How Do We Optimize Risk in Enterprise Architecture when Deploying Emerging Technologies?

Charla Griffy-Brown, Mark Chun, Howard Miller, Demetrios Lazarikos

Cite: Griffy-Brown C., Chun M., Miller H., Lazarikos D. How Do We Optimize Risk in Enterprise Architecture when Deploying Emerging Technologies? J. Digit. Sci. 3(1), 3 – 13 (2021). https://doi.org/10.33847/2686-8296.3.1_1

Abstract. Emerging Technologies which merge cyber-physical systems continue to transform businesses and digital agility in transformative ways.   Importantly, most investigations around focus on either cyber risk or the risk around physical systems but it does not encompass both.  However, the immediate challenge is new opportunities occurring with emerging technologies. Examples include automobiles, the Internet of Things (IoT), medical devices, and building controls.   In this study we will focus identifying risk as an optimization not a minimization problem and how to develop a practical approach for executives and boards to use in the oversight of cyber physical systems.  Based on interviews with executive leadership teams and boards of directors we explored the over-arching research question: How can we apply a risk-based approach to cyber-physical security and what questions should business leaders be asking?   The research methodology used a survey instrument and multiple qualitative methods involving business leaders from 60 companies and 80 business leaders from September 2018 – September 2019.  Based on this analysis, we developed an extended framework for executives, as well as questions and process for boards to consider as part of their oversight. The Extended Risk-Based Approach equips boards and executives as they begin to develop their thinking around enterprise cyber physical risk.

Keywords: Emerging Technologies, Cyber Security, Information Security, Cyber Physical Risk, Internet of Things (IoT).

References
  1. Shultz, R. (2019), “CIOs Most Worried About Security, Next About Moving To The Cloud,” MediaPost https://www.mediapost.com/publications/article/343626/cios-most-worried-about-security-next-about-movin.html
  2. Griffy-Brown C., Miller, H., Zhao, V., Lazarikos, D., Chun, M. (2020) Making better risk decisions in a new technology environment.  Engineering Management Review, Vol 48, No. 1,  pp. 1-10.
  3. Griffy-Brown C., Lazarikos D., Chun, M.S. (2019). Emerging Technologies and Risk: How do we secure the Internet of Things (IoT) environment? Journal of Applied Business and Economics, 21 (2).
  4. Miller, H. and Griffy-Brown, C. (2018). Developing a Methodology for Assessing Cyber Risk for Business Leaders. Journal of Applied Business and Economics, 20 (3), 100-114.
  5. Griffy-Brown C., Lazarikos D., Chun, M. S. How Do You Secure an Environment Without a Perimeter? Using Emerging Technology Processes to Support Infor  mation Security Efforts in an Agile Data Center.  Journal of Applied Business and Economics.  18:1. pp. 90-102, 2016.
  6. Griffy-Brown C., Lazarikos D., Chun, M.S. Agile Business Growth and Cyber Risk: How do we secure the IoT Environment? IEEE Temscon Proceedings, June 28-July 1, 2018, Evanston, Illinois.
  7. Honer, P. Cloud Computing Security Requirements and Solutions:  A Systematic Literature Review.  Thesis. University of Twente, Faculty of Engineering and Mathematics and Computer Science. Enschede, Netherlands, 2013.
  8. Crawford K., Calo R. There is a Blind Spot in AI Research. Nature, v. 538:7625, 2016.
  9. Martin C.D., Makoundou, T. Taking the High Road: Ethics by Design in AI, Association for Computing Machinery. v 8, Issue 4,pp. 35-37, 2017.
  10. Kumar P.S., Sburamanian R. Homomorpic Storage Secruity in Cloud Computing.  Infomraiotn Internaitonal Interdisciplinary Journal. v.14, issue10, pp. 3465-3476, 2011.
  11. Nishikawa K., Oki K. , and Matsuo A. SaaS application framework using information gateway enabling cloud service with data confidentiality. Hong Kong, 2012.
  12. Tran D. H., Nguyen H. L., Zha W., and Ng W. K., Towards security in sharing data on cloud-based social networks. Singapore, 2011.
  13. Deshmukh A., Mihovska A., and Prasad R. A cloud computing security schemes:- TGOS and TMS. Trivandrum, 2012.
  14. Gul A., Rehman A.Ur, and M.H. Islam, Cloud computing security auditing. Gyeongju, University of Twente, Faculty of Engineering and Mathematics and Computer Science, 2013.
  15. Munoz A., J. Gonzalez and A. Mana, A Performance-Oriented Monitoring System for Security Properties in Cloud Computing Applications. Computer Journal, v 55, issue 4 ,pp. 979-994, August 2012.
  16. Ilanchezhian J., Varadharassu V., Ranjeeth A.  and Arun K. To improve the current security model and efficiency in cloud computing using access control matrix. Tamilnadu, 2012.
  17. Zhu J., Wen Q., SaaS access control research based on UCON. Guangzhou, 2012.
  18. Colbert, E. (2017). Security of Cyber Physical Systems. Journal of Cyber Security and Information Systems, Volume: 5 Number: 1 ,pp 1-5.
  19. Cardenas, A. A., Amin, S., & Sastry, S. (2008, June). “Secure Control: Towards Survivable Cyber-Physical Systems,” in Proceedings of the 28th International Conference on Distributed Computing Systems Workshops-Volume 00, IEEE Computer Society, pp. 495-500
  20. Colbert, E. & Hutchinson, S. (2016) “Intrusion Detection in Industrial Control Systems,” in Cyber-security of SCADA and Other Industrial Control Systems (eds. E. Colbert & A. Kott) (Springer: New York).
  21. Colbert, E., Sullivan, D., Hutchinson, S., Renard, K., and Smith, S. (2016) “A Process-Oriented Intrusion Detection Method for Industrial Control Systems,” in Proceedings of the 11th International Conference on Cyber Warfare and Security (ICCWS2016), p. 497.
  22. Colbert, E., & Kott, A. (2016) Cyber Security of SCADA and Other Industrial Control Systems (Springer: New York).
  23. H. Elham, H., Lebbat, A. and HX-DoS attacks against cloud web services. Melbourne, 2012.
  24. P. Ryan and R. Watson. Research Challenges for the Internet of Things: What Role Can OR Play? Systems. v 5, issue 24, pp. 2-32, 2017.
  25. Forrester J. W. System Dynamics – a personal view of the first fifty years. System Dynamics Review, v 23, pp. 345-358, 2007.
  26. Yin, R. Case Study Research: Design and Methods. Sage Publications. Thousand Oaks, CA. 1994.
  27. Strauss and Corbin. Basics of Qualitative Research: Grounded Theory Procedures and Techniques, 2nd Edition. Sage Publications. Thousand Oaks, CA, 2015.

Published online 29.06.2021

pdf