Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures

Nicolas Mayer; Eric Grandry; Christophe Feltus; Elio Goettelman

doi:10.1007/978-3-319-19243-7_42

Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures

Nicolas Mayer, Eric Grandry, Christophe Feltus, Elio Goettelman

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférence › Chapitre

137 Téléchargements (Pure)

Résumé

Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the in-creasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and pro-pose a research agenda towards a complete framework integrating both domains

langue originale	Anglais
titre	Advanced Information Systems Engineering Workshops
Editeur	Springer
Pages	459-469
Nombre de pages	12
Les DOIs	https://doi.org/10.1007/978-3-319-19243-7_42
Etat de la publication	Publié - 8 juin 2015
Evénement	5th International Workshop on Information Systems Security Engineering, (WISSE 2015), an International Workshop of the 27th Conference on Advanced Information Systems Engineering (CAISE2015) - Stockholms, Suède Durée: 8 juin 2015 → 12 juin 2015

Série de publications

Nom	Lecture Notes in Business Information Processing
Volume	215

Comité scientifique

Comité scientifique	5th International Workshop on Information Systems Security Engineering, (WISSE 2015), an International Workshop of the 27th Conference on Advanced Information Systems Engineering (CAISE2015)
Pays/Territoire	Suède
La ville	Stockholms
période	8/06/15 → 12/06/15

Accès au document

10.1007/978-3-319-19243-7_42

Towards the ENTRI Framework Security Risk Management enhanced by the use of Enterprise Architecturesmanuscrit soumis, 274 KB

http://link.springer.com/chapter/10.1007%2F978-3-319-19243-7_42

Contient cette citation

@inbook{eb313bb1158f476eb4203c7f3ea346c0,

title = "Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures",

abstract = "Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the in-creasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and pro-pose a research agenda towards a complete framework integrating both domains",

author = "Nicolas Mayer and Eric Grandry and Christophe Feltus and Elio Goettelman",

year = "2015",

month = jun,

day = "8",

doi = "10.1007/978-3-319-19243-7_42",

language = "English",

series = " Lecture Notes in Business Information Processing",

publisher = "Springer",

pages = "459--469",

booktitle = "Advanced Information Systems Engineering Workshops",

address = "United States",

note = "5th International Workshop on Information Systems Security Engineering, (WISSE 2015), an International Workshop of the 27th Conference on Advanced Information Systems Engineering (CAISE2015) ; Conference date: 08-06-2015 Through 12-06-2015",

}

Mayer, N, Grandry, E, Feltus, C & Goettelman, E 2015, Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures. Dans Advanced Information Systems Engineering Workshops. Lecture Notes in Business Information Processing, VOL. 215, Springer, p. 459-469, 5th International Workshop on Information Systems Security Engineering, (WISSE 2015), an International Workshop of the 27th Conference on Advanced Information Systems Engineering (CAISE2015), Stockholms, Suède, 8/06/15. https://doi.org/10.1007/978-3-319-19243-7_42

Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures. / Mayer, Nicolas; Grandry, Eric; Feltus, Christophe et al.
Advanced Information Systems Engineering Workshops. Springer, 2015. p. 459-469 ( Lecture Notes in Business Information Processing; Vol 215).

Résultats de recherche: Contribution dans un livre/un catalogue/un rapport/dans les actes d'une conférence › Chapitre

TY - CHAP

T1 - Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures

AU - Mayer, Nicolas

AU - Grandry, Eric

AU - Feltus, Christophe

AU - Goettelman, Elio

PY - 2015/6/8

Y1 - 2015/6/8

N2 - Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the in-creasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and pro-pose a research agenda towards a complete framework integrating both domains

AB - Secure information systems engineering is currently a critical but complex concern. Risk management has become a standard approach to deal with the necessary trade-offs between expected security level and control cost. However, with the current interconnection between information systems combined with the in-creasing regulation and compliance requirements, it is more and more difficult to achieve real information security governance. Given that risk management is not able to deal with this complexity alone, we claim that a connection with Enterprise Architecture Management (EAM) contributes in addressing the above challenges, thereby sustaining governance and compliance in organisations. In this paper, we motivate the added value of EAM to improve security risk management and pro-pose a research agenda towards a complete framework integrating both domains

U2 - 10.1007/978-3-319-19243-7_42

DO - 10.1007/978-3-319-19243-7_42

M3 - Chapter

T3 - Lecture Notes in Business Information Processing

SP - 459

EP - 469

BT - Advanced Information Systems Engineering Workshops

PB - Springer

T2 - 5th International Workshop on Information Systems Security Engineering, (WISSE 2015), an International Workshop of the 27th Conference on Advanced Information Systems Engineering (CAISE2015)

Y2 - 8 June 2015 through 12 June 2015

ER -

Towards the ENTRI Framework: Security Risk Management enhanced by the use of Enterprise Architectures

Résumé

Série de publications

Comité scientifique

Accès au document

Empreinte digitale

Contient cette citation