Title :
Overview of Enterprise Information Needs in Information Security Risk Assessment
Author :
Korman, Matus ; Sommestad, Teodor ; Hallberg, Jonas ; Bengtsson, Johan ; Ekstedt, Mathias
Author_Institution :
R. Inst. of Technol. (KTH), Stockholm, Sweden
Abstract :
Methods for risk assessment in information security suggest users to collect and consider sets of input information, often notably different, both in type and size. To explore these differences, this study compares twelve established methods on how their input suggestions map to the concepts of ArchiMate, a widely used modeling language for enterprise architecture. Hereby, the study also tests the extent, to which ArchiMate accommodates the information suggested by the methods (e.g., for the use of ArchiMate models as a source of information for risk assessment). Results of this study show how the methods differ in suggesting input information in quantity, as well as in the coverage of the ArchiMate structure. Although the translation between ArchiMate and the methods´ input suggestions is not perfect, our results indicate that ArchiMate is capable of modeling fair portions of the information needed for the methods for information security risk assessment, which makes ArchiMate models a promising source of guidance for performing risk assessments.
Keywords :
risk management; security of data; ArchiMate concepts; ArchiMate structure; enterprise architecture; enterprise information; information security risk assessment; risk assessment methods; Computer architecture; ISO standards; Information security; NIST; Risk management; ArchiMate; enterprise architecture; enterprise information needs; information security; risk assessment;
Conference_Titel :
Enterprise Distributed Object Computing Conference (EDOC), 2014 IEEE 18th International
Conference_Location :
Ulm
DOI :
10.1109/EDOC.2014.16