Title :
Assessing Risks and Opportunities in Enterprise Architecture Using an Extended ADT Approach
Author :
Sousa, Sergio ; Marosin, Diana ; Gaaloul, Khaled ; Mayer, Nicolas
Author_Institution :
P&T Luxembourg, Luxembourg, Luxembourg
Abstract :
At every step in creating an enterprise design, architects encounter risks and opportunities. In most cases, risk assessment and treatment is done using the company´s internal methodology or based on some best-practices known by the architect. We propose a method that can combine both qualitative and quantitative risk analysis and also incorporate risk mitigation solutions. In IT security, attack-defence trees (ADT) were used successfully to represent attacks and counter-measures. The goal of this paper is to leverage the ADT approach in order to assess risks and opportunities in enterprise architecture. To that end, we elaborate a framework to identify the best ways to mitigate risks and increase an enterprise´s profitability based on architectural principles. This framework will be validated with a practical case study from the insurance sector.
Keywords :
insurance data processing; profitability; risk management; security of data; trees (mathematics); IT security; attack-defence trees; company internal methodology; enterprise architecture design; enterprise profitability; extended ADT approach; insurance sector; qualitative risk analysis; quantitative risk analysis; risk assessment; risk mitigation solutions; Companies; Computer architecture; Insurance; Planning; Risk management; Security; ADT; Enterprise architecture; opportunities assessment; profits; risk management;
Conference_Titel :
Enterprise Distributed Object Computing Conference (EDOC), 2013 17th IEEE International
Conference_Location :
Vancouver, BC
DOI :
10.1109/EDOC.2013.18
