%0 Journal Article %T Security Policy Model in a Hybrid Zachman-TOGAF Framework for a Telework Enterprise Architecture in a Cloud Environment %A Pacô %A me Brou %A Thomas Kouassi %A Beman Hamidja Kamagate %A Olivier Asseu %A Yvon Kermarrec %J Open Journal of Safety Science and Technology %P 96-115 %@ 2162-6006 %D 2024 %I Scientific Research Publishing %R 10.4236/ojsst.2024.143008 %X Context and motivation: In an ever-changing post COVID-19 world, more and more businesses are adopting teleworking models, making it essential to use Cloud technology to facilitate collaboration and data accessibility. However, this transition to teleworking and the Cloud poses major challenges in terms of the security of organization’s information systems. Protecting sensitive data and IT systems is becoming an absolute priority to guarantee business continuity and prevent potential cyber threats and attacks. Security policies need to be put in place. Problem: Within a Hybrid Zachman-TOGAF Framework for an Enterprise Architecture exploiting Cloud technology in a teleworking context, several problems arise, including: How can the confidentiality, integrity and availability of the company’s critical data be ensured in a teleworking environment using Cloud solutions? Objective and methodology: With this in mind, this article proposes a systemic approach based on a mathematical optimization model to identify, assess and manage information security risks under budgetary constraints to ensure adequate protection of confidential data. The aim is to create a secure, reliable and resilient working environment, where employees can access the necessary resources with confidence, even outside the organization’s premises. Results: The approach proposed in this article shows how a mathematical model can be used to optimize security decisions in a cloud environment within a dedicated teleworking enterprise architecture. By integrating these results into a hybrid Zachman-TOGAF Framework, the organization can align its security strategies with its business objectives, while respecting budgetary constraints and minimizing risk. In addition, Monte Carlo simulations over 10,000 iterations to assess variations in residual risk as a function of fluctuations in threat probabilities and the costs of security measures in the same mathematical model show a trade-off between the cost of implementing the security measure, budget availability and residual risk, which is an aid to decision-making and strategic choices for the system operating in the organization in terms of information system security. %K Security Policy %K Zachman-TOGAF Framework %K Residual Risk %K Cloud %K Teleworking %U http://www.scirp.org/journal/PaperInformation.aspx?PaperID=136194