{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,5]],"date-time":"2026-05-05T01:47:37Z","timestamp":1777945657617,"version":"3.51.4"},"reference-count":38,"publisher":"Emerald","issue":"7","license":[{"start":{"date-parts":[[2005,9,1]],"date-time":"2005-09-01T00:00:00Z","timestamp":1125532800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005,9,1]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>To provide the strategic model of approach which helps enterprise executives to solve the managerial problems of planning, implementation and operation about information security in business convergence environments.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>A risk analysis method and baseline controls of BS7799 were used to generate security patterns of business convergence. With the analysis of existing enterprise architecture (EA) methods, the framework of the enterprise security architecture was designed.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>The adaptive framework, including the security patterns with quantitative factors, enterprise security architecture with 18 dimensions, and reference models in business convergence environments, is provided.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>Information assets and baseline controls should be subdivided to provide more detailed risk factors and weight factors of each business convergence strategy. Case studies should be performed continuously to consolidate contents of best practices.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title><jats:p>With the enterprise security architecture provided in this paper, an enterprise that tries to create a value\u2010added business model using convergence model can adapt itself to mitigate security risks and reduce potential losses.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>This paper outlined the business risks in convergence environments with risk analysis and baseline controls. It is aguably the first attempt to adapt the EA approach for enterprise executives to solve the security problems of business convergence.<\/jats:p><\/jats:sec>","DOI":"10.1108\/02635570510616111","type":"journal-article","created":{"date-parts":[[2007,1,15]],"date-time":"2007-01-15T16:55:28Z","timestamp":1168880128000},"page":"919-936","source":"Crossref","is-referenced-by-count":10,"title":["Enterprise security architecture in business convergence environments"],"prefix":"10.1108","volume":"105","author":[{"given":"Sangkyun","family":"Kim","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Choon","family":"Seong Leem","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022012620303267600_b1","unstructured":"Abrams, C. (2001), Convergence: Understanding a Transformation Imperative, Gartner Inc., Stamford, CT."},{"key":"key2022012620303267600_b2","unstructured":"Amoroso, E.G. (1994), Fundamentals of Computer Security Technology, Prentice\u2010Hall, Englewood Cliffs, NJ."},{"key":"key2022012620303267600_b3","doi-asserted-by":"crossref","unstructured":"Baccarini, D., Salm, G. and Love, P.E.D. (2004), \u201cManagement of risks in information technology projects\u201d, Industrial Management & Data Systems, Vol. 104 No. 4, pp. 286\u201095.","DOI":"10.1108\/02635570410530702"},{"key":"key2022012620303267600_b4","unstructured":"Bass, L., Clements, P. and Kazman, R. (1997), Software Architecture in Practice, Addison\u2010Wesley, Boston, MA."},{"key":"key2022012620303267600_b5","unstructured":"Bayle, A.J. (1988), \u201cSecurity in open system networks: a tutorial survey\u201d, Information Age, Vol. 10 No. 3, pp. 131\u201045."},{"key":"key2022012620303267600_b6","unstructured":"Boar, B.H. (1999), Constructing Blueprints for Enterprise IT Architectures, Wiley, New York, NY."},{"key":"key2022012620303267600_b7","unstructured":"Booch, G., Rumbaugh, J. and Jacobson, I. (1999), The UML Modeling Language User Guide, Addison\u2010Wesley, Boston, MA."