Abstract
Enterprise Risk Management and security have become a fundamental part of Enterprise Architecture, so several frameworks and modeling languages have been designed to support the activities associated with these areas. ArchiMate’s Risk and Security Overlay is one of such proposals, endorsed by The Open Group. We investigate the capabilities of the proposed security-related constructs in ArchiMate with regard to the necessities of enterprise security modeling. Our analysis relies on a well-founded reference ontology of security to uncover ambiguity, missing modeling elements, and other deficiencies of the security modeling capabilities in ArchiMate. Based on this ontologically-founded analysis, we propose a redesign of security aspects of ArchiMate to overcome its original limitations.
Work Supported By Accenture Israel Cybersecurity Labs
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Files related to ROSE can be found in the following public repository: https://github.com/unibz-core/security-ontology.
- 2.
Actually, we can wonder whether the distinction of several of ArchiMate’s Motivation Elements is (or not) redundant, such as goal, outcome, requirement, and principle, but this issue is outside the scope of our paper.
- 3.
Naturally, employing the theory of prevention in ArchiMate requires adaptation, considering ArchiMate does not distinguish the instance level from the type level.
- 4.
References
Band, I., et al.: How to model enterprise risk management and security with the archimate language. The Open Group white paper (W172), vol. 9 (2019)
Baratella, R., Fumagalli, M., Oliveira, Í., Guizzardi, G.: Understanding and modeling prevention. In: Guizzardi, R., Ralyte, J., Franch, X. (eds.) International Conference on Research Challenges in Information Science, LNBIP, vol. 446, pp. 389–405. Springer (2022). https://doi.org/10.1007/978-3-031-05760-1_23
van den Bosch, S.: Designing Secure Enterprise Architectures A comprehensive approach: framework, method, and modelling language. Master’s thesis (2014)
Guizzardi, G.: Ontological foundations for structural conceptual models (2005)
Guizzardi, G., et al.: Grounding software domain ontologies in the Unified Foundational Ontology (UFO): the case of the ODE software process ontology. In: Ibero-American Conference on Software Engineering, pp. 127–140 (2008)
ISO: ISO 31000:2018 - Risk management - Guidelines (2018)
Lankhorst, M.: Enterprise Architecture at Work: Modelling, Communication and Analysis. Springer (2017)
Mayer, N., Feltus, C.: Evaluation of the risk and security overlay of archimate to model information system security risks. In: 2017 IEEE 21st International Enterprise Distributed Object Computing Workshop (EDOCW), pp. 106–116. IEEE (2017)
Oliveira, Í., et al.: An ontology of security from a risk treatment perspective. In: Chakravarthy, U., Mohania, M., Ralyté, J. (eds.) Conceptual Modeling. ER 2022. LNCS, vol. 13607. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-17995-2_26
Rosemann, M., et al.: A reference methodology for conducting ontological analyses. In: Atzeni, P., Chu, W., Lu, H., Zhou, S., Ling, T.-W. (eds.) ER 2004. LNCS, vol. 3288, pp. 110–121. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30464-7_10
Sales, T.P., et al.: The common ontology of value and risk. In: Trujillo, J.C., et al.(eds.) ER 2018. LNCS, vol. 11157, pp. 121–135. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00847-5_11
Sales, T.P., et al.: Ontological analysis and redesign of risk modeling in ArchiMate. In: Intl. Enterprise Distributed Object Computing Conference, pp. 154–163 (2018)
Sales, T.P., et al.: A pattern language for value modeling in ArchiMate. In: Giorgini, P., Weber, B. (eds.) CAiSE 2019. LNCS, vol. 11483, pp. 230–245. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-21290-2_15
Teixeira, J.M.L.: Modelling Risk Management using ArchiMate. Master’s thesis (2017)
The Open Group: Archimate® 3.1 specification. https://pubs.opengroup.org/architecture/archimate3-doc/
The Open Group: Integrating risk and security within a togaf® enterprise architecture. The Open Group Guide white paper (2019). www.opengroup.org/library/g152
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Oliveira, Í., Sales, T.P., Almeida, J.P.A., Baratella, R., Fumagalli, M., Guizzardi, G. (2022). Ontological Analysis and Redesign of Security Modeling in ArchiMate. In: Barn, B.S., Sandkuhl, K. (eds) The Practice of Enterprise Modeling. PoEM 2022. Lecture Notes in Business Information Processing, vol 456. Springer, Cham. https://doi.org/10.1007/978-3-031-21488-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-21488-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21487-5
Online ISBN: 978-3-031-21488-2
eBook Packages: Computer ScienceComputer Science (R0)
