Deriving Information System Security and Privacy From Value Cocreation Theory: Case Study in the Financial Sector

摘要

Traditionally, the relationship between the company and its providers have for objective to generate value at the company side in exchange of money. This relationship is largely investigated through the vector of value chain. In this article, security and privacy cocreation (SPCC) is investigated as a specialization of value cocreation. Although it is an important research topic, and despite a plethora of research aiming at depicting the fundamental of SPCC, few contributions have been appeared until now in the area of a language to support SPCC design and deployment. However, such a language is necessary to describe elements of the information system, as well as their underlying dependencies. As a result, this article proposes extending an existing enterprise architecture language to support the process of decision-making and to allow understanding and analysis of the impacts associated to a change of the system architecture as a whole.