A goal-oriented requirements modelling language for enterprise architecture

Methods for enterprise architecture, such as TOGAF, acknowledge the importance of requirements engineering in the development of enterprise architectures. Modelling support is needed to specify, document, communicate and reason about goals and requirements. Current modelling techniques for enterprise architecture focus on the products, services, processes and applications of an enterprise. In addition, techniques may be provided to describe structured requirements lists and use cases. Little support is available however for modelling the underlying motivation of enterprise architectures in terms of stakeholder concerns and the high-level goals that address these concerns. This paper describes a language that supports the modelling of this motivation. The definition of the language is based on existing work on high-level goal and requirements modelling and is aligned with an existing standard for enterprise modelling: the ArchiMate language. Furthermore, the paper illustrates how enterprise architecture can benefit from analysis techniques in the requirements domain

Digital maturity variables and their impact on the enterprise architecture layers

This study examines the variables of digital maturity of companies. The framework for enterprise architectures Archimate 3.0 is used to compare the variables. The variables are assigned to the six layers of architecture: Strategy, Business Environment, Applications, Technology, Physical and Implementation and Migration. On the basis of a literature overview, 15 “digital maturity models” with a total of 147 variables are analyzed. The databases Scopus, EBSCO – Business Source Premier and ProQuest are used for this purpose

Using ArchiMate to Assess COBIT 5 and ITIL Implementations

The assessment of Enterprise Governance of IT (EGIT) mechanisms, such as COBIT and ITIL, is considered highly complex and implies a duplication of resources. The main goal of this research is to reduce the complexity of EGIT mechanisms by facilitating the assessment of these mechanisms when used simultaneously. Organisational stakeholders should be able to easily understand the impact of implementing ITIL on COBIT 5 Processes Performance without being COBIT experts. On the other hand, they should know their organisation’s positioning according to ITIL, even if they just follow COBIT and do not master ITIL. In order to fulfil our goal, we propose a model that uses TIPA for ITIL, COBIT PAM and ArchiMate to analyse the impact of ITIL implementation on COBIT processes performance, and vice-versa. We demonstrate our proposal by analysing the impact of the Incident Management and Request Fulfilment ITIL processes on the COBIT 5 related process

Combining goal-oriented and model-driven approaches to solve the Payment Problem Scenario

Motivated by the objective to provide an improved participation of business domain experts in the design of service-oriented integration solutions, we extend our previous work on using the COSMO methodology for service mediation by introducing a goal-oriented approach to requirements engineering. With this approach, business requirements including the motivations behind the mediation solution are better understood, specified, and aligned with their technical implementations. We use the Payment Problem Scenario of the SWS Challenge to illustrate the extension

Management of Security Risks in the Enterprise Architecture using ArchiMate and Mal-activities

Turvalisuse tase on ettevõtte üks peamisi elemente, mida tuleb organisatsioonis kontrollida. Kui ettevõtte äri arengut modelleeritakse on eesmärgiks katkematu ettevõtlus, aga tihti ei võeta sellega arvesse turvanõudeid. Selliselt on aga infosüsteemi kõrget turvalisuse taset väga raske säilitada. Selles dokumendis käsitletakse lähenemisviisi, mis parandab julgeoleku vastumeetmeid, et selleläbi aidata ettevõtte arhitektuuri turvalisemaks muuta. Ettevõtte arhitektuurimudeli ja turvariski juhtimise vaheliste soeste leidmine toimub läbi Infosüsteemi turvariskide juhtimise domeeni mudeli (ISSRM). Ettevõtte arhitektuuri modelleerimiseks on kasutatud ArchiMate modelleerimiskeelt. Paljudest riskide kirjeldamise keeltest on sobilikum mal-activity (pahatahtlikute tegevuste) diagrammid, sest see aitab julgeoleku riskide juhtimist kõige paremini visualiseerida. Struktureeritud joondus aitab ülalnimetatud keelte vahelisi seoseid näidata ning annab informatsiooni kõige haavatavamate punktide kohta süsteemis. Turvalisuse taseme säilitamine aitab ettevõttel äritegevust viia sõltumatuks infosüsteemist. Selle dokumendi tulemuseks on ArchiMate ja Mal-activity diagrammide vahelised seostetabelid ja reeglid. Nende kahe keele vaheliseks seoseks on ISSRM. Kirjeldatud lähenemise valideerimine on läbi viidud ühe näite põhjal, mis on võetud CoCoME juhtumiuuringust. Näite põhjal on loodud mitmeid illustreerivaid pilte valideerimise kohta. Kõige viimasena on kirjeldatud meetodiga saadud tulemust võrreldud Grandy et.al. (2013) poolt arendatud lähenemisega. Võtmesõnad: Infosüsteem, Infosüsteemi turvariskide juhtimine, ettevõtte arhitektuur, ettevõtte arhitektuuri mudel, julgeoleku vastumeetmed, turvariskide juhtimine, riskidele orjenteeritud modelleerimiskeeled, ArchiMate, mal-activity diagrammid.Security level of the enterprise is one of the main elements that should be taken under control in the organization. It is difficult to maintain high security level of Information System. Since development of enterprise architecture is targeted on continues business flow modeling, it sometimes does not take into account security requirements. The paper provides an approach to improve security countermeasures to contribute with secure Enterprise Architecture. Filling the gap between Enterprise Architecture model and Security Risk Management is done through Information System Security Risk Management domain model (ISSRM). To build the Enterprise Architecture model, ArchiMate modelling language is being used. Among different risk-oriented languages, selection was done in favor of Mal-activity diagrams, which help to provide visual concept of Security Risk Management. Structured alignment can show the mapping between aforementioned terms and provide the information about most vulnerable points of the system. The maintenance of security level will help to make business flow independent from the state of Information System. The outcome of this paper is an alignment tables and rules between ArchiMate and Mal-activity diagrams. The mapping link between these two languages is ISSRM. Validation of our approach is done on the example, which is taken from CoCoME case study. It is shown on number of illustrative pictures. After getting the results, there is a comparison of the output between presented method and approach developed by Grandry et.al. (2013). Keywords: Information System, Information System Security Risk Management, Enterprise Architecture, Enterprise Architecture model, security countermeasures, Security Risk Management, risk-oriented modelling languages, ArchiMate, Mal-activity diagrams

