Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.
IntroductionIn today's networked world, information system (IS) security and risk management (RM) are required for every organisation that wishes to survive. Whether for purely compliance purposes, business development opportunities, or even governance improvement, organisations tend to implement a security strategy based on an ISSRM (IS security RM) Communicated by Professor Alexander Pretschner.
The Once-Only Principle states that citizens and businesses provide data only once in contact with public administrations. So far, many European countries have started to implement the Once-Only Principle at national level, but its cross-border implementation is still fragmented and limited. This paper presents the development of a Reference Architecture for the Once-Only Principle in Europe. The case study, stemming from the EU-funded Once-Only Principle project (TOOP) highlights the challenges faced by the architecture team when developing the Reference Architecture that tackles the Once-Only Principle across different countries and policy domains. The architecture is not built from scratch, but re-uses and enhances already available building blocks in order to seamlessly preserve interoperability and to comply with regulations and existing technical standards, leaving at the same time enough space for vendors and open source developers to propose their compliant solutions, whatever is their business model.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.