Evaluation of the risk and security overlay of archimate to model information system security risks
Auteurs
N. Mayer, and C. Feltus
Référence
in 21st IEEE International Enterprise Distributed Object Computing Conference Workshops, EDOCW 2017, Quebec City, Canada, 10-13 October 2017, ISBN: 978-153861568-3, vol. 2017, pp. 106-116, 2017
Description
In nowadays complex and interconnected society, organizations are required to implement information system security as well as risk management. Nevertheless, in the fast moving and always more regulated environment in which we evolve, dealing with such requirements remains a challenging issue. In that regard, our previous works have consisted in considering the field of enterprise architecture to support Information System Security Risk Management (ISSRM) and more specifically the difficulty to have a clear and manageable documentation for this activity. The output of our research is currently an integrated model built on the mapping of concepts from both domains, allowing dealing with ISSRM using enterprise architecture paradigm. Our objective is now to suggest a visual syntax for this integrated model, deemed as necessary to support the practitioner to document the ISSRM steps. As a candidate for such a visual syntax, this paper analyses the "Risk and Security Overlay" of the ArchiMate language through two complementary aspects: completeness of the notation with regards to our integrated model and cognitive effectiveness with the nine related principles elaborated by Moody, also called "Physics of Notations".
