Information security governance: valuation of dependencies between IT solution architectures

Abstract

Nowadays, information security is a main organizational concern that aims to control and protect business assets from existing threats. However, the lack of mechanisms to direct and control the increasing incorporation of Information Technology (IT) assets to support new security solution architectures creates additional security threats. We created a method to identify the hidden implications that exist after implementing IT assets of different solution architectures. This method comprises two artifacts. The first artifact is a metamodel that characterizes three domains: IT governance, enterprise architecture, and dependencies between IT assets of solution architectures. The second artifact is a model to specify value dependencies, which identify the business impact related to interoperability relations between the aforementioned assets. The application of this method in a Latin American central bank led to rationalize IT assets and to obtain a suitable security solution architecture from two existing architectures.