Abstract

Enterprise Risk Management and security have become a fundamental part of Enterprise Architecture, so several frameworks and modeling languages have been designed to support the activities associated with these areas. Archi- Mate’s Risk and Security Overlay is one of such proposals, endorsed by The Open Group. We investigate the capabilities of the proposed security-related con- structs in ArchiMate with regard to the necessities of enterprise security modeling. Our analysis relies on a well-founded reference ontology of security to uncover ambiguity, missing modeling elements, and other deficiencies of the security mod- eling capabilities in ArchiMate. Based on this ontologically-founded analysis, we propose a redesign of security aspects of ArchiMate to overcome its original limitations.