Including EAS-SGR IT Risk Framework in an IT GRC Global Framework

  • Hajar IguerEmail author
  • Hicham Medromi
  • Adil Sayouti
  • Saadia Tallal
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 366)


In the context of IT governance, different companies are using their expertise to come out with a new solution that helps their own governance. In fact, information systems managers struggle to comply with laws and regulations applied by their companies countries. With the variety of tools and frameworks, they need to know all processes in order to apply the only process that is going to be of help to their systems. In our case, we choose to discuss and study IT risk management which constitute an important component of the IT-GRC architecture. We have published several papers in this subject and we are still enhancing different aspects of the EAS-SGR architecture. In this paper, we will demonstrate the several interconnexions between IT-GRC components. These systems are based on multi-agent and expert systems knowing their integrated artificial intelligence. This expertise is one of our primal elements that were never used before in scientific research.


IT risks management EAS-SGR architecture Expert system Multi-agent systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Iguer, H., Medromi, H., Sayouti, A.: A new architecture multi-agents based combining EBIOS and ISO 27001 in IT risk management. In: Proc. ICEER 2013 (2013). paper 126Google Scholar
  2. 2.
    von Solmsa, B., von Solms, R.: From information security to business security? Computers & Security 24, 271–273 (2005)CrossRefGoogle Scholar
  3. 3.
    Kim, N.-Y., Robles, R.J., Cho, S.-E., Lee, Y.-S., Kim, T.-H.: Sox act and IT security governance. In: International Symposium on Ubiquitous Multimedia Computing (2008)Google Scholar
  4. 4.
    Shukla, N., Kumar, S.: A comparative study on information security risk analysis practices. In: On Issues and Challenges in Networking, Intelligence and Computing Technologies – ICNICT 2012, November 2012Google Scholar
  5. 5.
    Iguer, H., Faris, S., Medromi, H., Sayouti, A.: Conception d’une plateforme de gestion des risques basée sur les systèmes multi-agents et ISO 27005Google Scholar
  6. 6.
    Ferber, J.: Les systèmes multi-agents, vers une intelligence collective. InterEditions, pp. 63–144 (1995)Google Scholar
  7. 7.
    IT Governance: Developing a successful governance strategy: A best practice guide for decision makers in IT, ISACAGoogle Scholar
  8. 8.
    IT compliance and IT security— Part 1: Why is it necessary to comply with legal requirements? Privacy & Data Protection 7(4)Google Scholar
  9. 9.
    Mangalaraj, G., Singh, A., Taneja, A.: IT governance frameworks and COBIT - a literature review. In: Twentieth Americas Conference on Information Systems, Savannah (2014)Google Scholar
  10. 10.
    Developing an IT governance framework: Alan Calder, National Computing CenterGoogle Scholar
  11. 11.
    Racz, N., Panitz, J.C., Amberg, M., Weippl, E., Seufert, A.: Governance, Risk & Compliance (GRC) status quo and software use: results from a survey among large enterprises. In: ACIS 2010 Proceedings (2010). Paper 21, (retrieved December 13, 2010)
  12. 12.
    Kooper, M.N., Maes, R., Lindgreen, E.R.: On the governance of information: Introducing a new concept of governance to support the management of information. International Journal of Information Management: The Journal for Information Professionals 31(3), 195–200 (2011)CrossRefGoogle Scholar
  13. 13.
    Racz, N., Weippl, E., Seufert, A.: A process model for integrated IT governance, risk, and compliance management. In: Proceedings of the Ninth International Baltic Conference on Databases and Information Systems, Baltic DB&IS 2010, pp. 155–170. University of Latvia Press, Riga (2010)Google Scholar
  14. 14.
    Roiter, N.: CSO online article. IT GRC tools control your environment (2011)Google Scholar
  15. 15.
    Bonazzi, R., Hussami, L., Pigneur, Y.: Compliance management is becoming a major issue in IS design. In: D’atri, A., Saccà, D. (eds.) Information Systems: People, Organizations, Institutions, and Technologies (PDF), pp. 391–398. Springer (2009). doi: 10.1007/978-3-7908-2148-2 (retrieved April 6, 2013)

Copyright information

© Springer Science+Business Media Singapore 2016

Open Access This chapter is licensed under the terms of the Creative Commons Attribution-NonCommercial 2.5 International License (, which permits any noncommercial use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Authors and Affiliations

  • Hajar Iguer
    • 1
    Email author
  • Hicham Medromi
    • 2
  • Adil Sayouti
    • 2
  • Saadia Tallal
    • 2
  1. 1.EAS Team, LISER LaboratoryENSEM, UICCasablancaMorocco
  2. 2.EAS Team, LISER LaboratoryENSEMCasablancaMorocco

Personalised recommendations