An integrated conceptual model for information system security risk management supported by enterprise architecture management

Mayer, Nicolas; Aubert, Jocelyn; Grandry, Eric; Feltus, Christophe; Goettelmann, Elio; Wieringa, Roel

doi:10.1007/s10270-018-0661-x

Cited by 58 publications

(38 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Traditional risk management methods related to information systems security are no longer adapted to the complexity of organizations and the associated risks in such a context of compliance and governance. Because of these problems, new solutions are needed to deal with security risks (Mayer N., Aubert J. 2018).…”

Section: Security Information Risk Managementmentioning

confidence: 99%

Information Systems Risk Management: Litterature Review

Amraoui¹,

Elmaallam²,

Bensaid³

et al. 2019

CIS

View full text Add to dashboard Cite

The security of a company's information system (IS) is an important requirement for the pursuit of its business. Risk management contributes to the protection of the IS assets. It saves the organism from the losses caused by the emergence of unwanted events having an incidence on the IS objectives and consequently on its strategy. It has also an important role in the decision making about entering new opportunities. In addition, it promises an optimal allocation of information system resources. The risk management process aims to analyze what can happen and what are the eventual consequences for the organization before deciding what needs to be done and reducing the risks to an acceptable level. This paper presents a literature review of IS risk management and gives a comparative analyse of its processes, methods and standards.

show abstract

Section: Security Information Risk Managementmentioning

confidence: 99%

Information Systems Risk Management: Litterature Review

Amraoui¹,

Elmaallam²,

Bensaid³

et al. 2019

CIS

View full text Add to dashboard Cite

show abstract

“…For instance, [32] notes that the EAM provides a mean to mitigate the limiting siloed thinking of traditional risk management processes as it gives a better understanding on how an asset and its value can be affect by a manifestation of a risk. Similarly, [2] argues that the EAM is a promising approach to deal with the increasing complexity of organizations, technologies and the related security threats. Most of the current efforts, however, have focused only on individual areas on the domain of EAM, such as information systems risk management (e.g.…”

Section: Information Security Policymentioning

confidence: 99%

“…As an example, since May 2018 the enterprises operating in Europe have been obligated to comply with the General Data Protection Regulation (GDPR); and failing to guarantee organizational security and privacy of their customers' personal data may lead to substantial fines. It has been argued that nowadays the security and privacy considerations should be embedded in all the areas of organizational activities instead of only relying on technical security mechanisms that underlying systems and software provide [1], [2].…”

Section: Introductionmentioning

confidence: 99%

Method Framework for Developing Enterprise Architecture Security Principles

Larno

Seppänen

Nurmi

2019

CSIMQ

View full text Add to dashboard Cite

Organizations need to consider many facets of information security in their daily operationsamong others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations' core resources provoke new threats that can be difficult to anticipate. It has been argued that the security and privacy considerations should be embedded in all the areas of organizational activities instead of only relying technical security mechanisms provided by the underlying systems and software. Enterprise Architecture Management (EAM) offers a holistic approach for managing different dimensions of an organization, and can be conceived as a coherent and consistent set of principles that guide how the enterprise must be designed. This article contributes with a method framework for integrating information security with EAM, aimed at providing support for the decision-making related to formulating context-aware EA security principles. The presented method framework is a result of a constructive research based on both the theoretical body of knowledge and the empirical evidence, obtained by interviewing 35 Finnish EA and information security practitioners.

show abstract

“…It can be stated, that the first organizational research was based upon user's motivation model analysis and was oriented to the evaluation of organization's information security, and the other study by Pooya was adapted to the applicable review of organization's ISM tools and was more coherent to the technical management of ISM processes. Mayer (Mayer et al, 2018) supports the vision and proposes to integrate information system security risk management with enterprise architecture management.…”

Section: Risk and Solutions In Organizational Levelmentioning

confidence: 99%

Information security management framework for small and medium enterprise

Kaušpadienė¹

2019

View full text Add to dashboard Cite

Mokslinis vadovas prof. habil. dr. Antanas ČENYS (Vilniaus Gedimino technikos universitetas, informatikos inžinerija-T 007). Vilniaus Gedimino technikos universiteto Informatikos inžinerijos mokslo krypties disertacijos gynimo taryba: Pirmininkas prof. dr. Dalius MAŽEIKA (Vilniaus Gedimino technikos universitetas, informatikos inžinerija-T 007). Nariai: prof. dr. Rimantas BUTLERIS (Kauno technologijos universitetas, informatikos inžinerija-T 007), prof. habil. dr. Gintautas DZEMYDA (Vilniaus universitetas, informatikos inžinerija-T 007), prof. habil. dr. Ioan DZITAC (Oradea Agora universitetas, Rumunija, informatikos inžinerija-T 007), dr. Jevgenijus TOLDINAS (Kauno technologijos universitetas, informatikos inžinerija-T 007). Disertacija bus ginama viešame Informatikos inžinerijos mokslo krypties disertacijos gynimo tarybos posėdyje 2019 m. rugpjūčio 23 d. 10 val. Vilniaus Gedimino technikos universiteto senato posėdžių salėje.

show abstract

An integrated conceptual model for information system security risk management supported by enterprise architecture management

Cited by 58 publications

References 36 publications

Information Systems Risk Management: Litterature Review

Information Systems Risk Management: Litterature Review

Method Framework for Developing Enterprise Architecture Security Principles

Information security management framework for small and medium enterprise

Contact Info

Product

Resources

About