Enterprise security architecture in business convergence environments

Industrial Management and Data Systems - Tập 105 Số 7 - Trang 919-936 - 2005

SangkyunKim¹, ChoonSeong Leem²

¹Program in Electronic Commerce, Yonsei University, Seoul, South Korea

²Department of Computer and Industrial Engineering, Yonsei University, Seoul, South Korea

Tóm tắt

PurposeTo provide the strategic model of approach which helps enterprise executives to solve the managerial problems of planning, implementation and operation about information security in business convergence environments.Design/methodology/approachA risk analysis method and baseline controls of BS7799 were used to generate security patterns of business convergence. With the analysis of existing enterprise architecture (EA) methods, the framework of the enterprise security architecture was designed.FindingsThe adaptive framework, including the security patterns with quantitative factors, enterprise security architecture with 18 dimensions, and reference models in business convergence environments, is provided.Research limitations/implicationsInformation assets and baseline controls should be subdivided to provide more detailed risk factors and weight factors of each business convergence strategy. Case studies should be performed continuously to consolidate contents of best practices.Practical implicationsWith the enterprise security architecture provided in this paper, an enterprise that tries to create a value‐added business model using convergence model can adapt itself to mitigate security risks and reduce potential losses.Originality/valueThis paper outlined the business risks in convergence environments with risk analysis and baseline controls. It is aguably the first attempt to adapt the EA approach for enterprise executives to solve the security problems of business convergence.

Từ khóa

Tài liệu tham khảo

Abrams, C. (2001), Convergence: Understanding a Transformation Imperative, Gartner Inc., Stamford, CT.

Amoroso, E.G. (1994), Fundamentals of Computer Security Technology, Prentice‐Hall, Englewood Cliffs, NJ.

Baccarini, D., Salm, G. and Love, P.E.D. (2004), “Management of risks in information technology projects”, Industrial Management & Data Systems, Vol. 104 No. 4, pp. 286‐95.

Bass, L., Clements, P. and Kazman, R. (1997), Software Architecture in Practice, Addison‐Wesley, Boston, MA.

Bayle, A.J. (1988), “Security in open system networks: a tutorial survey”, Information Age, Vol. 10 No. 3, pp. 131‐45.

Boar, B.H. (1999), Constructing Blueprints for Enterprise IT Architectures, Wiley, New York, NY.

Booch, G., Rumbaugh, J. and Jacobson, I. (1999), The UML Modeling Language User Guide, Addison‐Wesley, Boston, MA.

Courtney, H., Kirkland, J. and Viguerie, P. (1997), “Strategy under uncertainty”, Harvard Business Review, Vol. 75 No. 6, pp. 67‐79.

CSE (1996), Guide to Risk Assessment and Safeguard Selection for Information Technology Systems, Communications Security Establishment, Ottawa.

Deise, M.V., Nowikow, C., King, P. and Wright, A. (2000), Executive's Guide to E‐business: from Tactics to Strategy, Wiley, New York, NY.

Dey, P.K. and Ogunlana, S.O. (2004), “Selection and application of risk management tools and techniques for build‐operate‐transfer projects”, Industrial Management & Data Systems, Vol. 104 No. 4, pp. 334‐46.

Fine, L.H. (1983), Computer Security – A Handbook for Management, William Heinemann, London.

Fites, P.E., Kratz, M.P.J. and Brebner, A.F. (1989), Controls and Security of Computer Information Systems, Computer Science Press, Rockville, MD.

Forcht, K.A. and Pierson, J. (1994), “New technologies and future trends in computer security”, Industrial Management & Data Systems, Vol. 94 No. 8, pp. 30‐6.

Huang, S., Chang, I., Li, S. and Lin, M. (2004), “Assessing risk in ERP projects: identify and prioritize the factors”, Industrial Management & Data Systems, Vol. 104 No. 8, pp. 681‐8.

Jazayeri, M., Ran, A. and Linden, F.V.D. (2000), Software Architecture for Product Families: Principles and Practice, Addison‐Wesley, Boston, MA.

Johnson, M. and Whitman, L. (1998), “Enterprise engineering: a discipline for integrating people, processes and technologies in the knowledge era”, Proceedings of the Business Process and Knowledge Management Conference 1998, Orlando, FL.

Kim, S. and Leem, C.S. (2004), “An information engineering methodology for the security strategy planning”, Lecture Notes in Computer Science, Vol. 3043, pp. 597‐607.

Kim, S. and Leem, C.S. (2005), “Security of the internet‐based instant messenger: risks and safeguards”, Internet Research: Electronic Networking Applications and Policy, Vol. 15 No. 1, pp. 88‐98.

Krutz, R.L. and Vines, R.D. (2001), The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, Wiley, New York, NY.

Li, D.H. (1983), Controls in a Computer Environment: Objectives, Guidelines, and Audit Procedures, EDP Auditors Foundation, Carol Stream, IL.

Mack, R., Gerrard, M. and Frey, N. (2002), An IS Perspective on Mergers and Acquisitions: A Six‐Stage Handbook, Gartner Inc., Stamford, CT.

Madnick, S.E. (1978), “Management policies and procedures needed for effective computer security”, Sloan Management Review, Vol. 19 No. 3, pp. 61‐74.

Meyer, C. and Davis, S. (2003), It's Alive, Crown Business, New York, NY.

NIST (2001), Security Assessment Guide Information Technology Systems, NIST, Gaithersburg, MD.

Oh, D.J. (2003), “A study of the business strategy on the convergence: an analysis of the assets and the complementary assets”, Master's thesis, Ewha Women's University, Seoul.

Post, G.V. and Diltz, J.D. (1986), “A stochastic dominance approach to risk analysis of computer systems”, MIS Quarterly, Vol. 10 No. 4, pp. 363‐75.

Rainer, R.K., Snyder, C.A. and Carr, H.H. (1991), “Risk analysis for information technology”, Journal of Management Information Systems, Vol. 8 No. 1, pp. 129‐47.

Rechtin, E. (1991), System Architecting: Creating and Building Complex Systems, Prentice‐Hall, Englewood Cliffs, NJ.

Rold, C.D. (2002), Service Market: Technical Convergence, Gartner Inc., Stamford, CT.

Ron, W. (1988), EDP Auditing: Conceptual Foundations and Practice, McGraw‐Hill, New York, NY.

Schweitzer, J.A. (1983), Protecting Information in the Electronic Workplace: A Guide for Managers, Reston Publishing Company, Reston, VA.

Suh, B. (1996), “Design of the conceptual framework of Korean risk management system: identification of information system threats”, Master's thesis, KAIST, Daejeon.

Swanson, M. (1998), Guide for Developing Security Plans for Information Technology Systems, NIST, Gaithersburg, MD.

Vallabhaneni, R. (2000), CISSP Examination Textbooks, SRV Professional Publications, Los Angeles, CA.

Yoffie, D.B. (1997), Competing in the Age of Digital Convergence, Harvard Business School Press, Boston, MA.

Zachman, J.A. (1999), “A framework for information systems architecture”, IBM Systems Journal, Vol. 38 Nos 2/3, pp. 450‐70.

Zhang, Q. and Cao, M. (2002), “Business process reengineering for flexibility and innovation in manufacturing”, Industrial Management & Data Systems, Vol. 102 No. 3, pp. 146‐52.

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Hệ thống CSDL Khoa học & Công nghệ

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA