Enterprise Risk Management and security have become a fundamental part of Enterprise Architecture, so several frameworks and modeling languages have been designed to support the activities associated with these areas. Archi- Mate’s Risk and Security Overlay is one of such proposals, endorsed by The Open Group. We investigate the capabilities of the proposed security-related con- structs in ArchiMate with regard to the necessities of enterprise security modeling. Our analysis relies on a well-founded reference ontology of security to uncover ambiguity, missing (...) modeling elements, and other deficiencies of the security mod- eling capabilities in ArchiMate. Based on this ontologically-founded analysis, we propose a redesign of security aspects of ArchiMate to overcome its original limitations. (shrink)

Enterprise Risk Management involves the process of identification, evaluation, treatment, and communication regarding risks throughout the enterprise. To support the tasks associated with this process, several frameworks and modeling languages have been proposed, such as the Risk and Security Overlay (RSO) of ArchiMate. An ontological investigation of this artifact would reveal its adequacy, capabilities, and limitations w.r.t. the domain of risk and security. Based on that, a language redesign can be proposed as a refinement. Such analysis and redesign have been (...) executed for the risk elements of the RSO grounded in the Common Ontology of Value and Risk. The next step along this line of research is to address the following research problems: What would be the outcome of an ontological analysis of security-related elements of the RSO? That is, can we identify other semantic deficiencies in the RSO through an ontological analysis? Once such an analysis is provided, can we redesign the security elements of the RSO accordingly, in order to produce an improved artifact? Here, with the aid of the Reference Ontology for Security Engineering (ROSE) and the ontological theory of prevention behind it, we address the remaining gap by proceeding with an ontological analysis of the security-related constructs of the RSO. The outcome of this assessment is an ontology-based redesign of the ArchiMate language regarding security modeling. In a nutshell, we report the following contributions: (1) an ontological analysis of the RSO that identifies six limitations concerning security modeling; (2) because of the key role of the notion of prevention in security modeling, the introduction of the ontological theory of prevention in ArchiMate; (3) a well-founded redesign of security elements of ArchiMate; and (4) ontology-based security modeling patterns that are logical consequences of our proposal of redesign due to its underlying ontology of security. As a form of evaluation, we show that our proposal can describe risk treatment options, according to ISO 31000. Finally, besides presenting multiple examples, we proceed with a real-world illustrative application taken from the cybersecurity domain. (shrink)

Risk propagation encompasses a plethora of techniques for analyzing how risk “spreads” in a given system. Albeit commonly used in technical literature, the very notion of risk propagation turns out to be a conceptually imprecise and overloaded one. This might also explain the multitude of modeling solutions that have been proposed in the lit- erature. Having a clear understanding of what exactly risk is, how it be quantified, and in what sense it can be propagated is fundamental for devising high-quality (...) risk assessment and decision-making solutions. In this paper, we exploit a previous well-established work about the nature of risk and related notions with the goal of providing a proper interpre- tation of the different notions of risk propagation, as well as revealing and harmonizing the alternative semantics for the links used in common risk propagation graphs. Finally, we discuss how these results can be leveraged in practice to model risk propagation scenarios. (shrink)

In Risk Management, security issues arise from complex relations among objects and agents, their capabilities and vulnerabilities, the events they are involved in, and the value and risk they ensue to the stakeholders at hand. Further, there are patterns involving these relations that crosscut many domains, ranging from information security to public safety. Understanding and forming a shared conceptualization and vocabulary about these notions and their relations is fundamental for modeling the corresponding scenarios, so that proper security countermeasures can be (...) devised. Ontologies are instruments developed to address these conceptual clarification and terminological systematization issues. Over the years, several ontologies have been proposed in Risk Management and Security Engineering. However, as shown in recent literature, they fall short in many respects, including generality and expressivity - the latter impacting on their interoperability with related models. We propose a Reference Ontology for Security Engineering (ROSE) from a Risk Treatment perspective. Our proposal leverages on two existing Reference Ontologies: the Common Ontology of Value and Risk and a Reference Ontology of Prevention, both of which are grounded on the Unified Foundational Ontology (UFO). ROSE is employed for modeling and analysing some cases, in particular providing clarification to the semantically overloaded notion of Security Mechanism. (shrink)