Mapping of enterprise governance of it practices metamodels

Auteurs

R. Lourinho, R. Almeida, M.M. Da Silva, P. Pinto, and B. Barafort 

Référence

in Lecture Notes in Business Information Processing : 14th European, Mediterranean, and Middle Eastern Conference on Information Systems, EMCIS 2017, Coimbra, Portugal, September 7-8, 2017, vol. 299, pp. 492-505, 2017

Description

The paper proposes a metamodel for ISO 27001 and its mapping with COBIT 5 using ArchiMate, an Enterprise Architecture (EA) modeling language. The metamodel’s purpose is to reduce the perceived complexity of implementing these Enterprise Governance of IT (EGIT) practices simultaneously. For the ontological mapping to be complete, the metamodel is extended with the ISO Technical Specification 33052 and 33072 which propose a Process Reference Model and a Process Assessment Model respectively, specifying Base Practices and Information Items from the ISO TS 33072 – composing the ISO TS 33052 processes - mapped to ISO 27001 controls. By applying best-known metamodeling techniques and modeling principles in conjunction with the use of EA models we further simplify the understanding of different EGIT practices by providing a standard based visualization on how these practices work together. Furthermore, we present the mapping and modeling of a COBIT 5 process and respective ISO 27001 controls as an example. The paper concludes by summarizing the considerations and techniques used in this research, as well as discussing limitations and future work in this domain. 

Lien

doi:10.1007/978-3-319-65930-5_39