Enterprise architecture planning: developing a blueprint for data, applications and technology
Enterprise architecture planning: developing a blueprint for data, applications and technology
Risk Analysis and Security Survey
Risk Analysis and Security Survey
Building an Enterprise Architecture Step by Step
IT Professional
Trust Services: A Framework for Service-Based Solutions
COMPSAC '02 Proceedings of the 26th International Computer Software and Applications Conference on Prolonging Software Life: Development and Redevelopment
International Journal of Information Security - Special issue on SC 2003
A model-based approach to trust, security and assurance
BT Technology Journal
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Cryptographic support for secure logs on untrusted machines
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A risk-driven security analysis method and modelling language
BT Technology Journal
On identity assurance in the presence of federated identity management systems
Proceedings of the 2007 ACM workshop on Digital identity management
Assurance for federated identity management
Journal of Computer Security - Digital Identity Management (DIM 2007)
Hi-index | 0.00 |
In this paper we describe an enterprise assurance model allowing many layers of the enterprise architecture, from the business processes, supporting applications and the IT infrastructure and operational processes, to be represented and related from a control and risk perspective. This provides a consistent way of capturing and relating the risk views for the various stakeholders within the organisation. At the lower level we use assurance models to provide automated testing of controls and policies, and at the higher level these results are related across the enterprise architecture. This enables a repository for manual and automated test results that can be used to derive different (but consistent) views for the various stakeholders.