Nothing Special   »   [go: up one dir, main page]
Skip to main content
SpringerLink
Log in

Improving IT Governance, Security and Privacy Using Fractal Enterprise Modeling: A Case of a Highly Regulated Company

  • Conference paper
  • First Online:
Perspectives in Business Informatics Research (BIR 2023)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 493))

Included in the following conference series:

Abstract

The article presents a practical case of using a modelling technique called Fractal Enterprise Modelling (FEM) to improve a highly regulated financial sector company in the EU. The company had the practical goals of achieving compliance and improving operations in three closely related areas - IT governance, information security management, and privacy management. The project also had an unusual constraint, as it was not possible to use visual models for communication in the project. We decided to use design science principles to investigate whether FEM could be useful within this scenario and its limitations.

It turned out that the conceptual structure of FEM fits quite well with the concepts of the three areas, and it was possible to use FEM despite the constraint on its usage. This led to the invention of a new analysis approach to go around the restriction. It included translating patterns defined with FEM into mind maps that were used for conducting interviews. FEM enabled the analyst to systematically, flexibly and quickly explore and understand the company and its state in the three areas. The paper aims to provide practically useful insights to practitioners that want to drive innovation, improve security or achieve compliance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. AXELOS. ITIL foundation, ITIL 4 edition. TSO The Stationery Office (2019)

    Google Scholar 

  2. ISO. ISO/IEC 27001:2013 Information technology - Information technology - Security techniques - Information security management systems - Requirements (2013)

    Google Scholar 

  3. European Union. General Data Protection Regulation, Regulation (EU) 2016/679 (2016). https://eur-lex.europa.eu/eli/reg/2016/679/oj. Accessed 16 July 2023

  4. IIBA, BABOK v3 A Guide to the Business Analysis Body of Knowledge (2015)

    Google Scholar 

  5. Bider, I., Perjons, E., Elias, M., et al.: A fractal enterprise model and its application for business development. Softw. Syst. Model. 16, 663–689 (2017)

    Article  Google Scholar 

  6. Leego, S., Bider, I.: Using fractal enterprise model in technology-driven organisational change projects: a case of a water utility company. In: 2021 IEEE 23rd Conference on Business Informatics (CBI), pp. 107–116 (2021)

    Google Scholar 

  7. Bider, I., Lodhi, A.: Moving from Manufacturing to Software Business: A Business Model Transformation Pattern (2020)

    Google Scholar 

  8. Henkel, M., Koutsopoulos, G., Bider, I., Perjons, E.: Using the Fractal Enterprise Model for Inter-organizational Business Processes (2019)

    Google Scholar 

  9. ISACA. COBIT 2019 Framework: Introduction and Methodology (2018)

    Google Scholar 

  10. ISACA. COBIT 2019 Framework: Governance and Management Objectives (2018)

    Google Scholar 

  11. ISO. ISO/IEC 27000:2018 Information technology – Security techniques – Information security management systems – Overview and vocabulary (2018)

    Google Scholar 

  12. ISO. ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice for information security controls (2013)

    Google Scholar 

  13. Center for Internet Security. CIS Controls Version 8 (2021)

    Google Scholar 

  14. FEM toolkit. www.fractalmodel.org/fem-toolkit/. Accessed 16 July 2023

  15. ADOxx.org, ADOxx. https://www.adoxx.org. Accessed 16 July 2023

  16. The Open Group. ArchiMate® 3.1 Specification (2019). https://pubs.opengroup.org/architecture/archimate3-doc/. Accessed 16 July 2023

  17. FEM website. www.fractalmodel.org/. Accessed 16 July 2023

  18. Bider, I., Johannesson, P., Perjons, E.: Design science research as movement between individual and generic situation-problem-solution spaces. In: Baskerville, R., De Marco, M., Spagnoletti, P. (eds.) Designing Organizational Systems. An Interdisciplinary Discourse, pp. 35–61. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-33371-2_3

