Monday, 8 November 2010

summery: Managing Security and Privacy Integration across Enterprise Business Process and Infrastructur


Title: Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure.
Authors: John A. Anderson and Vijay Rachamadugu.
Published: 2008.

This paper is based on the “Roadmap for Information Security across the Enterprise” (RISE). Which was developed by the MITRE corporation as part of the MIRTE technology program. (to read more about RISE see “Anderson et al. 2006”). This paper focuses on the processes designed into the RISE methodology that leverage an enterprise architecture (EA) to integrate security and privacy into business process and infrastructure management.

“current literature has shown lack of a well defined methodology for integrating security and privacy into business process”

Section 2 concentrates on Risk management. It shows that Requirements for security and privacy assurance should be recognized as critical business drivers, and all these requirements along with the organization’s capability to assure the integrity, availability, and confidentiality of the information it manages, should be shown in the “As-is” model. It also gave an assessment to risks, where it says “The risks are assessed based on a combination of the impact of loss and the likelihood that the attack may take place”.

Section 3 basically talked about “integrating the threat and response cycle with portfolio management process”, which can be summarized in the below picture:

Section 4 was about “Business and risk investigation”, section 5 was about the “tradeoff analysis”, and section 6 was about “investment strategies and budget submission”. Which all can be summarized in this diagram:




No comments:

Post a Comment