Trusted Hub Luxembourg 2014 Conference : CRP Henri Tudor's presentation
1. Systemic Approach of
RIsk Management
(SARIM)
Sébastien Pineau
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
2. Trusted Hub ?
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
3. ICT PUBLIC SUPPORT
POLITICAL LEVEL
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
4. ICT ENABLERS
INFRASTRUCTURES
ICT PUBLIC SUPPORT
ICT ENABLERS
SERVICES
POLITICAL LEVEL
RESEARCH
AND
DEVELOPMENT
MARKET ANALYSIS
COMMUNICATION
REGULATORY
ENVIRONMENT
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
5. POLITICAL LEVEL
ICT PUBLIC SUPPORT
RESEARCH
AND
DEVELOPMENT
REGULATORY
ENVIRONMENT
ICT ENABLERS
INFRASTRUCTURES
ICT ENABLERS
SERVICES
MARKET ANALYSIS
COMMUNICATION
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
12. Telco
Telco
Telco
Telco
First challenge: sector
Bank
Data center
Gaming
ePayment
Scanning
Data center Data center
Cloud
Hospital
Laboratory
Integrator
Art. 13a
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
13. Telco
Telco
Telco
Telco
First challenge: sector
Infrastructure
External infrastructure services
Application components and services
Roles and actors
External application services
External business services
Damage claiming process
Client Insurant InsurerArchiSurance
Registration PaymentValuationAcceptance
Customer
information
service
Claims
payment
service
Customer
administration
service
Payment
service
CRM
system
Financial
application
Customer
information
service
Claim
registration
service
Claim
registration
service
Claims
administration
service
Policy
administration
Claim
files
service
zSeries mainframe
DB2
database
Financial
application
EJBs
Customer
files
service
Sun Blade
iPlanet
app server
Claim
information
service
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
15. ScanningData center
Second challenge: B to B
ASSETS
VULNERABILITIES
CONTROLS
SERVICES
OBJECTIVES
IMPACTS
RISK
INTERFACE
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
16. BankScanning
Data center Data center
Telco
Data center
Telco
Gaming
ePaymentTelco
Cloud
Hospital
TelcoLaboratory
Integrator
Third challenge: service system
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
17. BankScanning
Data center Data center
Telco
Third challenge: service system
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
19. Previous experiences and partnerships
Previous and current projects:
- ISMS-PME, Cassis… - Grif, Progress
- Interoperability & modelling
- Systemic approach
- Regulator package
Partners:
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
20. Objectives and key figures
Objective 1 – Merge risk management methodologies and systemic concepts
Objective 2 – Define interoperable framework and tools to enable the risk
interface
Objective 3 – Build a set of service system measurement and KPI
Objective 4 – Tool up the regulators for the visualization and the analysis of the
ecosystem
Objective 5 – Define architectural models for critical activities
2 years – FEDER support – 6 people involved – 2 PhD
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
23. Health Model
Architecture
Health Modelling project
Model
Transformation
Meta Model
Integration
Health Industry
Reference Model
Health National
Reference Model
IS Security Risk
Reference Model
Health Security
Risk National
Reference Model
CASES
Reference Model
Health Industry Standards
Sectorial Committee
Luxembourg Trusted ICT Ecosystem - Copyright CRP Henri Tudor, 2014 All rights reserved
24. Research agenda at
TUDOR/LIST
Prof. Dr. Eric Dubois
(Director of Service Science &
Innovation department)
Luxembourg Trusted ICT ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
25. Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integrator
Compliance Issues
- Regulations
- Laws
- Standards
- Contracts
- Best Practices
- …
Issues for the service system
(interdependent entities)
- Performance Transparency
- Interoperable SLAs
- Global level of trust
Implementation costs for each enterprise:
- Requirements interpretation
- Deployment with some performance
target
- Audit of the performance
26. Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integrator
Research proposal based on architectural
models supporting enterprise transformation
Luxembourg Trusted ICT ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
27. Bank
Data center
Telco
Gaming
ePayment
Scanning
Telco
Data center Data center
Telco
Cloud
Hospital
TelcoLaboratory
Integrator
Research proposal based on architectural
models supporting enterprise transformation
Infrastructure
External infrastructure services
Application components and services
Roles and actors
External application services
External business services
Damage claiming process
Client Insurant InsurerArchiSurance
Registration PaymentValuationAcceptance
Customer
information
service
Claims
payment
service
Customer
administration
service
Payment
service
CRM
system
Financial
application
Customer
information
service
Claim
registration
service
Claim
registration
service
Claims
administration
service
Policy
administration
Claim
files
service
zSeries mainframe
DB2
database
Financial
application
EJBs
Customer
files
service
Sun Blade
iPlanet
app server
Claim
information
service
Enterprise architecture framework is a formal and highly structured
way of viewing and defining an enterprise (Zachman 87) for the
purpose of governing its transformation
- TOGAF: a detailed method and a set of supporting tools for
developing an enterprise architecture.
