A Risk Integration Framework for the Service-Oriented Enterprise

Abstract

Enterprise architecture management provides the mechanism for governing enterprise transformations required by changes in the environment. In this article, the authors focus on changes that result from the analysis of information system risks and of their impacts on the services delivered by the enterprise. The authors present how the concepts of an information system risks management domain can be integrated into the ArchiMate enterprise architecture modelling language. This article approaches the conceptual integration in two design cycles: first, this article will consider information security risks, and then the authors generalize to information system risks. Additionally, the authors illustrate the application of the proposed approach and demonstrate the benefits of the integrated model through the handling of a case study, first in the domain of information security, and then in the domain of information privacy. The generalized risk-oriented EA model leads to a risk integration framework for the service-oriented enterprise.