TY - CHAP
T1 - Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures
AU - Mayer, Nicolas
AU - Grandry, Eric
AU - Feltus, Christophe
AU - Goettelman, Elio
PY - 2015/6/8
Y1 - 2015/6/8
N2 - Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the in-creasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and pro-pose a research agenda towards a complete framework integrating both domains
AB - Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the in-creasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and pro-pose a research agenda towards a complete framework integrating both domains
U2 - 10.1007/978-3-319-19243-7_42
DO - 10.1007/978-3-319-19243-7_42
M3 - Chapter
T3 - Lecture Notes in Business Information Processing
SP - 459
EP - 469
BT - Advanced Information Systems Engineering Workshops
PB - Springer
T2 - 5th International Workshop on Information Systems Security Engineering, (WISSE 2015), an International Workshop of the 27th Conference on Advanced Information Systems Engineering (CAISE2015)
Y2 - 8 June 2015 through 12 June 2015
ER -