1 The LEADing Practice Enterprise Standards Integrating Architecture and Enterprise Architecture Presenter: James Thomas LEAD Enterprise Architect at Knotion
2 Copyright note on Intellectual Capital: ALL RIGHTS RESERVED LEADing Practice ApS respects the intellectual property of others, and we ask others to do the same. All information and materials contained in the LEAD frameworks, methods and approaches with associated tools and templates, such as maps, matrices and models is Intellectual Capital (IC) and Intellectual Property (IP) of LEADing Practice ApS and limitations apply to the reuse of this IC/IP. The intellectual Property Rights (IPR) consists of information, knowledge, objects, artifacts, experience, insight and/or ideas, that are structured to enable reuse to deliver value creation and realization. The LEADing Practice ApS, often referred to as LEAD, intellectual capital is protected by law, including, but not limited to, internationally recognized United States and European Union IPR copyright law. Except as specifically indicated otherwise in writing, LEADing Practice ApS is the owner of the copyright in the entire LEAD Frameworks content (including images, text and look and feel attributes) and LEADing Practice ApS reserves all rights in that regard. Use or misuse of the IPR, the trademarks, service mark or logos is expressly prohibited and may violate country, federal and state law. LEADing Practice ApS is an open architecture and community open source standard and therefore provides open access to all deliverables for certified LEAD practitioners, thereby ensuring that modelling principles are applied correctly. A open architecture and open standard community has been set in place to encourage sharing, learning and reuse of information and thereby increase knowledge among LEAD community practitioners, and with this ultimately improvement of one s project, engagement and the LEAD development. Use of the LEAD frameworks, methods and approaches is restricted to certified LEAD community members in good practitioner standing, who are able to use these items solely for their non-commercial internal use. Legal access to the detail of LEAD will be provided to you with your membership. Members are prohibited from sharing the LEAD material in its entirety with other parties who are not members of LEAD community since the concepts and models are protected by intellectual property rights. Guidelines for LEAD community members using the IPR material As a LEAD member comes greater personal responsibility and the following intellectual property conditions apply: Can be used free of charge for LEAD certified practitioners. Cannot be share, copied or made available for non-community member, which are not LEAD certified practitioners. When using any materials, it must include a source notice either in an adjacent area or as a footnote to indicate the source. The source should be specified the following way : Source: A part of the LEAD Frameworks and possibly indicate the LEAD work product family, such as Part of LEAD Process Framework. Cannot be systematically given away do not download all our content and simply hand it over to other colleagues or clients that are not trained and certified. To ensure correct usage, any company usage of the LEAD material e.g. templates and tools has to be tailored and agreed upon by LEADing Practice ApS. LEADing Practice ApS may, in appropriate circumstances and at its discretion, terminate the access/accounts of users who infringe the intellectual property rights and pursue legal action. Guidelines for non-lead community members using the IPR material The following conditions apply to use of the LEAD Intellectual Property for non-community members: Can be used free of charge for lecturing and research at any University and Business School Material available at can be used in a non-commercial way for knowledge sharing. When using any materials, it must include a source should be specified the following way : Source: A part of the LEAD Frameworks and possibly indicate the LEAD work product family, such as Part of LEAD Process Framework. General guidelines that apply for all LEAD IPR material Any use of original texts, graphics, images, screen shots, and other materials from LEAD sources must be approved by LEADing Practice ApS. Any material cannot be generally distributed to colleagues, clients and or an undefined audience without written permission from LEADing Practice ApS. Cannot be altered or changed (the using company) in any way without explicit written permission from LEADing Practice ApS. In most cases, the LEADing Practice ApS acts as a distribution channel for the Publisher and Authors of the material provided. LEADing Practice ApS may, in appropriate circumstances of infringement of the intellectual property rights pursue legal action. For questions, please get in touch with us at
3 Agenda Situation: is more critical than ever Complications: Focus areas and many options We need a holistic architecture methodology Integrating and Enterprise Architecture Applying LEADing Practices Reference Content Lessons Learned or Pitfalls Conclusion: Takeaways
4 Situation is becoming more critical than ever The number of exposures and high profile breaches are increasing Attacks are more sophisticated New opportunities bring new threats and vulnerabilities mobile, social, cloud, etc.. Many links in the chain are increasing the risk of a breach information supply chains
5 Analyze/Identify Existing Strategies Business Innovation & Transformation Enablement
6 is top concern in 2014 for state CIOs "It is significant that security has now risen to the number one priority on our top 10 list. As I presented in congressional testimony before the Committee on Homeland last week, cyber-attacks against state governments are growing in number and becoming increasingly sophisticated. has to be the top priority for all sectors. Clearly from our top 10 voting results, the state CIOs agree on this. - NASCIO President and Mississippi Chief Information Officer, Craig Orgeron In ranked order, the top 10 priorities for strategy, management processes and solutions are: Consolidation / Optimization Cloud services Project and portfolio management Strategic IT planning Budget and cost control Mobile services / mobility Shared services Interoperable nationwide public safety broadband network (FirstNet) Healthcare is top concern in 2014 for state CIOs - FierceCIO National Association of State Chief Information Officers, November 5, 2013
7 CIO Barometer CSC Nearly three-quarters of respondents said that more-effective management of IT security and cybersecurity is a priority for their 2014 IT budgets. When asked to identify the IT department s main contributions, more than 60 percent cited securing the business. And when it comes to major challenges facing their IT departments, nearly 80 percent cited the management of expanding IT security, making it their top challenge. As the world continues to revolve on a digital axis, IT security becomes more and more critical. Last year alone (2012), there were more than 2,500 separate incidents, exposing more than 250 million records. Copyright 2013 Computer Sciences Corporation - The CIO s New Role: Core Strategy Enabler, CIO Barometer 2013 Private and semi-public companies and public institutions with a minimum of 500 employees 681 managers were interviewed on five continents and in 18 countries. These managers represent the following target positions: CIO; IT director; IT manager
8 Data Breach Trends Data Breach QuickView - An Executive s Guide to 2013: Data Breach Trends Sponsored by: Risk Based ; Open Foundation February 2014
9 Cyberrisk in banking: A review of the key industry threats and responses ahead September 2013 Both technologies and threats are evolving Mobile devices and applications are primary examples of the balance between greater efficiency and new kinds of cyberrisks Awareness remains low 30% rate limited customer awareness as a key challenge Preparedness for cyberrisks remains patchy Less than one in four banks believe their internal resources are highly prepared Trust trumps financial losses Banks are only spending just enough on cybersecurity to make customers trust them A lack of cooperation is hindering progress Because many banks are typically only financially liable when their own systems are compromised, there is little incentive for them to cooperate with other stakeholders when it comes to cybersecurity. Response strategies are evolving A shift in thinking: from trying to prevent all risks, to instead trying to identify key weaknesses The quantitative findings presented in this report come from a survey of 250 respondents in financial services, with 55 percent in retail banking and 45 percent in commercial banking, conducted by Longitude Research September 2013.
