Enterprise information security, a review of architectures and frameworks from interoperability perspective

“…From an academic perspective, our results contribute to the research gap on integrating EAM and information governance. While research on this topic is scarce and focuses on architectural models that cover aspects of security or privacy [6,27,28], our results empirically elucidate the current interplay and provide principles for structural, procedural and relational practices to support a closer integration of these two domains. Moreover, our study confirms previous findings on the organizational challenges in realizing EAM.…”

“…However, although the enterprise privacy architecture contains essential building blocks towards ensuring privacy (privacy regulation analysis, management reference model, privacy agreements framework, technical reference architecture), it provides rather a superficial guideline for organizations and does not illustrate concrete relations to the EA [6,27]. Other approaches refer to the setup of an enterprise security architecture, which seeks to align information security controls with business objectives [28]. Shariati et al [28] reviewed five approaches towards an enterprise security architecture and summarized that business and IT artifacts are often developed isolated from security artifacts, why more research on an integration of security aspects into the EA is needed.…”

“…Other approaches refer to the setup of an enterprise security architecture, which seeks to align information security controls with business objectives [28]. Shariati et al [28] reviewed five approaches towards an enterprise security architecture and summarized that business and IT artifacts are often developed isolated from security artifacts, why more research on an integration of security aspects into the EA is needed. To address this demand, Burmeister et al [6] derived a privacy-driven EA metamodel that proposes an additional security layer next to the other layers of EA.…”

“…To conclude, research on the interplay of EAM and information governance is still at an early stage, even though researchers explicitly underline this need [26]. While there are some architectural models that intend to provide first steps to address this research gap [6,27,28], there is a great lack of understanding the specific benefits and barriers of EAM in the context of GDPR implementation. Moreover, concrete guidelines in form of design principles that organizations should follow to closer align EAM with big data analytics and privacy departments have to be identified by empirical insights.…”

Enhancing Information Governance with Enterprise Architecture Management: Design Principles Derived from Benefits and Barriers in the GDPR Implementation

“…From an academic perspective, our results contribute to the research gap on integrating EAM and information governance. While research on this topic is scarce and focuses on architectural models that cover aspects of security or privacy [6,27,28], our results empirically elucidate the current interplay and provide principles for structural, procedural and relational practices to support a closer integration of these two domains. Moreover, our study confirms previous findings on the organizational challenges in realizing EAM.…”

“…However, although the enterprise privacy architecture contains essential building blocks towards ensuring privacy (privacy regulation analysis, management reference model, privacy agreements framework, technical reference architecture), it provides rather a superficial guideline for organizations and does not illustrate concrete relations to the EA [6,27]. Other approaches refer to the setup of an enterprise security architecture, which seeks to align information security controls with business objectives [28]. Shariati et al [28] reviewed five approaches towards an enterprise security architecture and summarized that business and IT artifacts are often developed isolated from security artifacts, why more research on an integration of security aspects into the EA is needed.…”

“…Other approaches refer to the setup of an enterprise security architecture, which seeks to align information security controls with business objectives [28]. Shariati et al [28] reviewed five approaches towards an enterprise security architecture and summarized that business and IT artifacts are often developed isolated from security artifacts, why more research on an integration of security aspects into the EA is needed. To address this demand, Burmeister et al [6] derived a privacy-driven EA metamodel that proposes an additional security layer next to the other layers of EA.…”

“…To conclude, research on the interplay of EAM and information governance is still at an early stage, even though researchers explicitly underline this need [26]. While there are some architectural models that intend to provide first steps to address this research gap [6,27,28], there is a great lack of understanding the specific benefits and barriers of EAM in the context of GDPR implementation. Moreover, concrete guidelines in form of design principles that organizations should follow to closer align EAM with big data analytics and privacy departments have to be identified by empirical insights.…”

Enhancing Information Governance with Enterprise Architecture Management: Design Principles Derived from Benefits and Barriers in the GDPR Implementation

“…The sharp increase in the number of publications might indicate the growing concern and relevance of IS, including enhanced dependency on IS in the day-to-day operations of organizations. In addition to the increase in the number of publications, the focus of IS research also shifted from the technical aspects of IS [72,73] to human factors as the result of recognizing employees as the weakest links of IS [5,6]. Such a shift in focus was heralded by empirical studies published in top journals in information systems field, such as EJIS and MISQ, which also dedicated special issues for IS.…”

Evolvement of Information Security Research on Employees' Behavior: A Systematic Review and Future Direction

The Current State of the Holistic Privacy and Security Modelling Approach in Business Process and Software Architecture Modelling