2013 17th IEEE International Enterprise Distributed Object Computing Conference (2013)
Vancouver, BC, Canada Canada
Sept. 9, 2013 to Sept. 13, 2013
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/EDOC.2013.18
At every step in creating an enterprise design, architects encounter risks and opportunities. In most cases, risk assessment and treatment is done using the company's internal methodology or based on some best-practices known by the architect. We propose a method that can combine both qualitative and quantitative risk analysis and also incorporate risk mitigation solutions. In IT security, attack-defence trees (ADT) were used successfully to represent attacks and counter-measures. The goal of this paper is to leverage the ADT approach in order to assess risks and opportunities in enterprise architecture. To that end, we elaborate a framework to identify the best ways to mitigate risks and increase an enterprise's profitability based on architectural principles. This framework will be validated with a practical case study from the insurance sector.
Computer architecture, Planning, Risk management, Companies, Insurance, Security
S. Sousa, D. Marosin, K. Gaaloul and N. Mayer, "Assessing Risks and Opportunities in Enterprise Architecture Using an Extended ADT Approach," 2013 17th IEEE International Enterprise Distributed Object Computing Conference(EDOC), Vancouver, BC, Canada Canada, 2013, pp. 81-90.