Open Access Open Access  Restricted Access Subscription Access

Towards an Approach for Integrating Business Continuity Management into Enterprise Architecture


Affiliations
1 AlQualsadi team, ENSIAS, Mohammed V University, Rabat, Morocco
 

In today’s global and complex business environment, security is a major issue for any organization. All organizations should have the capability to plan and respond to incidents and business disruptions. Business continuity management is part of information security management and the process of Business continuity management (BCM) can meet these needs. Indeed, Business Continuity refers to the ability of a business to continue its operations even if some sort of failure or disaster occurs. Business continuity management (BCM) requires a holistic approach that considers technological and organizational aspects. Besides, Enterprise architecture (EA) is a comprehensive view of organizational architecture, business, and technology architecture and their relationships. EA is also considered by several studies as a foundation for BC and security management. Our research aims at studying how BCM aspect can be embedded into the enterprise architecture. In this sense, this paper proposes a metamodel and an implementation method that considers BC in the design and implementation of EA.

Keywords

Business Continuity Management, Enterprise Architecture, Security Management, Enterprise Risk Management, MetaModeling.
User
Notifications
Font Size

  • N. Bajgoric et Y. B. Moon, « Enhancing systems integration by incorporating business continuity drivers », Ind. Manag. Data Syst., vol. 109, no 1, p. 74‑97, janv. 2009.
  • P. Gomes, G. Cadete, et M. M. da Silva, « Using Enterprise Architecture to Assist Business Continuity Planning in Large Public Organizations », 2017, p. 70‑78.
  • N. Banaeianjahromi et K. Smolander, « What do we know about the role of enterprise architecture in enterprise integration? A systematic mapping study », J. Enterp. Inf. Manag., vol. 29, no 1, p. 140‑164, févr. 2016.
  • N. Mayer, E. Grandry, C. Feltus, et E. Goettelmann, « Towards the ENTRI Framework: Security Risk Management Enhanced by the Use of Enterprise Architectures », in Advanced Information Systems Engineering Workshops, vol. 215, A. Persson et J. Stirna, Éd. Cham: Springer International Publishing, 2015, p. 459‑469.
  • R. Winter et R. Fischer, « Essential layers, artifacts, and dependencies of enterprise architecture », in 2006 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW’06), 2006, p. 30–30.
  • T. Bucher, R. Fischer, S. Kurpjuweit, et R. Winter, « Analysis and application scenarios of enterprise architecture: An exploratory study », in Enterprise Distributed Object Computing Conference Workshops, 2006. EDOCW’06. 10th IEEE International, 2006, p. 28–28.
  • Andrew Hiles, Definitive Handbook of Business Continuity Management. John Wiley & Sons, 2011.
  • S. Snedaker et C. Rima, Business continuity and disaster recovery planning for IT professionals, 2.ed. Waltham, Mass: Elsevier, Syngress, 2014.
  • S. Bernard, An Introduction To Enterprise Architecture: Second Edition 2nd Edition. 2012.
  • S. Bente, U. Bombosch, et S. Langade, Collaborative Enterprise Architecture: Enriching EA with lean, agile, and enterprise 2.0 practices. Newnes, 2012.
  • Charles Tupper, Data architecture: from zen to reality. Elsevier, 2011.
  • K. D. Niemann, From enterprise architecture to IT governance: elements of effective IT management, 1. ed. Wiesbaden: Vieweg, 2006.
  • B. Scholtz, A. Calitz, et A. Connolley, « An analysis of the adoption and usage of enterprise architecture », in Enterprise Systems Conference (ES), 2013, 2013, p. 1–9.
  • J. Zachman, « The zachman framework for enterprise architecture », Zachman Int., p. 79, 2002.
  • R. V. McCarthy, « Toward a unified enterprise architecture framework: An analytical evaluation », Issues Inf. Syst., vol. 7, no 2, p. 14–17, 2006.
  • J. Ralyté, S. España, et Ó. Pastor, Éd., The Practice of Enterprise Modeling, vol. 235. Cham: Springer International Publishing, 2015.
  • M. S. Beasley, B. V.Handcock, et B. C.Branson, « Strengthening Enterprise Risk Management for Strategic Advantage ». Coso, 2009.
  • H. Anir, M. Kassou, et M. Fredj, « Systematic Literature Review of Security and Enterprise Architecture », présenté à 4th International Workshop on Advanced Information Systems for Enterprises (IWAISE’16), Rabat Morocco, 2016.
  • M. E. Zadeh, G. Millar, et E. Lewis, « Mapping the Enterprise Architecture Principles in TOGAF to the Cybernetic Concepts--An Exploratory Study », 2012, p. 4270‑4276.
  • I. Tovstukha, « Management of Security Risks in the Enterprise Architecture using ArchiMate and Mal-activities », p. 53, 2014.
  • F. Innerhofer-Oberperfler et R. Breu, « Using an Enterprise Architecture for IT Risk Management. », in ISSA, 2006, p. 1–12.
  • O. Rejeb, R. Bastide, E. Lamine, F. Marmier, et H. Pingaud, « A model driven engineering approach for business continuity management in e-Health systems », in Digital Ecosystems Technologies (DEST), 2012 6th IEEE International Conference on, 2012, p. 1–7.
  • N. Mayer, J. Aubert, E. Grandry, C. Feltus, E. Goettelmann, et R. Wieringa, « An integrated conceptual model for information system security risk management supported by enterprise architecture management », Softw. Syst. Model., févr. 2018.
  • J. Brás et S. Guerreiro, « DEMO Business Processes Design to Improve the Enterprise Business Continuity Plans », in Advances in Enterprise Engineering XI, vol. 284, D. Aveiro, R. Pergl, G. Guizzardi, J. P. Almeida, R. Magalhães, et H. Lekkerkerk, Éd. Cham: Springer International Publishing, 2017, p. 99‑107.
  • K. Peffers, T. Tuunanen, M. A. Rothenberger, et S. Chatterjee, « A Design Science Research Methodology for Information Systems Research », J. Manag. Inf. Syst., vol. 24, no 3, p. 45‑77, déc. 2007.
  • C. M. Pereira et P. Sousa, « A method to define an Enterprise Architecture using the Zachman Framework », in Proceedings of the 2004 ACM symposium on Applied computing, 2004, p. 1366– 1371.
  • A. Role et D. Role, « The DoDAF Architecture Framework Version 2.0 », 2011.
  • The Open Group, TOGAF® Version 9.1. Van Haren Publishing, ZaltBommel, 2011.
  • S. Aier, C. Fischer, et R. Winter, « Construction and evaluation of a meta-model for enterprise architecture design principles », 2011.
  • F. J. Armour, S. H. Kaisler, et S. Y. Liu, « Building an enterprise architecture step by step », IT Prof., vol. 1, no 4, p. 31–39, 1999.
  • J. Hoogervorst, « Enterprise architecture: Enabling integration, agility and change », Int. J. Coop. Inf. Syst., vol. 13, no 03, p. 213–233, 2004.
  • F. Innerhofer et R. Breu, « USING AN ENTERPRISE ARCHITECTURE FOR IT RISK MANAGEMENT », p. 12.
  • R. Winter et J. Schelp, « Enterprise architecture governance: the need for a business-to-IT approach », in Proceedings of the 2008 ACM symposium on Applied computing, 2008, p. 548–552.
  • L. B. FBCI, « Dictionary of Business Continuity Management Terms », 2011.
  • M. Lankhorst, Enterprise Architecture at Work. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009.
  • « ISO/Guide 73:2009 ». 1, nov-2009.
  • P. Kirvan, « The Importance of Performance Metrics in Business Continuity », 2014.
  • RIMS, « Exploring Risk Appetite and Risk Tolerance ». RIMS, 2012.
  • E. Zambon, D. Bolzoni, S. Etalle, et M. Salvato, « A model supporting business continuity auditing and planning in information systems », in Internet Monitoring and Protection, 2007. ICIMP 2007. Second International Conference on, 2007, p. 33–33.
  • ISO, « ISO 22313 ». 2012.
  • A. Singh, « CoBIT 5: Managing Continuity Aspects With A Practical Approach », p. 25, 2015.
  • M. Swanson, P. Bowen, A. W. Phillips, D. Gallup, et D. Lynes, « Contingency planning guide for federal information systems », National Institute of Standards and Technology, Gaithersburg, MD, NIST SP 800-34r1, 2010.
  • M. Swanson, A. Wohl, L. Pope, T. Grance, J. Hash, et R. Thomas, « Contingency planning guide for information technology systems :: recommendations of the National Institute of Standards and Technology », National Institute of Standards and Technology, Gaithersburg, MD, NIST SP 800-34, 2002.
  • ISO, « ISO 22301 ». 2012.

Abstract Views: 333

PDF Views: 145




  • Towards an Approach for Integrating Business Continuity Management into Enterprise Architecture

Abstract Views: 333  |  PDF Views: 145

Authors

Hanane Anir
AlQualsadi team, ENSIAS, Mohammed V University, Rabat, Morocco
Mounia Fredj
AlQualsadi team, ENSIAS, Mohammed V University, Rabat, Morocco
Meryem Kassou
AlQualsadi team, ENSIAS, Mohammed V University, Rabat, Morocco

Abstract


In today’s global and complex business environment, security is a major issue for any organization. All organizations should have the capability to plan and respond to incidents and business disruptions. Business continuity management is part of information security management and the process of Business continuity management (BCM) can meet these needs. Indeed, Business Continuity refers to the ability of a business to continue its operations even if some sort of failure or disaster occurs. Business continuity management (BCM) requires a holistic approach that considers technological and organizational aspects. Besides, Enterprise architecture (EA) is a comprehensive view of organizational architecture, business, and technology architecture and their relationships. EA is also considered by several studies as a foundation for BC and security management. Our research aims at studying how BCM aspect can be embedded into the enterprise architecture. In this sense, this paper proposes a metamodel and an implementation method that considers BC in the design and implementation of EA.

Keywords


Business Continuity Management, Enterprise Architecture, Security Management, Enterprise Risk Management, MetaModeling.

References