An integrated conceptual model for information system security risk management supported by enterprise architecture management

Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model

Evaluating the structure of research papers: A case study

This paper is triggered by a concern for the methodological soundness of research papers in RE. We propose a number of criteria for methodological soundness, and apply these to a random sample of 37 submissions to the RE'03 conference. From this application, we draw a number of conclusions that we claim are valid for a larger sample than just these 37 submissions. Our major observation is that most submissions in our sample are solution-oriented: they present a solution and illustrate it with a problem, rather than search for a solution to a given problem class; and most papers do not analyze why and when a solution works or does not work. We end with discussion of the need to improve the methodological soundness of research papers in RE

Transforming e3value models into ArchiMate diagrams

An enterprise architecture (EA) is a high-level representation of an enterprise, used for managing the relation between business and IT. In order to improve the contribution of IT to the business, all elements of an EA should be traceable to the business model and vice versa. However, in practice this is not the case. In addition to reasoning about cost structures and goal contributions of IT to the business, as is customary in EA, traceability would allow practitioners to reason about the contribution of IT to the value offerings of a business. In this research paper we present the results from an experiment where we wanted to refine guidelines for transforming a business model into an EA that we have derived in earlier research. Based on this experiment we refine the guidelines, identify building blocks for a business model (BM) based EA design and illustrate this with an example

A Business Ecosystem Architecture Modeling Framework

The concept of enterprise architecture (EA) introduced in the 1980s refers to business-IT alignment in a single organization. The concept has proven its utility in the practice of IT management, but EA frameworks cannot deal with network organizations that are enabled by IT. EA frameworks assume a hierarchically coordinated organization, where final responsibility for strategy rests with management. The characteristic feature of network organizations is that there is no central coordinator with final responsibility. Yet, today's network organizations are facilitated by IT and they too must be aligned with their IT infrastructure. To align networked organizations, we must take the value viewpoint, which is absent in EA. This paper presents an approach to business-IT alignment for networked organizations based on the concept of networked value models. In addition, since there is no hierarchical management in a network, we view business-IT alignment in a network as a coordination game, and we include results from coordination theory and game theory in our approach. We illustrate our approach with an example from the electricity business and apply it to the Bitcoin network

Towards a Method for Evolutionary Implementation of Groupware

Groupware is a typical example of an application domain in which requirements are hard to elicit and keep changing before, during, and after the introduction of the system. This calls for an evolutionary implementation approach. Several socio-technical models give an explanation of the interaction between the technical and the social system, i.e., the software and its organisational environment, but these models have not yet led to a clear method for evolutionary implementation. In order to arrive at such a method, we need a theoretical framework for how this adaptation process takes place. Adaptive Structuration Theory (AST) is a good candidate for such a framework. The BITE research project at the University of Twente aims to operationalise the concepts of AST through application in several industrial pilot projects. Based on these pilots we will develop a method for evolutionary implementation of groupware