conceptual framework for the automated assessment of IT security risks based on enterprise architecture

Master's Thesis from the year 2020 in the subject Computer Science - IT-Security, grade: 1.0, Free University of Berlin, language: English, abstract: The complexity of enterprise architectures and the associated IT security risks are constantly increasing. Traditional approaches to IT risk management operate in silos and make it difficult to obtain a company-wide view of existing threats. The objective of this thesis is to develop an assessment framework that enables an automated comprehensive view of existing IT security risks within the enterprise architecture. For this purpose, concepts of IT risk management are extended with principles of enterprise architecture management. Based on a research approach according to the design science research paradigm, an artifact, the so-called Enterprise Architecture Management Risk Assessment (ERA) framework, will be developed based on a problem analysis and requirements gathering from practice and science. The ERA framework will be prototypically implemented and evaluated as a dashboard solution in a case study with a German bank. The evaluation will take place in two iterations, qualitative by means of expert interviews and quantitative by means of a survey. The evaluation of the ERA framework artifact and its prototypical dashboard implementation confirms its usefulness, usability and non-triviality. Furthermore, possible extension and improvement possibilities of the artifact are disclosed. The designed evaluation framework contributes to research at the interface of IT security and enterprise architecture management as well as to the solution of a practical relevant problem.