Security and privacy for interoperable organizations

Abstract: There are organizations for whom interoperability is crucial for the accomplishment of their mission, such as in the areas of disaster management, security, and defense. However, those organizations also must comply with the constraints and rules for information security and privacy. The ISO 27001 provides a global standard framework to help organizations to protect their information in a systematic way, through the adoption of an information security management system. Furthermore, the ISO 27701, provides specific data privacy controls, allowing the organization to demonstrate effective privacy data management. A challenge organizations face is how to comply with information security and privacy policies and procedures together with the accomplishment of their mission. In this paper, we argue this can be achieved with an Enterprise Architecture (EA) framework. Particularly, the NATO Architecture Framework (NAF) provides a methodology to develop EA artifacts, however it lacks the tools amenable to enforce information security and privacy. In this paper, we propose the integration of ISO 27001 and ISO 27701 in NAF, in order that the EA artifacts delivered by NAF framework, could have embedded the information security and privacy principles by design.

Keywords: Enterprise Architecture, Information Security, Information Privacy, NATO Architecture Framework, Digital transformation

DOI: 10.54941/ahfe1003609

Cite this paper:

​