Method Framework for Developing Enterprise Architecture Security Principles

Complex Syst. Informatics Model. Q. Pub Date : 2019-10-31 DOI:10.7250/csimq.2019-20.03

Sara Larno, Ville Seppänen, Jarkko Nurmi

{"title":"Method Framework for Developing Enterprise Architecture Security Principles","authors":"Sara Larno, Ville Seppänen, Jarkko Nurmi","doi":"10.7250/csimq.2019-20.03","DOIUrl":null,"url":null,"abstract":"Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke new threats that can be difficult to anticipate. It has been argued that the security and privacy considerations should be embedded in all the areas of organizational activities instead of only relying technical security mechanisms provided by the underlying systems and software. Enterprise Architecture Management (EAM) offers a holistic approach for managing different dimensions of an organization, and can be conceived as a coherent and consistent set of principles that guide how the enterprise must be designed. This article contributes with a method framework for integrating information security with EAM, aimed at providing support for the decision-making related to formulating context-aware EA security principles. The presented method framework is a result of a constructive research based on both the theoretical body of knowledge and the empirical evidence, obtained by interviewing 35 Finnish EA and information security practitioners.","PeriodicalId":416219,"journal":{"name":"Complex Syst. Informatics Model. Q.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Complex Syst. Informatics Model. Q.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.7250/csimq.2019-20.03","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke new threats that can be difficult to anticipate. It has been argued that the security and privacy considerations should be embedded in all the areas of organizational activities instead of only relying technical security mechanisms provided by the underlying systems and software. Enterprise Architecture Management (EAM) offers a holistic approach for managing different dimensions of an organization, and can be conceived as a coherent and consistent set of principles that guide how the enterprise must be designed. This article contributes with a method framework for integrating information security with EAM, aimed at providing support for the decision-making related to formulating context-aware EA security principles. The presented method framework is a result of a constructive research based on both the theoretical body of knowledge and the empirical evidence, obtained by interviewing 35 Finnish EA and information security practitioners.

查看原文本刊更多论文

开发企业架构安全原则的方法框架

组织需要在日常运营中考虑信息安全的许多方面——其中，快速增长的IT使用、新兴技术和组织核心资源的数字化引发了难以预测的新威胁。有人认为，安全和隐私考虑应该嵌入到组织活动的所有领域，而不是仅仅依赖底层系统和软件提供的技术安全机制。企业架构管理(EAM)为管理组织的不同维度提供了一种全面的方法，可以将其视为一组连贯一致的原则，指导企业必须如何设计。本文提供了一个将信息安全与EAM集成的方法框架，旨在为制定上下文感知的EA安全原则相关的决策提供支持。所提出的方法框架是基于理论知识体系和经验证据的建设性研究的结果，通过采访35名芬兰EA和信息安全从业人员获得。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Complex Syst. Informatics Model. Q.

自引率

0.00%

发文量