1 Jonathan Blangenois ‡† , Guy Guemkam †Ґ , Christophe Feltus † , Djamel Khadraoui † † Public Research Centre Henri Tudor, Luxembourg-Kirchberg, Luxembourg ‡ University of Namur, Namur, Belgium Ґ Laboratoire LIP6, Université de Pierre et Marie Curie, Paris, France christophe.feltus@tudor.lu Abstract The governance of critical infrastructures requires a fail-safe dedicated security management organization. This organization must provide the structure and mecha- nisms necessary for supporting the business processes execution, including: decision-making support and the alignment of this latter with the application functions and the network components. Most research in this field fo- cuses on elaborating the SCADA system which embraces components for data acquisition, alert correlation and policy instantiation. At the application layer, one of the most exploited approaches for supporting SCADA is built up on multi-agent system technology. Notwith- standing the extent of existing work, no model allows to represent these systems in an integrated manner and to consider different layers of the organization. Therefore, we propose an innovative version of ArchiMate ® for multi-agent purpose with the objective to enrich the agent society collaboration and, more particularly, the description of the agent’s behavior. Our work is has been illustrated in the context of a critical infrastructure in the field of a financial acquiring/issuing mechanism for card payments. Keywords: Critical infrastructure governance, ArchiMate ® , Multi-agent System, Alignment, Case study, Financial sector. 1. Introduction Most research in the field of critical infrastructure focuses on elaborating the SCADA system [18] [19] which embraces the following three functions: data ac- quisition at RTU level, alert correlation, policy instantia- tion and deployment [20], each of the latter being opera- tionalized with different technologies, protocols or methods. These reaction tools are in practice operation- alized at different layers of the management of the infra- structure security, from the very technical layer, to the application layer, up to the organizational layer. One of the most exploited approaches for supporting critical infrastructure is the use of agents [21]. Agents are indeed perfectly adapted to operating in critical situation due to their ability of being autonomous, open to all types of technology. Most of the work related to agents tends to consider that agents evolve and are organized in systems. There exist some models for representing how these agents are organized at a high level, models for repre- senting how they are spread in the networks, models for representing how they communicate with each other, and so forth. As far as we know, there exist no model that integrates all of the above dimensions and supports the management and the governance of the MAS for crisis situations. We do believe that such an integrated model could have many advantages like e.g. a strong alignment between the business processes that support crisis man- agement and the technology that supports it, a knowledge of the impact of actions from one layer to another, a de- cision support that allows figuring out which action on a component has the most influence on a set of other components, to identify the most critical component for an infrastructure, to align the agent system with the cor- porate objective and to tailor it accordingly, and so on. Enterprise architecture models are frameworks that allow to represent the information system (IS) of companies in (or on a set of) schemas. They underwent major im- provements during the first decade of the 21 st century and some outstanding frameworks were developed since, such as ArchiMate ® [11], the Zachman framework [12], or TOGAF [13]. These models are traditionally struc- tured in layers that correspond to different levels of the organizations’ IS. The business layer, for instance, mod- els the concepts that exist at the business layer, such as the processes, the employees, their business roles, etc. and that are supported or represented by IT application layers. At this application layer, the concepts of the IS that are modelled are the applications, the databases, or for instance, the application data. The advantages of these models are that they allow improving the connec- tions between the concepts from each layer and, thereby, allow a better integration and an enhanced support of decision making processes. Up to now, crisis manage- ment has never been represented through the middle of enterprise architecture. This representation could provide many advantages, such as a better integration of the cri- sis management functions, from their definition up to their deployment. Notwithstanding the many advantages Organizational Security Architecture for Critical Infrastructure