Assessing Risks and Opportunities in Enterprise Architecture Using an Extended ADT Approach

Author

Sousa, Sergio ; Marosin, Diana ; Gaaloul, Khaled ; Mayer, Nicolas

Author_Institution

P&T Luxembourg, Luxembourg, Luxembourg

fYear

2013

fDate

9-13 Sept. 2013

Firstpage

81

Lastpage

90

Abstract

At every step in creating an enterprise design, architects encounter risks and opportunities. In most cases, risk assessment and treatment is done using the company´s internal methodology or based on some best-practices known by the architect. We propose a method that can combine both qualitative and quantitative risk analysis and also incorporate risk mitigation solutions. In IT security, attack-defence trees (ADT) were used successfully to represent attacks and counter-measures. The goal of this paper is to leverage the ADT approach in order to assess risks and opportunities in enterprise architecture. To that end, we elaborate a framework to identify the best ways to mitigate risks and increase an enterprise´s profitability based on architectural principles. This framework will be validated with a practical case study from the insurance sector.

Keywords

insurance data processing; profitability; risk management; security of data; trees (mathematics); IT security; attack-defence trees; company internal methodology; enterprise architecture design; enterprise profitability; extended ADT approach; insurance sector; qualitative risk analysis; quantitative risk analysis; risk assessment; risk mitigation solutions; Companies; Computer architecture; Insurance; Planning; Risk management; Security; ADT; Enterprise architecture; opportunities assessment; profits; risk management;

fLanguage

English

Publisher

ieee

Conference_Titel

Enterprise Distributed Object Computing Conference (EDOC), 2013 17th IEEE International

Conference_Location

Vancouver, BC

ISSN

1541-7719

Type

conf

DOI

10.1109/EDOC.2013.18

Filename

6658266