Enterprise-oriented Cybersecurity Management
Tomasz Chmielecki, Piotr Chołda, Piotr Pacyna, Paweł Potrawka, Norbert Rapacz, Rafał Stankiewicz, Piotr Wydrych
DOI: http://dx.doi.org/10.15439/2014F38
Citation: Proceedings of the 2014 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 2, pages 863–870 (2014)
Abstract. Information technology is widely used in processes vital to enterprises. Therefore, IT systems must meet at least the same level of security as required from the business processes supported by these systems. In this paper, we present a view on cybersecurity management as an enterprise-centered process, and we advocate the use of enterprise architecture in security management. Activities such as risk assessment, selection of security controls, as well as their deployment and monitoring should be carried out as a part of enterprise architecture activity. A set of useful frameworks and tools is presented and discussed.