CAESAR8: An agile enterprise architecture approach to managing information security risks
| dc.contributor.author | Loft, P | |
| dc.contributor.author | He, Y | |
| dc.contributor.author | Yevseyeva, I | |
| dc.contributor.author | Wagner, I | |
| dc.date.accessioned | 2023-12-19T11:49:44Z | |
| dc.date.available | 2023-12-19T11:49:44Z | |
| dc.date.issued | 2022-11 | |
| dc.identifier.issn | 0167-4048 | |
| dc.identifier.uri | https://qmro.qmul.ac.uk/xmlui/handle/123456789/93040 | |
| dc.description.abstract | In theory, implementing an Enterprise Architecture (EA) should enable organizations to increase the accuracy of information security risk assessments. In reality, however, organizations struggle to fully implement EA frameworks because the requirements for implementing an EA and the benefits of commercial frameworks are unclear, and the overhead of maintaining EA artifacts is unacceptable, especially for smaller organizations. In this paper, we describe a novel approach called CAESAR8 (Continuous Agile Enterprise Security Architecture Review in 8 domains) that supports dynamic and holistic reviews of information security risks in IT projects. CAESAR8’s nonlinear design supports continuous reassessment of information security risks, based on a checklist that assesses the maturity of security considerations in eight domains that often cause information security failures. CAESAR8 assessments can be completed by multiple stakeholders independently, thus ensuring consideration of their tacit knowledge while preventing groupthink. Our evaluation with experienced industry professionals showed that CAESAR8 successfully addresses real-world problems in information security risk management, with significant benefits particularly for smaller organizations. | en_US |
| dc.format.extent | 102877 - ? | |
| dc.publisher | Elsevier | en_US |
| dc.relation.ispartof | Computers & Security | |
| dc.rights | This item is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. | |
| dc.rights | Attribution 3.0 United States | * |
| dc.rights.uri | http://creativecommons.org/licenses/by/3.0/us/ | * |
| dc.title | CAESAR8: An agile enterprise architecture approach to managing information security risks | en_US |
| dc.type | Article | en_US |
| dc.rights.holder | © 2022 The Authors. Published by Elsevier Ltd. | |
| dc.identifier.doi | 10.1016/j.cose.2022.102877 | |
| pubs.notes | Not known | en_US |
| pubs.volume | 122 | en_US |
| rioxxterms.funder | Default funder | en_US |
| rioxxterms.identifier.project | Default project | en_US |
Files in this item
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as This item is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