- ArchiMate: a language for modelling Enterprise Architecture
Luxembourg Trusted ICT ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
28. Tudor’s Research Assets
Infrastructure
External infrastructure services
Application components and services
Roles and actors
External application services
External business services
Damage claiming process
Client Insurant InsurerArchiSurance
Registration PaymentValuationAcceptance
Customer
information
service
Claims
payment
service
Customer
administration
service
Payment
service
CRM
system
Financial
application
Customer
information
service
Claim
registration
service
Claim
registration
service
Claims
administration
service
Policy
administration
Claim
files
service
zSeries mainframe
DB2
database
Financial
application
EJBs
Customer
files
service
Sun Blade
iPlanet
app server
Claim
information
service
Enhancement of ArchiMate models for
capturing ‘objective’ performance indicators
associated with the compliance
requirements
Maturity Models
Enhancement of ArchiMate models for
capturing service systems (interdependencies,
SLA interoperability)
Enterprise Engineering
Pearl
ASINE
Luxembourg Trusted ICT ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
29. Research Goal: Towards an
Enterprise Architecture
Reference Model factory
Process
Reference
Framework
Enterprise
Architecture
Reference
Model
Infrastructure
External infrastructure services
Application components and services
Roles and actors
External application services
External business services
Damage claiming process
Client Insurant InsurerArchiSurance
Registration PaymentValuationAcceptance
Customer
information
service
Claims
payment
service
Customer
administration
service
Payment
service
CRM
system
Financial
application
Customer
information
service
Claim
registration
service
Claim
registration
service
Claims
administration
service
Policy
administration
Claim
files
service
zSeries mainframe
DB2
database
Financial
application
EJBs
Customer
files
service
Sun Blade
iPlanet
app server
Claim
information
service
Process
Assesment
Measurement
Structured Text
- Regulations
- Laws
- Standards
- Contracts
- Best Practices
- …
Architecture blueprints:
- Reducing the work of individual
entities for deploying compliant
solutions
- Allowing entities to demonstrate
their level of performance in
terms of objective measures
- SLAs interoperability
- Guarantee the transparency and
level of assurance of the service
system to its customers (Trust)
Luxembourg Trusted ICT ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
30. From Tudor (Service Science & Innovation)
to Luxembourg Institute for Science and
Technology (IT for Innovative Services)
Luxembourg Trusted ICT ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
31. Knowledge-based
Decision Support
Cognitive systems helping human
experts making better decisions in
the context of ‘data deluge’
Trusted Service Systems
Digital information models for
designing and monitoring
dynamic and adaptive
networked services
IT-Service Innovation in a Living Lab setting
IT-Service Design Research Cycle
IT-services Innovation Management
Application
Domains
Luxembourg Trusted ICT ecosystem - Copyright
CRP Henri Tudor, 2014 All rights reserved
32. IT- Service Open Innovation
Integrated services in information security
SME awareness
Training
According to a PPP approach and a platform
steering the RDI agenda according to socio-economic
priorities
Systemic risk management
Information security policies
Assessment of information security maturity
Risk management
Information security management system
Interoperability