Skip to main content
SpringerLink
Log in

Enterprise Architecture-Based Risk and Security Modelling and Analysis

  • Conference paper
  • First Online:
Graphical Models for Security (GraMSec 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9987))

Included in the following conference series:

Abstract

The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects as well as the business motivation, it seems natural to integrate risk and security aspects in the enterprise architecture. In this paper we show how the ArchiMate standard for enterprise architecture modelling can be used to support risk and security modelling and analysis throughout the ERSM cycle, covering both risk assessment and security deployment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Band, I., Engelsman, W., Feltus, C.S., González Paredes, S., Hietala, J., Jonkers, H., Massart, S.: Modeling enterprise risk management and security with the ArchiMate language. White Paper, The Open Group (2015)

    Google Scholar 

  2. Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A systematic approach to define the domain of information system security risk management. In: Nurcan, S., et al. (eds.) Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. ISO, Itc, UNIDO: ISO 31000 Risk Management: A Practical Guide for SMEs (2015)

    Google Scholar 

  4. Jonkers, H., Seghers, B.: Visualizing the business impact of technical cyber risks. In: The Open Group Summit Amsterdam, and as an Open Group Webinar (2014)

    Google Scholar 

  5. Sherwood, J., Clark, A., Lynas, D.: Enterprise security architecture. White Paper, SABSA Institute (2009)

    Google Scholar 

  6. The Open Group: TOGAF\(^{\textregistered }\) Version 9.1. Van Haren Publishing, Zaltbommel (2011)

    Google Scholar 

  7. The Open Group: Risk taxonomy (O-RT), version 2.0 (2013)

    Google Scholar 

  8. The Open Group: ArchiMate\(^{\textregistered }\) 3.0 Specification. Van Haren Publishing, Zaltbommel (2016)

    Google Scholar 

Download references

Acknowledgement

Part of the research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007–2013) under grant agreement no. 318003 (TRESPASS). This publication reflects only the authors views and the Union is not liable for any use that may be made of the information contained herein.

Author information

Authors and Affiliations

  1. BiZZdesign, P.O. Box 321, 7500 AN, Enschede, The Netherlands

    Henk Jonkers & Dick A. C. Quartel

Authors
  1. Henk Jonkers
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dick A. C. Quartel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Henk Jonkers .

Editor information

Editors and Affiliations

  1. INSA Rennes & IRISA, Rennes, France

    Barbara Kordy

  2. KTH Royal Institute of Technology , Stockholm, Sweden

    Mathias Ekstedt

  3. University of Canterbury , Christchurch, New Zealand

    Dong Seong Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Jonkers, H., Quartel, D.A.C. (2016). Enterprise Architecture-Based Risk and Security Modelling and Analysis. In: Kordy, B., Ekstedt, M., Kim, D. (eds) Graphical Models for Security. GraMSec 2016. Lecture Notes in Computer Science(), vol 9987. Springer, Cham. https://doi.org/10.1007/978-3-319-46263-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46263-9_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46262-2

  • Online ISBN: 978-3-319-46263-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation