Title: Managing Security
and Privacy Integration across Enterprise Business Process and Infrastructure.
Authors: John A. Anderson
and Vijay Rachamadugu.
Published: 2008.
This paper is
based on the “Roadmap for Information Security across the Enterprise” (RISE).
Which was developed by the MITRE corporation as part of the MIRTE technology
program. (to read more about RISE see “Anderson et al. 2006”). This paper focuses
on the processes designed into the RISE methodology that leverage an enterprise
architecture (EA) to integrate security and privacy into business process and
infrastructure management.
“current literature has shown lack of a well defined
methodology for integrating security and privacy into business process”
Section 2
concentrates on Risk management. It shows that Requirements for security and
privacy assurance should be recognized as critical business drivers, and all
these requirements along with the organization’s capability to assure the
integrity, availability, and confidentiality of the information it manages,
should be shown in the “As-is” model. It also gave an assessment to risks,
where it says “The risks are assessed based on a combination of the impact of
loss and the likelihood that the attack may take place”.
Section 3
basically talked about “integrating the threat and response cycle with
portfolio management process”, which can be summarized in the below picture:
Section 4 was
about “Business and risk investigation”, section 5 was about the “tradeoff
analysis”, and section 6 was about “investment strategies and budget submission”.
Which all can be summarized in this diagram:
No comments:
Post a Comment