},{"key":"key2022012620303267600_b8","unstructured":"Courtney, H., Kirkland, J. and Viguerie, P. (1997), \u201cStrategy under uncertainty\u201d, Harvard Business Review, Vol. 75 No. 6, pp. 67\u201079."},{"key":"key2022012620303267600_b9","unstructured":"CSE (1996), Guide to Risk Assessment and Safeguard Selection for Information Technology Systems, Communications Security Establishment, Ottawa."},{"key":"key2022012620303267600_b10","unstructured":"Deise, M.V., Nowikow, C., King, P. and Wright, A. (2000), Executive's Guide to E\u2010business: from Tactics to Strategy, Wiley, New York, NY."},{"key":"key2022012620303267600_b11","doi-asserted-by":"crossref","unstructured":"Dey, P.K. and Ogunlana, S.O. (2004), \u201cSelection and application of risk management tools and techniques for build\u2010operate\u2010transfer projects\u201d, Industrial Management & Data Systems, Vol. 104 No. 4, pp. 334\u201046.","DOI":"10.1108\/02635570410530748"},{"key":"key2022012620303267600_b12","unstructured":"Fine, L.H. (1983), Computer Security \u2013 A Handbook for Management, William Heinemann, London."},{"key":"key2022012620303267600_b13","unstructured":"Fites, P.E., Kratz, M.P.J. and Brebner, A.F. (1989), Controls and Security of Computer Information Systems, Computer Science Press, Rockville, MD."},{"key":"key2022012620303267600_b39","doi-asserted-by":"crossref","unstructured":"Forcht, K.A. and Pierson, J. (1994), \u201cNew technologies and future trends in computer security\u201d, Industrial Management & Data Systems, Vol. 94 No. 8, pp. 30\u20106.","DOI":"10.1108\/02635579410069337"},{"key":"key2022012620303267600_b15","doi-asserted-by":"crossref","unstructured":"Huang, S., Chang, I., Li, S. and Lin, M. (2004), \u201cAssessing risk in ERP projects: identify and prioritize the factors\u201d, Industrial Management & Data Systems, Vol. 104 No. 8, pp. 681\u20108.","DOI":"10.1108\/02635570410561672"},{"key":"key2022012620303267600_b16","unstructured":"Jazayeri, M., Ran, A. and Linden, F.V.D. (2000), Software Architecture for Product Families: Principles and Practice, Addison\u2010Wesley, Boston, MA."},{"key":"key2022012620303267600_b17","unstructured":"Johnson, M. and Whitman, L. (1998), \u201cEnterprise engineering: a discipline for integrating people, processes and technologies in the knowledge era\u201d, Proceedings of the Business Process and Knowledge Management Conference 1998, Orlando, FL."},{"key":"key2022012620303267600_b18","doi-asserted-by":"crossref","unstructured":"Kim, S. and Leem, C.S. (2004), \u201cAn information engineering methodology for the security strategy planning\u201d, Lecture Notes in Computer Science, Vol. 3043, pp. 597\u2010607.","DOI":"10.1007\/978-3-540-24707-4_71"},{"key":"key2022012620303267600_b19","doi-asserted-by":"crossref","unstructured":"Kim, S. and Leem, C.S. (2005), \u201cSecurity of the internet\u2010based instant messenger: risks and safeguards\u201d, Internet Research: Electronic Networking Applications and Policy, Vol. 15 No. 1, pp. 88\u201098.","DOI":"10.1108\/10662240510577086"},{"key":"key2022012620303267600_b20","unstructured":"Krutz, R.L. and Vines, R.D. (2001), The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, Wiley, New York, NY."},{"key":"key2022012620303267600_b21","unstructured":"Li, D.H. (1983), Controls in a Computer Environment: Objectives, Guidelines, and Audit Procedures, EDP Auditors Foundation, Carol Stream, IL."},{"key":"key2022012620303267600_b22","unstructured":"Mack, R., Gerrard, M. and Frey, N. (2002), An IS Perspective on Mergers and Acquisitions: A Six\u2010Stage Handbook, Gartner Inc., Stamford, CT."},{"key":"key2022012620303267600_b23","unstructured":"Madnick, S.E. (1978), \u201cManagement policies and procedures needed for effective computer security\u201d, Sloan Management Review, Vol. 19 No. 3, pp. 61\u201074."