Skip to main content
SpringerLink
Log in
Book cover

International Conference on Business Informatics Research

BIR 2016: Perspectives in Business Informatics Research pp 220–235Cite as

Information Security Governance: Valuation of Dependencies Between IT Solution Architectures

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 261))

Abstract

Nowadays, information security is a main organizational concern that aims to control and protect business assets from existing threats. However, the lack of mechanisms to direct and control the increasing incorporation of Information Technology (IT) assets to support new security solution architectures creates additional security threats. We created a method to identify the hidden implications that exist after implementing IT assets of different solution architectures. This method comprises two artifacts. The first artifact is a metamodel that characterizes three domains: IT governance, enterprise architecture, and dependencies between IT assets of solution architectures. The second artifact is a model to specify value dependencies, which identify the business impact related to interoperability relations between the aforementioned assets. The application of this method in a Latin American central bank led to rationalize IT assets and to obtain a suitable security solution architecture from two existing architectures.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. von Solms, R., von Solms, S.B.: Information security governance: a model based on the direct-control cycle. Comput. Secur. 25, 408–412 (2006)

    Article  Google Scholar 

  2. Ohki, E., Harada, Y., Kawaguchi, S., Shiozaki, T., Kagaya, T.: Information security governance framework. In: First ACM Workshop on Information Security Governance, pp. 1–6. ACM, New York (2009)

    Google Scholar 

  3. Kusumah, P., Sutikno, S., Rosmansyah, Y.: Model design of information security governance assessment with collaborative integration of COBIT 5 and ITIL (casestudy: INTRAC). In: 2nd International Conference on ICT for Smart Society, pp. 1–6. IEEE, Danvers (2014)

    Google Scholar 

  4. Tillquist, J., Rodgers, W.: Using asset specificity and asset scope to measure the value of IT. Commun. ACM 48, 75–80 (2005)

    Article  Google Scholar 

  5. González Rojas, O.: Governing IT services for quantifying business impact. In: Matulevičius, R., Dumas, M. (eds.) BIR 2015. LNBIP, vol. 229, pp. 97–112. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  6. IEEE Architecture Working Group: Std 1471–2000. Recommended Practice for Architectural Description of Software-intensive Systems. Technical report, IEEE (2000)

    Google Scholar 

  7. The Open Group: TOGAF Version 9.1 - Enterprise Edition. Van Haren Publishing (2011)

    Google Scholar 

  8. Euting, T., Weimert, B.: Information security. In: Bullinger, H.-J. (ed.) Technology Guide: Principles - Applications - Trends, pp. 498–503. Springer, Heidelberg (2009)

    Google Scholar 

  9. Weill, P., Ross, J.: IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press, Boston (2004)

    Google Scholar 

  10. IEEE Computer Society: IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries. IEEE Press, Piscataway (1991)

    Google Scholar 

  11. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Quart. 28(1), 75–106 (2004)

    Google Scholar 

  12. Coetzee, M.: Towards a holistic information security governance framework for SOA. In: 7th International Conference on Availability, Reliability and Security, pp. 155–160. IEEE Computer Society (2012)

    Google Scholar 

  13. Burkett, J.S.: Business security architecture: weaving information security into your organization’s enterprise architecture through SABSA. Inf. Secur. J. Glob. Perspect. 21, 47–54 (2012)

    Article  Google Scholar 

  14. Davern, M.J., Kauffman, R.J.: Discovering potential and realizing value from information technology investments. J. Manage. Inf. Syst. 16(4), 121–143 (2000)

    Article  Google Scholar 

  15. International Organization for Standardization: ISO/IEC 27000:2016: Information technology - Security techniques - Information security management systems - Overview and vocabulary. Technical report, ISO (2016)

    Google Scholar 

  16. Bowen, P., Hash, J., Wilson, M.: Information Security Handbook: A Guide for Managers. Technical report, National Institute of Standards & Technology (2006)

    Google Scholar 

  17. ISACA: COBIT 5 for Information Security. Technical report, Information Systems Audit and Control Association (2013)

    Google Scholar 

  18. ISACA: COBIT 5 for Risk. Technical report, Information Systems Audit and Control Association (2013)

    Google Scholar 

  19. Parent, M., Reich, B.H.: Governing information technology risk. Calif. Manage. Rev. 51(3), 134–152 (2009)

    Article  Google Scholar 

  20. González-Rojas, O., Lesmes, S.: Value at risk within business processes: an automated IT risk governance approach. In: Rosa, M.L., Loos, P., Pastor, O. (eds.) BPM 2016. LNCS, vol. 9850. Springer, Heidelberg (2016, in press)

    Google Scholar 

  21. Herrmann, A., Morali, A., Etalle, S., Wieringa, R.: Risk and business goal based security requirement and countermeasure prioritization. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 64–76. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Systems and Computing Engineering Department, School of Engineering, Universidad de los Andes, Bogotá, Colombia

    Oscar González-Rojas, Lina Ochoa-Venegas & Guillermo Molina-León

Authors
  1. Oscar González-Rojas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lina Ochoa-Venegas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guillermo Molina-León
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Oscar González-Rojas .

Editor information

Editors and Affiliations

  1. Department of Information Technology, University of Economics, Prague 3, Czech Republic

    Václav Řepa

  2. Department of Information Technology, University of Economics, Prague 3, Praha, Czech Republic

    Tomáš Bruckner

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

González-Rojas, O., Ochoa-Venegas, L., Molina-León, G. (2016). Information Security Governance: Valuation of Dependencies Between IT Solution Architectures. In: Řepa, V., Bruckner, T. (eds) Perspectives in Business Informatics Research. BIR 2016. Lecture Notes in Business Information Processing, vol 261. Springer, Cham. https://doi.org/10.1007/978-3-319-45321-7_16

Download citation

Publish with us

Policies and ethics

Search

Navigation