Model-Based Mitigation of Availability Risks

The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for Risk Assessment and Mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a Risk Mitigation activity which allows to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary due to the high complexity of the assessment problem. Our approach can be integrated in present Risk Management methodologies (e.g. COBIT) to provide a more precise Risk Mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted Risk Management

Comparison of STS and ArchiMate Risk and Security Overlay

ArchiMate'i kasutatakse tänapäeval laialdaselt erinevates ärivaldkondades ettevõttesüsteemide arhitektuuri modelleerimiseks ning seda võib iseloomustada modelleerimise tööriistana, mis ühendab endas UML'i ja BPMN'i. STS keskendub aga sotsiotehnilisele perspektiivile ja tegijatevahelistele sotsiaalsetele vastastikmõjudele. Kuigi neil on palju ühist, on tegemist siiski erinevate lähenemistega, mistõttu räägitakse tänapäeval ArchiMate'st ja Secure Socio-Technical Systems'ist valdavalt kui eraldiseisvatest süsteemidest. Sellise olukorra tõttu on tekkinud puudujääk tööriistadest ja lähenemistest, mis ühendaks kaks süsteemi üheks uueks, mis võtaks arvesse nii modelleerimise arhitektuurseid kui ka sotsiotehnilisi aspekte. Selline kombinatsioon võib osutuda kasulikuks, kuna ArchiMate'ga saab modelleerida riskijuhtimist ja STS abil saab modelleerida erinevate süsteemi kaasatud tegijate omavahelist suhtlemist sotsiaalsest vaatevinklist ja turvalisuse inimfaktorit. Seega nende kahe süsteemi ühendamise teel võib luua turvalisuse modelleerimise lähenemise, mis katab nii arhitektuurilised kui sotsiaalsed vaatevinklid. Ideaalselt kasutaks selline lähenemine mõlema süsteemi tugevamaid külgi ja lahendaks mõned kitsaskohad. Lähenemise terviklikust hinnatakse ISSRM'i suhtes. Selles lõputöös kirjeldatakse ülalmainitud kombineeritud lähenemist turvalisuse modelleerimisele.Nowadays ArchiMate is widely used in enterprise architecture modelling of the various business domains and briefly could be described as something in between UML and BPMN with main focus in architectural perspective. STS in its turn is focusing on socio-technical perspective and taking into consideration social interactions betwen actors. Current state of the art is talking about Secure Socio-Technical Systems and ArchiMate separately. This is perfectly fine because this two approaches are quite different. Still, they have a lot in common. Based on the state described above problem could be identified as an absence of tools or approaches which will combine these two approaches into a new one, which will take into consideration both architectural and socio-technical perspectives of modelling. This combination could be beneficial because ArchiMate risk and security overlay models risk management and STS models how actors involved in this system interact with each other from social point of view and highlights “human factor” in security. Thus, combination of them could potentially result in security modelling approach which will cover both architecture and social points of view. Ideally, this approach will create some workarounds over weak places in both initial approaches and heavily use their best parts. We will also validate this approach in terms of completeness with respect to ISSRM. In this paper we will describe this combined approach