The Community for Technology Leaders
2013 17th IEEE International Enterprise Distributed Object Computing Conference (2013)
Vancouver, BC, Canada Canada
Sept. 9, 2013 to Sept. 13, 2013
ISSN: 1541-7719
pp: 81-90
ABSTRACT
At every step in creating an enterprise design, architects encounter risks and opportunities. In most cases, risk assessment and treatment is done using the company's internal methodology or based on some best-practices known by the architect. We propose a method that can combine both qualitative and quantitative risk analysis and also incorporate risk mitigation solutions. In IT security, attack-defence trees (ADT) were used successfully to represent attacks and counter-measures. The goal of this paper is to leverage the ADT approach in order to assess risks and opportunities in enterprise architecture. To that end, we elaborate a framework to identify the best ways to mitigate risks and increase an enterprise's profitability based on architectural principles. This framework will be validated with a practical case study from the insurance sector.
INDEX TERMS
Computer architecture, Planning, Risk management, Companies, Insurance, Security
CITATION

S. Sousa, D. Marosin, K. Gaaloul and N. Mayer, "Assessing Risks and Opportunities in Enterprise Architecture Using an Extended ADT Approach," 2013 17th IEEE International Enterprise Distributed Object Computing Conference(EDOC), Vancouver, BC, Canada Canada, 2013, pp. 81-90.
doi:10.1109/EDOC.2013.18
88 ms
(Ver 3.3 (11022016))