Enterprise Architecture-Based Risk and Security Modelling and Analysis

TitleEnterprise Architecture-Based Risk and Security Modelling and Analysis
Publication TypeConference Paper
Year of Publication2016
AuthorsJonkers H., Quartel D.AC
EditorKordy B., Ekstedt M., D. Kim S
Conference NameThird International Workshop, GraMSec 2016, Lisbon, Portugal
Date PublishedSeptember
PublisherSpringer Verlag
Conference LocationLondon
KeywordsArchimate, Enterprise architecture, Risk analysis, Risk and security modelling

The growing complexity of organizations and the increasing number of sophisticated cyber attacks asks for a systematic and integral approach to Enterprise Risk and Security Management (ERSM). As enterprise architecture offers the necessary integral perspective, including the business and IT aspects as well as the business motivation, it seems natural to integrate risk and security aspects in the enterprise architecture. In this paper we show how the ArchiMate standard for enterprise architecture modelling can be used to support risk and security modelling and analysis throughout the ERSM cycle, covering both risk assessment and security deployment.