Enterprise engineering through security and risk management for compliance and governance purpose

SCHEME: CORE

CALL: 2014

DOMAIN: IS - Information Security and Trust Management

FIRST NAME: Nicolas

LAST NAME: Mayer

INDUSTRY PARTNERSHIP / PPP: No

INDUSTRY / PPP PARTNER:

HOST INSTITUTION: LIST

KEYWORDS: Information SecurityRisk ManagementGovernanceComplianceGRCEnterprise Architecture ManagementEnterprise Architecture ModellingSituational Method Engineering

START: 2015-01-01

END: 2016-12-31

WEBSITE: https://www.list.lu/

Submitted Abstract

Today, and particularly at the national level, a strong emphasis is put on the security of Information Systems (IS). As the IS increase in complexity and new threats constantly appear, Risk Management (RM) becomes a de-facto vector to implement effective security controls in an efficient way. At the same time, industries are subject to increasing compliance requirements, formulated by national, European or international authorities. The various compliance requirements lead to the need for organisations to more and more consider RM as a governance tool, especially in the frame of IS security, and with various specific point of view and/or concerns related to IS security (privacy, cloud computing, critical infrastructures, etc.). New solutions are thus required to offer an integrated perspective on the IS security risks of the enterprises.Enterprise Architecture Management (EAM) is generally considered to provide the mechanism for, amongst others, cohesive steering of enterprise transformations required by changes in the environment. The discipline relies on frameworks that guarantee the coherence of the models established across and within the logical layers of the enterprise (from strategy and business down to technology and infrastructure). EAM techniques to approach enterprise governance are promising to enhance IS Security Risk Management (ISSRM): we believe and will demonstrate that leveraging EAM models and methods is a way to improve the management of security risks.Moreover, RM is nowadays part of an integrated approach that copes at the same time with Governance, RM, and Compliance (GRC) aspects. Thanks to the integration of EAM and ISSRM, this project will address, at the level of IS security, the three dimensions of the GRC paradigm: EAM addresses enterprise governance through the alignment of the strategy with the processes, people and technologies; RM is a key activity in the implementation of compliance with relevant regulations.The ENTRI project proposes connecting RM and EAM, in the area of information security, to reduce GRC complexity and associated cost. ENTRI will therefore answer the following research question: How to benefit from research in EAM to improve ISSRM for Compliance and Governance purpose in Complex Enterprises? The results of the project will be evaluated in collaboration with E-Business & Resilience Centre (ebrc), one of the leading datacenter operator in Europe, that is particularly concerned with the issues related to GRC.

This site uses cookies. By continuing to use this site, you agree to the use of cookies for analytics purposes. Find out more in our Privacy Statement