Complex Systems Informatics and Modeling Quarterly

Risk-based regulation and risk governance gain momentum in most sectorial ecosystems, should they be the finance, the healthcare or the telecommunications ecosystems. Although there is a profusion of tools to address this issue at the corporate level, worth is to note that no solution fulfils this function at the ecosystem level yet. Therefore, in this article, the Business Service Ecosystem (BSE) metamodel is semantically extended, considering the Capability as a Service (CaaS) theory, in order to raise the enterprise risk management from the enterprise level up to the ecosystem level. This extension allows defining a concrete ecosystem metamodel which is afterwards mapped with an information system risk management model to support risk governance at the ecosystem level. This mapping is illustrated and validated on the basis of an application case for the Luxembourgish financial sector applied to the most important concepts from the BSE: capability, resource, service and goal.