Abstract
Enterprise Governance, Risk and Compliance (GRC) systems are key to managing risks threatening modern enterprises from many different angles. Key constituent to GRC systems is the definition of Controls that are implemented on the different layers of an Enterprise Architecture (EA). Controls become part of a “Concern” of the EA, which allows to use an EA viewpoint to cover Control compliance assessments. In this article we explore this relationship further, derive a metamodel linking Control and EA, and elicit how this linkage give rise to a hierarchic understanding of the viewpoint concept for EAs. We complement these considerations with an expository instantiation in a cockpit for Control compliance applied in an international enterprise in the insurance industry.
Highlights
Modern enterprises face threats that originate from different sources
Enterprise Governance, Risk and Compliance (GRC) systems are key to managing risks threatening modern enterprises from many different angles
Key constituent to GRC systems is the definition of Controls that are implemented on the different layers of an Enterprise Architecture (EA)
Summary
Modern enterprises face threats that originate from different sources. Different varieties of cyber security attacks are on the rise, as recent analyses of the threat landscape show [1]. The Controls are implemented into different ‘elements’ of the enterprise, e.g. additional checks within business processes, additional logic within business applications, or additional components within the technical infrastructure. The relationship between different controls and the resulting viewpoints give raise to a research question on the nature of concerns, viewpoints and views: How can hierarchies of controls be reflected as GRC-related concerns and viewpoints in an architecture description?. Preparing our considerations on the research question, we relate our work to the foundations of GRC, control modeling and control assessments in Section 2 to provide context for the subsequent considerations on GRC concerns. This approach provides a metamodel to model controls and control assessments, from which we derive a characteristics of GRC-related concerns in architecture descriptions.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: Complex Systems Informatics and Modeling Quarterly
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.