Click here for full text:
Using assurance models to aid the risk and governance lifecycle
Baldwin, Adrian; Beres, Yolanta; Shiu, Simon
HPL-2007-48
Keyword(s): trust; assurance; risk; compliance; governance; security
Abstract: In this paper we describe an enterprise assurance model allowing many layers of the enterprise architecture from the business processes; supporting applications and the IT infrastructure and operational processes to be represented and related from a control and risk perspective. This provides a consistent way of capturing and relating the risk views for the various stakeholders within the organisation. At the low-level we use assurance models to provide automated testing of controls and policies and at the higher level these results are related across the enterprise architecture. This enables a repository for manual and automated test results that can be used to derive different (but consistent) views for the various stakeholders. Publication Info: BT Technology Journal, Vol 25, no.1, Jan. 07
18 Pages
Back to Index
| 
Printable version
