Enterprise information security, a review of architectures and frameworks from interoperability perspective

摘要

With the growth of ICT opportunities, the enterprises have realized the significance of interoperability as a competitive advantage. Thus, many enterprises have adopted the main strategy of rapidly changing their structures to support interoperability. On the other hand, interoperability is incompatible with information security.The Enterprise Information Security Architecture (EISA) offers a framework upon which business security requirements, the risks and the threats are analyzed and a portfolio of the best integrated enterprise security solutions is put together. Frameworks and models introduced in the past six years have examined different aspects of EISA.We realized the diversity of the mentioned approaches and in this paper, first, we develop two facets according to which these approaches are categorized. These facets are abstraction level (holistic vs. partial) and architectural viewpoint (managerial vs. technical). As interoperability is the primary focus of our study and it is a broad concept, we restrict our discussion to holistic frameworks and models. In this regard, we survey the prominent holistic approaches namely Gartner, SABSA, RISE frameworks, AGM-based model and intelligent Service-Oriented EISA.In the next step, we compare the mentioned frameworks from technical, organizational and semantic interoperability aspects. We conclude that none of the frameworks, not even those which are holistic, practical and greatly elaborated, have explored interoperability clearly.We assert that the competitive advantages offered by interoperability, justify the costs needed for implementing the incompatible concepts of interoperability and security along with each other. In addition, we suggest that the requirements which are common to both interoperability and security should be extracted and the significance of interoperability to EISA should be apprehended.