Enterprise security architecture in business convergence environments
| DOI | https://doi.org/10.1108/02635570510616111 |
| Published date | 01 September 2005 |
| Date | 01 September 2005 |
| Pages | 919-936 |
| Author | Sangkyun Kim,Choon Seong Leem |
| Subject Matter | Economics,Information & knowledge management,Management science & operations |
Enterprise security architecture
in business convergence
environments
Sangkyun Kim
Program in Electronic Commerce, Yonsei University, Seoul, South Korea, and
Choon Seong Leem
Department of Computer and Industrial Engineering, Yonsei University, Seoul,
South Korea
Abstract
Purpose – To provide the strategic model of approach which helps enterprise executives to solve the
managerial problems of planning, implementation and operation about information security in
business convergence environments.
Design/methodology/approach – A risk analysis method and baseline controls of BS7799 were
used to generate security patterns of business convergence. With the analysis of existing enterprise
architecture (EA) methods, the framework of the enterprise security architecture was designed.
Findings – The adaptive framework, including the security patterns with quantitative factors,
enterprise security architecture with 18 dimensions, and reference models in business convergence
environments, is provided.
Research limitations/implications – Information assets and baseline co ntrols should be
subdivided to provide more detailed risk factors and weight factors of each business convergence
strategy. Case studies should be performed continuously to consolidate contents of best practices.
Practical implications – With the enterprise security architecture provided in this paper, an
enterprise that tries to create a value-added business model using convergence model can adapt itself
to mitigate security risks and reduce potential losses.
Originality/value – This paper outlined the business risks in convergence environments with risk
analysis and baseline controls. It is aguably the first attempt to adapt the EA approach for enterprise
executives to solve the security problems of business convergence.
Keywords Modelling, Datasecurity, Information systems, Risk management
Paper type Research paper
1. Introduction
The economy of the future derives from the science of today (Meyer and Davis, 2003).
The representative science of today is 3Cs which consist of contents, computer and
communication. Deise et al. provided four stages of e-business strategy: channel
enhancement,value chain integration, industrytransformation, convergence(Deise et al.,
2000). Businessconvergence is based on 3Cs, and it seamlessly integrates customers and
business partners into companies to build value networks, focuses on their core
competencies, and outsources non-core business components. Business convergence is
the unification of business function which creates the basis for new “value-added
services” for businesses and customers that will increase revenue and margins in an
increasingly competitive and connected market (Rold, 2002; Yoffie, 1997).
Enterprises must adapt themselves to rapidly changing circumstance to survive in
convergence environments. In biology, the metric is “fitness,” measured as the relative
The Emerald Research Register for this journal is available at The current issue and full text archive of this journal is available at
www.emeraldinsight.com/researchregister www.emeraldinsight.com/0263-5577.htm
Enterprise
security
architecture
919
Industrial Management & Data
Systems
Vol. 105 No. 7, 2005
pp. 919-936
qEmerald Group Publishing Limited
0263-5577
DOI 10.1108/02635570510616111
ability of an organism to breed successfully in a given environment. “Adapting” means
continually improving fitness, in particular as the environment changes (Meyer and Davis,
2003). The more adaptive the enterprise firm, the greater its ability to improve its fitness as
its market, industry, or technology changes. There are many things that enterprise should
adapt themselves in convergence environments. In this paper, we provide the adaptive
framework of enterprise security architecture in business convergence environments.
Security refers to “minimizing the risk of exposure of assets and resources to
vulnerabilities and threats of various kinds” (Bayle, 1988). Risk is a function of the
consequences (or impact) of an undesirable event and the likelihood of that event
occurring. Risk assessment is the process whereby risk relationships are analyzed, and
an estimate of the risk of asset compromise is developed. Compromise includes
unauthorized disclosure, destruction, removal, modification, or interruption. Options
for managing risk include reduction, transfer, avoidance, and acceptance (CSE, 1996).
There are three fundamental qualities of information which are vulnerable to risk and
which, need to be protected at all times, namely availability, integrity and
confidentiality. Swanson defined confidentiality “the system contains information
that requires protection from unauthorized disclosure”, integrity “the system contains
information which must be protected from unauthorized, unanticipated, or
unintentional modification”, and availability “the system contains information or
provides services which must be available on a timely basis to meet mission
requirements or to avoid substantial losses” (Swanson, 1998).
Managements are facing difficult problems and confusions when trying to plan or
implement information security systems in business convergence environments.
Problems are: What should be thought and considered on information securit y in
business convergence environments? How they could manage the brain-teasing work
of complicated enterprise security architecture? What is their baseline goal of
information security? (Forcht and Pierson, 1994).
This paper answers these questions by suggesting the enterprise architecture (EA)
for information security systems. We suggest the architecture of security contro ls
using EA concept to provide interoperability and agility.
2. Literature review
2.1 Convergence
Dictionary.com defined the convergence as “The occurrence of two or more things
coming together. The adaptive evolution of superficially similar structures, such as the
wings of birds and insects, in unrelated species subjected to similar environments.
Also, it is called convergent evolution” (www.dictionary.com).
Yoffie (1997) defined the convergence as “The unification of function; the coming
together of previously distinct products that employ digital technologies”.
Rold (2002) described that the convergence is supposed to occur between
telecommunications, IT (including ubiquitous computing), content (media,
entertainment, business information) and services. It should create the basis for new
“value-added services” for businesses and customers that will increase revenue and
margins in an increasingly competitive and connected market.
Business convergence is supposed to create a new business model. It merges two or
more business units’ competitive values to overcome the existing limitation of each
business unit. It is a strategy that enterprises who face with the limitation of ongoing
growing with their own technology or business model merges or allies their
IMDS
105,7
920
To continue reading
Request your trial