Overview of Enterprise Information Needs in Information Security Risk Assessment
2014 (English)In: Proceedings of the 18th IEEE International EDOC Conference (EDOC 2014), 2014Conference paper (Refereed)
Methods for risk assessment in information security suggest users to collect and consider sets of input information, often notably different, both in type and size. To explore these differences, this study compares twelve established methods on how their input suggestions map to the concepts of ArchiMate, a widely used modeling language for enterprise architecture. Hereby, the study also tests the extent, to which ArchiMate accommodates the information suggested by the methods (e.g., for the use of ArchiMate models as a source of information for risk assessment). Results of this study show how the methods differ in suggesting input information in quantity, as well as in the coverage of the ArchiMate structure. Although the translation between ArchiMate and the methods’ input suggestions is not perfect, our results indicate that ArchiMate is capable of modeling fair portions of the information needed for the methods for information security risk assessment, which makes ArchiMate models a promising source of guidance for performing risk assessments.
Place, publisher, year, edition, pages
risk assessment, information security, enterprise information needs, enterprise architecture, ArchiMate
Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject Information and Communication Technology
IdentifiersURN: urn:nbn:se:kth:diva-154231DOI: 10.1109/EDOC.2014.16ISI: 000358531500006ScopusID: 2-s2.0-84937426317OAI: oai:DiVA.org:kth-154231DiVA: diva2:756096
The 18th IEEE International EDOC Conference (EDOC 2014)
FunderSweGRIDS - Swedish Centre for Smart Grids and Energy Storage
Funded by Swedish Armed Forces.
QC 201504092014-10-162014-10-162015-08-27Bibliographically approved