  19. Hevner, A.R., March, S.T., Park, J., Ram, S.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004)

    Article  Google Scholar 

  20. Sein, M., Henfridsson, O., Purao, S., Rossi, M., Lindgren, R.: Action design research. MIS Q. 35(1), 37–56 (2011). https://doi.org/10.2307/23043488

    Article  Google Scholar 

  21. OMG, Unified Modeling Language (UML), Version 2.5.1. https://www.omg.org/spec/UML/. Accessed 16 July 2023

  22. Gregor, S., Hevner, A.: Positioning and Presenting Design Science Research for Maximum Impact, White Paper submitted for publication (2011)

    Google Scholar 

  23. Soldatos, J. (ed.): Security Risk Management for the Internet of Things (2020)

    Google Scholar 

  24. Tsohou, A., et al.: Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform (2020)

    Google Scholar 

  25. Gehrmann, M.: Combining ITIL, COBIT and ISO/IEC 27002 for structuring comprehensive information technology for management in organizations. Navus: Revista de Gestão e Tecnologia 2, 66–77 (2012)

    Google Scholar 

  26. Sheikhpour, R., Modiri, N.: A best practice approach for integration of ITIL and ISO/IEC 27001 services for information security management. Indian J. Sci. Technol. 5, 2170–2176 (2012)

    Google Scholar 

  27. Al Faruq, B., Herlianto, H., Simbolon, S., Utama, D., Wibowo, A.: Integration of ITIL V3, ISO 20000 & ISO 27001: 2013 for IT services and security management system. Int. J. Adv. Trends Comput. Sci. Eng. (2020)

    Google Scholar 

  28. Models at Work website. www.models-at-work.org. Accessed 16 July 2023

  29. Mott, V.: Knowledge comes from practice: reflective theory building in practice. In: Rowden, R.W. (ed.) Workplace Learning: Debating Five Critical Questions of Theory and Practice, pp. 57–63. Jossey-Bass, San Francisco (1996)

    Google Scholar 

  30. European Union. Proposal for a regulation of the European Parliament and of the Council on digital operational resilience for the financial sector. COM/2020/595 final (2020). https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52020PC0595. Accessed 16 July 2023

  31. European Banking Authority. Final report on guidelines on ICT and security risk management (2019). https://www.eba.europa.eu/regulation-and-policy/internal-governance/guidelines-on-ict-and-security-risk-management. Accessed 16 July 2023

  32. Dumas, M., La Rosa, M., Mendling, J., Reijers, H.A.: Fundamentals of Business Process Management. Springer, Heidelberg (2018). https://doi.org/10.1007/978-3-662-56509-4

    Book  Google Scholar 

Download references

Acknowledgments

The first author’s work was fully supported, and the second author’s work was partly supported by the Estonian Research Council (grant PRG1226).

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Tartu, Tartu, Estonia

    Steven Leego & Ilia Bider

  2. Digiarhitekt OÜ, Tartu, Estonia

    Steven Leego

  3. Computer and System Sciences, Stockholm University, Stockholm, Sweden

    Ilia Bider

Authors
  1. Steven Leego
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ilia Bider
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steven Leego .

Editor information

Editors and Affiliations

  1. FHNW, Olten, Switzerland

    Knut Hinkelmann

  2. University of Zaragoza, Zaragoza, Spain

    Francisco J. López-Pellicer

  3. University of Camerino, Camerino, Italy

    Andrea Polini

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Leego, S., Bider, I. (2023). Improving IT Governance, Security and Privacy Using Fractal Enterprise Modeling: A Case of a Highly Regulated Company. In: Hinkelmann, K., López-Pellicer, F.J., Polini, A. (eds) Perspectives in Business Informatics Research. BIR 2023. Lecture Notes in Business Information Processing, vol 493. Springer, Cham. https://doi.org/10.1007/978-3-031-43126-5_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-43126-5_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-43125-8

  • Online ISBN: 978-3-031-43126-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation