A. Correia, Pedro B. Água, Armindo Frias, M. Simões-Marques
{"title":"可互操作组织的安全性和隐私性","authors":"A. Correia, Pedro B. Água, Armindo Frias, M. Simões-Marques","doi":"10.54941/ahfe1003609","DOIUrl":null,"url":null,"abstract":"There are organizations for whom interoperability is crucial for the accomplishment of their mission, such as in the areas of disaster management, security, and defense. However, those organizations also must comply with the constraints and rules for information security and privacy. The ISO 27001 provides a global standard framework to help organizations to protect their information in a systematic way, through the adoption of an information security management system. Furthermore, the ISO 27701, provides specific data privacy controls, allowing the organization to demonstrate effective privacy data management. A challenge organizations face is how to comply with information security and privacy policies and procedures together with the accomplishment of their mission. In this paper, we argue this can be achieved with an Enterprise Architecture (EA) framework. Particularly, the NATO Architecture Framework (NAF) provides a methodology to develop EA artifacts, however it lacks the tools amenable to enforce information security and privacy. In this paper, we propose the integration of ISO 27001 and ISO 27701 in NAF, in order that the EA artifacts delivered by NAF framework, could have embedded the information security and privacy principles by design.","PeriodicalId":402751,"journal":{"name":"Human Factors and Systems Interaction","volume":"143 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security and privacy for interoperable organizations\",\"authors\":\"A. Correia, Pedro B. Água, Armindo Frias, M. Simões-Marques\",\"doi\":\"10.54941/ahfe1003609\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"There are organizations for whom interoperability is crucial for the accomplishment of their mission, such as in the areas of disaster management, security, and defense. However, those organizations also must comply with the constraints and rules for information security and privacy. The ISO 27001 provides a global standard framework to help organizations to protect their information in a systematic way, through the adoption of an information security management system. Furthermore, the ISO 27701, provides specific data privacy controls, allowing the organization to demonstrate effective privacy data management. A challenge organizations face is how to comply with information security and privacy policies and procedures together with the accomplishment of their mission. In this paper, we argue this can be achieved with an Enterprise Architecture (EA) framework. Particularly, the NATO Architecture Framework (NAF) provides a methodology to develop EA artifacts, however it lacks the tools amenable to enforce information security and privacy. In this paper, we propose the integration of ISO 27001 and ISO 27701 in NAF, in order that the EA artifacts delivered by NAF framework, could have embedded the information security and privacy principles by design.\",\"PeriodicalId\":402751,\"journal\":{\"name\":\"Human Factors and Systems Interaction\",\"volume\":\"143 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1900-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Human Factors and Systems Interaction\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.54941/ahfe1003609\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Human Factors and Systems Interaction","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54941/ahfe1003609","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security and privacy for interoperable organizations
There are organizations for whom interoperability is crucial for the accomplishment of their mission, such as in the areas of disaster management, security, and defense. However, those organizations also must comply with the constraints and rules for information security and privacy. The ISO 27001 provides a global standard framework to help organizations to protect their information in a systematic way, through the adoption of an information security management system. Furthermore, the ISO 27701, provides specific data privacy controls, allowing the organization to demonstrate effective privacy data management. A challenge organizations face is how to comply with information security and privacy policies and procedures together with the accomplishment of their mission. In this paper, we argue this can be achieved with an Enterprise Architecture (EA) framework. Particularly, the NATO Architecture Framework (NAF) provides a methodology to develop EA artifacts, however it lacks the tools amenable to enforce information security and privacy. In this paper, we propose the integration of ISO 27001 and ISO 27701 in NAF, in order that the EA artifacts delivered by NAF framework, could have embedded the information security and privacy principles by design.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