},{"key":"key2022012620303267600_b25","unstructured":"Meyer, C. and Davis, S. (2003), It's Alive, Crown Business, New York, NY."},{"key":"key2022012620303267600_b26","unstructured":"NIST (2001), Security Assessment Guide Information Technology Systems, NIST, Gaithersburg, MD."},{"key":"key2022012620303267600_b27","unstructured":"Oh, D.J. (2003), \u201cA study of the business strategy on the convergence: an analysis of the assets and the complementary assets\u201d, Master's thesis, Ewha Women's University, Seoul."},{"key":"key2022012620303267600_b28","doi-asserted-by":"crossref","unstructured":"Post, G.V. and Diltz, J.D. (1986), \u201cA stochastic dominance approach to risk analysis of computer systems\u201d, MIS Quarterly, Vol. 10 No. 4, pp. 363\u201075.","DOI":"10.2307\/249191"},{"key":"key2022012620303267600_b29","doi-asserted-by":"crossref","unstructured":"Rainer, R.K., Snyder, C.A. and Carr, H.H. (1991), \u201cRisk analysis for information technology\u201d, Journal of Management Information Systems, Vol. 8 No. 1, pp. 129\u201047.","DOI":"10.1080\/07421222.1991.11517914"},{"key":"key2022012620303267600_b30","unstructured":"Rechtin, E. (1991), System Architecting: Creating and Building Complex Systems, Prentice\u2010Hall, Englewood Cliffs, NJ."},{"key":"key2022012620303267600_b31","unstructured":"Rold, C.D. (2002), Service Market: Technical Convergence, Gartner Inc., Stamford, CT."},{"key":"key2022012620303267600_b32","unstructured":"Ron, W. (1988), EDP Auditing: Conceptual Foundations and Practice, McGraw\u2010Hill, New York, NY."},{"key":"key2022012620303267600_b33","unstructured":"Schweitzer, J.A. (1983), Protecting Information in the Electronic Workplace: A Guide for Managers, Reston Publishing Company, Reston, VA."},{"key":"key2022012620303267600_b34","unstructured":"Suh, B. (1996), \u201cDesign of the conceptual framework of Korean risk management system: identification of information system threats\u201d, Master's thesis, KAIST, Daejeon."},{"key":"key2022012620303267600_b24","doi-asserted-by":"crossref","unstructured":"Swanson, M. (1998), Guide for Developing Security Plans for Information Technology Systems, NIST, Gaithersburg, MD.","DOI":"10.6028\/NIST.SP.800-18"},{"key":"key2022012620303267600_b35","unstructured":"Vallabhaneni, R. (2000), CISSP Examination Textbooks, SRV Professional Publications, Los Angeles, CA."},{"key":"key2022012620303267600_b36","unstructured":"Yoffie, D.B. (1997), Competing in the Age of Digital Convergence, Harvard Business School Press, Boston, MA."},{"key":"key2022012620303267600_b37","doi-asserted-by":"crossref","unstructured":"Zachman, J.A. (1999), \u201cA framework for information systems architecture\u201d, IBM Systems Journal, Vol. 38 Nos 2\/3, pp. 450\u201070.","DOI":"10.1147\/sj.382.0454"},{"key":"key2022012620303267600_b38","doi-asserted-by":"crossref","unstructured":"Zhang, Q. and Cao, M. (2002), \u201cBusiness process reengineering for flexibility and innovation in manufacturing\u201d, Industrial Management & Data Systems, Vol. 102 No. 3, pp. 146\u201052.","DOI":"10.1108\/02635570210421336"}],"container-title":["Industrial Management &amp; Data Systems"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/02635570510616111","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/02635570510616111\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/02635570510616111\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T23:37:35Z","timestamp":1753400255000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/imds\/article\/105\/7\/919-936\/178362"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,9,1]]},"references-count":38,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2005,9,1]]}},"alternative-id":["10.1108\/02635570510616111"],"URL":"https:\/\/doi.org\/10.1108\/02635570510616111","relation":{},"ISSN":["0263-5577"],"issn-type":[{"value":"0263-5577","type":"print"}],"subject":[],"published":{"date-parts":[[2005,9,1]]}}}