An Integrated Conceptual Model for Information System Security Risk Management and Enterprise Architecture Management based on TOGAF, ArchiMate, IAF and DoDAF
This work addresses the challenge of managing IS security risks for organizations with interconnected systems and multiple regulations, but it is incremental as it builds on existing frameworks and models.
The paper tackles the difficulty of establishing and maintaining Information System Security Risk Management (ISSRM) in complex, multi-regulatory environments by proposing an integrated conceptual model that connects ISSRM with Enterprise Architecture Management (EAM). It presents alignment tables to align concepts from EA frameworks (ArchiMate, TOGAF, IAF, DoDAF) with the ISSRM domain model as a step toward better integration.
Risk management is today a major steering tool for any organization wanting to deal with Information System (IS) security. However, IS Security Risk Management (ISSRM) remains difficult to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with Enterprise Architecture Management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. Among the steps of the research method followed to define such an integrated EAM-ISSRM conceptual, this technical report presents the whole outputs (through alignment tables) of the conceptual alignment between concepts used to model EA (based on ArchiMate, TOGAF, IAF and DoDAF) and concepts of the ISSRM domain model.