk management and security with the ArchiMate language

AU - Band, Iver

AU - Engelsman, Wilco

AU - Feltus, Christophe

AU - González Paredes, Sonia

AU - Hietala, Jim

AU - Jonkers, Henk

AU - Massart, Sébastien

N1 - Document No.: W150

PY - 2015/1

Y1 - 2015/1

N2 - Enterprise Architects can use the ArchiMate® language to model Enterprise Risk Management (ERM) and security concepts and relationships. This widely accepted open standard provides the modeling constructs to describe and interconnect business and technical architectures. Applying the ArchiMate language to represent risk and security concepts results in the ideal vehicle to consider these aspects in an integral way. The ArchiMate language fits well with other Enterprise Architecture (EA) frameworks and standards, such as the TOGAF® standard and the Zachman framework, as well as enterprise security management frameworks such as the Sherwood Applied Business Security Architecture (SABSA). Through its Motivation extension, the ArchiMate language makes it possible to link control measures to security requirements, principles, and goals, as well as to the results of a risk analysis. On the other hand, ArchiMate models can be linked to design languages for business processes and IT solutions such as BPMN and UML. These linkages enable precise gathering of a set of broadly accepted risk and security concepts, analysis of their semantics, and consensus regarding the most important ones of the full scope of enterprise risk.This White Paper, a joint project of The Open Group ArchiMate Forum and The Open Group Security Forum, demonstrates this approach and identifies opportunities for future work that would enhance it.

AB - Enterprise Architects can use the ArchiMate® language to model Enterprise Risk Management (ERM) and security concepts and relationships. This widely accepted open standard provides the modeling constructs to describe and interconnect business and technical architectures. Applying the ArchiMate language to represent risk and security concepts results in the ideal vehicle to consider these aspects in an integral way. The ArchiMate language fits well with other Enterprise Architecture (EA) frameworks and standards, such as the TOGAF® standard and the Zachman framework, as well as enterprise security management frameworks such as the Sherwood Applied Business Security Architecture (SABSA). Through its Motivation extension, the ArchiMate language makes it possible to link control measures to security requirements, principles, and goals, as well as to the results of a risk analysis. On the other hand, ArchiMate models can be linked to design languages for business processes and IT solutions such as BPMN and UML. These linkages enable precise gathering of a set of broadly accepted risk and security concepts, analysis of their semantics, and consensus regarding the most important ones of the full scope of enterprise risk.This White Paper, a joint project of The Open Group ArchiMate Forum and The Open Group Security Forum, demonstrates this approach and identifies opportunities for future work that would enhance it.

M3 - Other contribution

ER -

Modeling enterprise risk management and security with the ArchiMate language

Abstract

Access to Document

Fingerprint

Cite this