Please use this identifier to cite or link to this item:
|Title:||Integrated management of risk information|
Borbinha, J. L.
|Keywords:||Risk management;It governance;Enterprise architecture;Metadata registry|
|Abstract:||Today's competitive environment requires effective risk management activities to create prevention and control mechanisms to address the risks attached to specific activities and valuable assets. One of the main challenges in this area is concerned with the analysis and modeling of risks, which increases with the fact that current efforts tend to operate in silos with narrowly focused, functionally driven, and disjointed activities. This leads to a fragmented view of risks, where each activity uses its own language, customs and metrics. The lack of interconnection and holistic view of risks limits an organization-wide perception of risks, where interdependent risks are not anticipated, controlled or managed. In order to address the Risk Management interoperability and standardization issues, this paper proposes an alignment between Risk Management, Governance and Enterprise Architecture activities, providing a systematic support to map and trace identified risks to enterprise artifacts modeled within the Enterprise Architecture, supporting the overall strategy and governance of any organization. We propose an architecture where risks are defined through a XML-based domain specific language, and integrated with a Metadata Registry to handle risk concerns in the overall organization environment.|
|Appears in Collections:||CD/NTIEC - Comunicações a congressos e artigos de revista|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.