Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure

S
SCC
2008
2008 IEEE International Conference on Services Computing Vol. 2
Abstract - Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Vijaykumar Rachamadugu Articles by John A. Anderson

2008 IEEE International Conference on Services Computing Vol. 2

July 07-July 11

ISBN: 978-0-7695-3283-7

	ASCII Text	x
	Vijaykumar Rachamadugu, John A. Anderson, "Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure," Services Computing, IEEE International Conference on, vol. 2, pp. 351-358, 2008 IEEE International Conference on Services Computing Vol. 2, 2008.

	BibTex	x
	@article{ 10.1109/SCC.2008.46, author = {Vijaykumar Rachamadugu and John A. Anderson}, title = {Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure}, journal ={Services Computing, IEEE International Conference on}, volume = {2}, year = {2008}, isbn = {978-0-7695-3283-7}, pages = {351-358}, doi = {http://doi.ieeecomputersociety.org/10.1109/SCC.2008.46}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Services Computing, IEEE International Conference on TI - Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure SN - 978-0-7695-3283-7 SP351 EP358 A1 - Vijaykumar Rachamadugu, A1 - John A. Anderson, PY - 2008 KW - risk-management KW - enterprise security KW - enterprise privacy KW - business process security KW - RISE VL - 2 JA - Services Computing, IEEE International Conference on ER -

Vijaykumar Rachamadugu

John A. Anderson

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SCC.2008.46

Managing information security and privacy assurance are fiduciary responsibilities of all government and commercial organizations, but standing up a comprehensive fully-assured environment from the onset may be technically or financially impossible. Many organizations inadequately address this challenge from a 'bottom-up' or piece-meal perspective, certifying and accrediting individual systems or focusing on perimeter systems and portals. A systematic enterprise-wide risk-management approach to information security and privacy is both practical and economically feasible, but must holistically integrate such requirements into both business process management and the technical infrastructure to be effective. The authors' development of the Roadmap for Information Security across the Enterprise (RISE) methodology establishes a systematic approach to security and privacy management by leveraging enterprise architecture approaches, and ensures implementation control by integrating the processes and responsibility with enterprise-level portfolio management. RISE defines an iterative threat assessment and response cycle and integrates it with capital planning and investment control (CPIC) for both operational and infrastructure initiatives. This paper describes how RISE ensures risk-informed continuous process improvement and capital planning by maintaining an architecturally founded knowledge base supporting strategic planning and investment review.

Index Terms:

risk-management, enterprise security, enterprise privacy, business process security, RISE

Citation:

Vijaykumar Rachamadugu, John A. Anderson, "Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure," scc, vol. 2, pp.351-358, 2008 IEEE International Conference on Services Computing Vol. 2, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.