Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.
IntroductionIn today's networked world, information system (IS) security and risk management (RM) are required for every organisation that wishes to survive. Whether for purely compliance purposes, business development opportunities, or even governance improvement, organisations tend to implement a security strategy based on an ISSRM (IS security RM) Communicated by Professor Alexander Pretschner.
International audiencePower distribution constitutes a critical service for our economy. To foreseen electricity overload and risks of power blackout according to external perturbations such as the weather, the temperature or the barometric pressure in real time is a crucial challenge. In order to face those problems, research tends to involve consumers in the utilization of the electricity based on weather conditions. Our previous works had proposed an agent based architecture to support this alert mechanism. The architecture exploited a static assignment of functions to agents. That static assignment was a weak point because isolating an agent or breaking the communication channel between two of them created serious damage on the crisis management. In this paper, we complete our previous works and make dynamic the assignment of functions mobile for agents. Our approach exploits the concept of agent responsibility that we dynamically assigned to the agent taking into consideration the agent's reputation
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.