Modeling enterprise risk management and security with the ArchiMate language

Iver Band, Wilco Engelsman, Christophe Feltus, Sonia González Paredes, Jim Hietala, Henk Jonkers, Sébastien Massart

Research output: Other contribution

2814 Downloads (Pure)


Enterprise Architects can use the ArchiMate® language to model Enterprise Risk Management (ERM) and security concepts and relationships. This widely accepted open standard provides the modeling constructs to describe and interconnect business and technical architectures. Applying the ArchiMate language to represent risk and security concepts results in the ideal vehicle to consider these aspects in an integral way. The ArchiMate language fits well with other Enterprise Architecture (EA) frameworks and standards, such as the TOGAF® standard and the Zachman framework, as well as enterprise security management frameworks such as the Sherwood Applied Business Security Architecture (SABSA).
Through its Motivation extension, the ArchiMate language makes it possible to link control measures to security requirements, principles, and goals, as well as to the results of a risk analysis. On the other hand, ArchiMate models can be linked to design languages for business processes and IT solutions such as BPMN and UML. These linkages enable precise gathering of a set of broadly accepted risk and security concepts, analysis of their semantics, and consensus regarding the most important ones of the full scope of enterprise risk.
This White Paper, a joint project of The Open Group ArchiMate Forum and The Open Group Security Forum, demonstrates this approach and identifies opportunities for future work that would enhance it.
Original languageEnglish
TypeA White Paper Published by The Open Group
Number of pages42
Publication statusPublished - Jan 2015
Externally publishedYes


Dive into the research topics of 'Modeling enterprise risk management and security with the ArchiMate language'. Together they form a unique fingerprint.

Cite this