How Do We Optimize Risk in Enterprise Architecture when Deploying Emerging Technologies?

Abstract

Emerging Technologies which merge cyber-physical systems continue to transform businesses and digital agility in transformative ways. Importantly, most investigations around focus on either cyber risk or the risk around physical systems but it does not encompass both. However, the immediate challenge is new opportunities occurring with emerging technologies. Examples include automobiles, the Internet of Things (IoT), medical devices, and building controls. In this study we will focus identifying risk as an optimization not a minimization problem and how to develop a practical approach for executives and boards to use in the oversight of cyber physical systems. Based on interviews with executive leadership teams and boards of directors we explored the over-arching research question: How can we apply a risk-based approach to cyber-physical security and what questions should business leaders be asking? The research methodology used a survey instrument and multiple qualitative methods involving business leaders from 60 companies and 80 business leaders from September 2018 – September 2019. Based on this analysis, we developed an extended framework for executives, as well as questions and process for boards to consider as part of their oversight. The Extended Risk-Based Approach equips boards and executives as they begin to develop their thinking around enterprise cyber physical risk.