An Integrated Conceptual Model for Information System Security Risk Management and Enterprise Architecture Management based on TOGAF, ArchiMate, IAF and DoDAF

Abstract

Risk management is today a major steering tool for any organization wanting to deal with Information System (IS) security. However, IS Security Risk Management (ISSRM) remains difficult to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with Enterprise Architecture Management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. Among the steps of the research method followed to define such an integrated EAM-ISSRM conceptual, this technical report presents the whole outputs (through alignment tables) of the conceptual alignment between concepts used to model EA (based on ArchiMate, TOGAF, IAF and DoDAF) and concepts of the ISSRM domain model.