Method Framework for Developing Enterprise Architecture Security Principles
Larno, S., Seppänen, V., & Nurmi, J. (2019). Method Framework for Developing Enterprise Architecture Security Principles. Complex Systems Informatics and Modeling Quarterly, 117(20), 57-71. https://doi.org/10.7250/csimq.2019-20.03
Published in
Complex Systems Informatics and Modeling QuarterlyDate
2019Copyright
© 2019 Sara Larno et al
Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke new threats that can be difficult to anticipate. It has been argued that the security and privacy considerations should be embedded in all the areas of organizational activities instead of only relying technical security mechanisms provided by the underlying systems and software. Enterprise Architecture Management (EAM) offers a holistic approach for managing different dimensions of an organization, and can be conceived as a coherent and consistent set of principles that guide how the enterprise must be designed. This article contributes with a method framework for integrating information security with EAM, aimed at providing support for the decision-making related to formulating context-aware EA security principles. The presented method framework is a result of a constructive research based on both the theoretical body of knowledge and the empirical evidence, obtained by interviewing 35 Finnish EA and information security practitioners.
...
Publisher
RTU PressISSN Search the Publication Forum
2255-9922Keywords
Original source
https://csimq-journals.rtu.lv/article/view/csimq.2019-20.03Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/33484934
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
Review of the methods for the development of information security policies at organizations
Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ... -
A method framework of integrating information security into the enterprise architecture
Larno, Sara (2019)Tietoturvan sisällyttämiseksi osaksi kokonaisarkkitehtuuria on kehitetty useita menetelmiä ja malleja. Tarjolla olevat mallit on kuitenkin usein koettu raskaiksi ja työläiksi käyttää, eivätkä ne kata kaikkia kokonaisarkkitehtuurin ... -
Abductive innovations in information security policy development : an ethnographic study
Niemimaa, Marko; Niemimaa, Elina (Taylor & Francis, 2019)Developing organisational information security (InfoSec) policies that account for international best practices but are contextual is as much an opportunity for improving InfoSec as it is a challenge. Previous research ... -
Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions
Siponen, Mikko; Soliman, Wael; Vance, Anthony (ACM, 2022)In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the field of criminology to explain information security behaviors (or intention). Today, DT is among the most commonly used theories in IS security ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...