Paul Loft
CAESAR8: An agile enterprise architecture approach to managing information security risks
Loft, Paul; He, Ying; Yevseyeva, Iryna; Wagner, Isabel
Authors
Ying He
Iryna Yevseyeva
Isabel Wagner
Abstract
In theory, implementing an Enterprise Architecture (EA) should enable organizations to increase the accuracy of information security risk assessments. In reality, however, organizations struggle to fully implement EA frameworks because the requirements for implementing an EA and the benefits of commercial frameworks are unclear, and the overhead of maintaining EA artifacts is unacceptable, especially for smaller organizations. In this paper, we describe a novel approach called CAESAR8 (Continuous Agile Enterprise Security Architecture Review in 8 domains) that supports dynamic and holistic reviews of information security risks in IT projects. CAESAR8’s nonlinear design supports continuous reassessment of information security risks, based on a checklist that assesses the maturity of security considerations in eight domains that often cause information security failures. CAESAR8 assessments can be completed by multiple stakeholders independently, thus ensuring consideration of their tacit knowledge while preventing groupthink. Our evaluation with experienced industry professionals showed that CAESAR8 successfully addresses real-world problems in information security risk management, with significant benefits particularly for smaller organizations.
Citation
Loft, P., He, Y., Yevseyeva, I., & Wagner, I. (2022). CAESAR8: An agile enterprise architecture approach to managing information security risks. Computers and Security, 122, Article 102877. https://doi.org/10.1016/j.cose.2022.102877
Journal Article Type | Article |
---|---|
Acceptance Date | Aug 15, 2022 |
Online Publication Date | Sep 6, 2022 |
Publication Date | Nov 1, 2022 |
Deposit Date | Sep 16, 2022 |
Publicly Available Date | Mar 29, 2024 |
Journal | Computers and Security |
Print ISSN | 0167-4048 |
Publisher | Elsevier BV |
Peer Reviewed | Peer Reviewed |
Volume | 122 |
Article Number | 102877 |
DOI | https://doi.org/10.1016/j.cose.2022.102877 |
Keywords | Law; General Computer Science |
Public URL | https://nottingham-repository.worktribe.com/output/10083077 |
Publisher URL | https://www.sciencedirect.com/science/article/pii/S0167404822002711?via%3Dihub |
Files
CAESAR8 C S
(1.5 Mb)
PDF
You might also like
Agile incident response (AIR): Improving the incident response process in healthcare
(2021)
Journal Article
The Agile Incident Response for Industrial Control Systems (AIR4ICS) framework
(2021)
Journal Article
Downloadable Citations
About Repository@Nottingham
Administrator e-mail: digital-library-support@nottingham.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search