Abstract
The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects as well as the business motivation, it seems natural to integrate risk and security aspects in the enterprise architecture. In this paper we show how the ArchiMate standard for enterprise architecture modelling can be used to support risk and security modelling and analysis throughout the ERSM cycle, covering both risk assessment and security deployment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Band, I., Engelsman, W., Feltus, C.S., González Paredes, S., Hietala, J., Jonkers, H., Massart, S.: Modeling enterprise risk management and security with the ArchiMate language. White Paper, The Open Group (2015)
Dubois, E., Heymans, P., Mayer, N., Matulevičius, R.: A systematic approach to define the domain of information system security risk management. In: Nurcan, S., et al. (eds.) Intentional Perspectives on Information Systems Engineering, pp. 289–306. Springer, Heidelberg (2010)
ISO, Itc, UNIDO: ISO 31000 Risk Management: A Practical Guide for SMEs (2015)
Jonkers, H., Seghers, B.: Visualizing the business impact of technical cyber risks. In: The Open Group Summit Amsterdam, and as an Open Group Webinar (2014)
Sherwood, J., Clark, A., Lynas, D.: Enterprise security architecture. White Paper, SABSA Institute (2009)
The Open Group: TOGAF\(^{\textregistered }\) Version 9.1. Van Haren Publishing, Zaltbommel (2011)
The Open Group: Risk taxonomy (O-RT), version 2.0 (2013)
The Open Group: ArchiMate\(^{\textregistered }\) 3.0 Specification. Van Haren Publishing, Zaltbommel (2016)
Acknowledgement
Part of the research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007–2013) under grant agreement no. 318003 (TRESPASS). This publication reflects only the authors views and the Union is not liable for any use that may be made of the information contained herein.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Jonkers, H., Quartel, D.A.C. (2016). Enterprise Architecture-Based Risk and Security Modelling and Analysis. In: Kordy, B., Ekstedt, M., Kim, D. (eds) Graphical Models for Security. GraMSec 2016. Lecture Notes in Computer Science(), vol 9987. Springer, Cham. https://doi.org/10.1007/978-3-319-46263-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-46263-9_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46262-2
Online ISBN: 978-3-319-46263-9
eBook Packages: Computer ScienceComputer Science (R0)