Abstract
The interaction between security management in public and private organisations includes complex challenges. In particular in critical infrastructure sectors, there is a need for instruments that enable the holistic and overarching management of private and public providers. Cross-organisational structures and processes should be defined, but are difficult to establish in federal governmental structures due to different legislative levels and scopes. The paper investigates this challenge using Germany and the Free Hanseatic City of Bremen as example.
The study proposes the development of an “Enterprise Architecture Framework” integrating and overarching the organizational structurers for both, a federal state, its municipalities and the (private) critical infrastructure providers in these municipalities. The main contributions of this paper are based on the results of an interview study. The interview partners were representatives of enterprises and public bodies covered by the federal IT security regulations. The contribution of the paper is the identification of security management challenges for services of general interest and how to increase the resilience of public service providers. Cybersecurity management in the context of public institutions is in focus.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
BSI = Federal Office for Information Security. Kritis = Critical Infrastructure Protection.
References
Ahlemann, F., Stettiner, E., Messerschmidt, M., Legner, C. (eds.): Strategic Enterprise Architecture Management. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-24223-6
Buckl, S., Dierl, T., Matthes, F., Schweda, C.M.: Building blocks for enterprise architecture management solutions. In: Practice-Driven Research on Enterprise Transformation, Lecture Notes in Business Information Processing, vol. 69, pp. 17–46 (2011)
Glissmann, S., Sanz, J.: An approach to building effective enterprise architectures. In: HICSS 2011, IEEE Computer Society 2011, Washington, D.C., pp. 1–10 (2011)
Johnson, P., Lagerström, R., Närman, P., Simonsson, M.: Enterprise architecture analysis with extended influence diagrams. Inf. Syst. Front. 9(2–3), 163–180 (2007)
Johnson, P., Ekstedt, M., Silva, E., Plazaola, L.: Using enterprise architecture for CIO decision-making. In: Second Annual Conference on Systems Engineering Research (2004)
Simonsson, M., Johnson, P., Ekstedt, M.: The effect of IT governance maturity on IT governance performance. Inf. Syst. Manag. 27(1), 10–24 (2010)
Wißotzki, M., Sandkuhl, K.: Elements and characteristics of enterprise architecture capabilities. In: Matulevičius, R., Dumas, M. (eds.) BIR 2015. LNBIP, vol. 229, pp. 82–96. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21915-8_6
Szilagyi, T.: Enterprise Architecture Management and Digitization in the German Public Sector. Literature Analysis. Universität Rostock, Rostock (2018)
Pang, M.S.: IT governance and business value in the public sector organizations - the role of elected representatives in IT governance and its impact on IT value in US state governments. Dec. Supp. Syst. 59, 274–285 (2014)
Ali, S., Green, P.: IT governance mechanisms in public sector organisations: an Australian context. J. Glob. Inf. Manag. 15, 41–63 (2007)
Janssen, M., Hjort-Madsen, K.: Analyzing enterprise architecture in national governments: the cases of Denmark and the Netherlands. In: HICSS 2007, IEEE Computer Society 2007, Washington, D.C. (2007)
Valtonen, M.K.: Management structure based government enterprise architecture framework adaption in situ. In: Poels, G., Gailly, F., Serral Asensio, E., Snoeck, M. (eds.) PoEM 2017. LNBIP, vol. 305, pp. 267–282. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70241-4_18
Johannesson, P., Perjons, E.: An Introduction to Design Science. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10632-8
Seigerroth, U.: Enterprise modeling and enterprise architecture: constituents of transformation and alignment of business and IT. IJITBAG 2(1), 16–34 (2011)
Bundesgesetzblatt. Gesetz zur Erhöhung der Sicherheit Informationstechnischer Systeme, 17 July 2015. Nordrhein Westfalen, Bonn, Deuschland (2015)
Katastrophenhilfe, B.F.: Handlungsempfehlungen für Unternehmen, insbesondere Betreiber kritischer Infrastrukturen (2021). https://www.kritis.bund.de/SharedDocs/Downloads/Kritis/DE/200302_HinweisePandemie.pdf?__blob=publicationFile
Wichum, R.: Cybersecurity. In: Kasprowicz, D., Rieger, S. (eds.) Handbuch Virtualität, pp. 669–680. Springer, Wiesbaden (2020). https://doi.org/10.1007/978-3-658-16342-6_36
Lühr, H.: Brauchen wir eine neue Staatskunst. Kellner Verlag, Bremen (2019)
Mayring, P.: Qualitative Inhaltsanalyse, Grundlagen und Techniken. Beltz Verlag, Weinheim und Basel (2008)
Rates, R.: Maßnahmen zur Gewährleistung eines hohen gemeinsamen Sicherheitsniveaus von Netz- und Informationssystemen, 06 July 2021. Europäische Union, Straßburg, Frankreich (2016)
Rehbohm, T., Sandkuhl, K., Kemmerich, T.: On challenges of cyber and information security management in federal structures-the example of German Public administration. In: BIR Workshops, pp. 1–13 (2019). http://ceur-ws.org/Vol-2443/paper01.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Rehbohm, T., Sandkuhl, K., Cap, C.H., Kemmerich, T. (2022). Integrated Security Management of Public and Private Sector for Critical Infrastructures – Problem Investigation. In: Abramowicz, W., Auer, S., Stróżyna, M. (eds) Business Information Systems Workshops. BIS 2021. Lecture Notes in Business Information Processing, vol 444. Springer, Cham. https://doi.org/10.1007/978-3-031-04216-4_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-04216-4_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-04215-7
Online ISBN: 978-3-031-04216-4
eBook Packages: Computer ScienceComputer Science (R0)