A Unified Ontological Framework Integrating Strategic Alignment, Governance, and Information Security

¹ M2S2I Laboratory, ENSET Mohammedia Hassan II University of Casablanca Mohammedia, Morocco
² M2S2I Laboratory, ENSET Mohammedia Hassan II University of Casablanca Mohammedia, Morocco
³ M2S2I Laboratory, ENSET Mohammedia Hassan II University of Casablanca Mohammedia, Morocco
⁴ M2S2I Laboratory, ENSET Mohammedia Hassan II University of Casablanca Mohammedia, Morocco

^* Corresponding author: youssef.elmarzak-etu@etu.univh2c.ma

Abstract

The increasing complexity of organizational information systems highlights the need for a holistic approach that integrates strategic alignment, govern-ance, and information security. While these domains have been extensively studied independently, their fragmented treatment often leads to inefficien-cies, inconsistencies, and misaligned priorities within organizations. This pa-per proposes a unified ontological framework that bridges these dimensions into a coherent and interoperable model. The framework leverages ontologi-cal principles to formalize concepts, relationships, and constraints, thereby ensuring semantic consistency and traceability across strategic, governance, and security layers. By integrating strategic alignment theories, governance models such as COBIT, and security standards including NIST SP 800-53 and ISO/IEC 27001, the proposed ontology provides a common ground for decision-making, risk management, and compliance. The framework was validated through expert evaluation and a case study in an IT-intensive envi-ronment, demonstrating its capacity to improve alignment between business objectives, governance practices, and security requirements. The results un-derline the framework’s potential to support organizations in achieving sus-tainable performance, regulatory compliance, and resilience in the face of emerging cyber threats.