10 Complication Many initiatives working on improving the Enterprise Risk and Information landscape The market is already flooded with too many checklists has traditionally been the realm of Techies Enterprise Risk Management is being driven from a business perspective, while IT is still tool -focused Where to start with so many options?
11 So many options... Calder-Moir IT Governance Framework CobiT King III ISC2 BoK (CISSP) IT-Grundschutz STIGs (US Govt Guidelines) TickIT (Software Development) FIPS200 SSE-CMM O-ISM3 SABSA OSA FEAF FAIR COSO GAIT OCTAVE NIST SP FISMA (FIPS199, FIPS200, SP800-30,37,39,53,53A,60) ISO (ISMS) ISO (Controls) ISO (ISMS Implementation, Processes) ISO (Measures & Measurement) ISO (ISec. Risk Management) ISO ( Techniques) ISO (ISMS Auditing) ISO (ISM Controls Auditing) ISO (Governance of information security) ISF ITIL NIST SP800 (Series) Sarbanes-Oxley (SOX) Basel I, II, III PCI-DSS
12 Need for a holistic methodology IT has to evolve: information TECHNOLOGY INFORMATION technology BUSINESS SECURITY / ENTERPRISE SECURITY Enterprise Risk models are essential can t be an afterthought any more has to be architected-in from the start Identify the most sensitive areas of the business, the most likely threats, and a holistic defence strategy - an architecture of technology and processes - designed specifically to protect the business
13 Architecture to date some examples Enterprise Architecture Frameworks FEAF DoDAF TOGAF Architecture Frameworks Federal Enterprise Architecture and Privacy Profile (FEA-SPP) Open Architecture (OSA) Sherwood Applied Business Architecture (SABSA) Are these attempts sufficient?
17 FEA-SPP Framework
18 OSA Taxonomy
19 SABSA Model 19
20 SABSA Operational Risk Model
21 Attempts to Integrate Architecture and Enterprise Architecture
22 TOGAF and SABSA
23 Some Challenges
24 Applying LEADing practices Overview of the LEADing Practice Reference Framework
25 Objective of Reference Framework What is the LEADing Practice Reference Framework? The LEADing Practice Reference Framework is based on a collection of best and leading practice Modelling and Architecture disciplines. The Reference Framework is the essential starting point with guiding principles for any practitioner working with and around aspects. It provides a structural concept around strategic definitions e.g. wants, needs, identification, goals, issues and problems. Therefore the Reference Framework is a basis of reference content to analyze, appraise, approximate, assess and capture a Objects and or artifacts idea, design, plan, scheme and structure in order to understand the underlying concept, thought, view, vision as well as perspective. Why is it used? The purpose of the Reference Framework is to define how to organize and structure the viewpoints and objects associated with Modelling and Architecture. The Reference Framework serves as guiding principles to establish a common practice for creating, interpreting, analyzing and using objects within a particular domain and/or layers of an enterprise or an organization. Using the Reference Framework is done through a set of principles e.g. how and where can the Objects be related (and where not). The Reference Framework can be used with the 6 LEAD methods and 4 LEAD approaches that are all integrated with each other and with supporting maps, matrices and models.
26 Enterprise Modelling and Enterprise Architecture an integrated part of the LEADing Practice Frameworks, Method and Approaches Enterprise Modelling is the abstract representation, description and definition of a structure. It is the discipline of representing and replicating the area that is being modelled to have a simplified representation of the real enterprise business. Then it sculptures and forms and designs/redesigns the specific area that is being modelled to improve its performance. Examples of Enterprise Modelling Service Model renewal Optimization Improvement Business Model Value management Performance management Measurements Rules Modelling Knowledge Management Information Modelling Decision Modelling Reporting Strategy Management Governance Modelling ITIL COBIT BPM Notations Val IT
27 Enterprise Architecture an integrated part of the LEADing Practice Frameworks, Method and Approaches Enterprise Architecture: The organization, administration of conceptual, logical and physical relationships and connectivity of specific objects and artifacts to each other (and the environment) in order to understand complexity and manage structure to enable transformation, performance or value. Example of Enterprise Architecture Business Architecture Architecture Value Architecture Data Architecture Information Architecture Cloud Architecture Solution Architecture Application Architecture Platform Architecture Infrastructure Architecture Technology Architecture Service-Oriented Architecture
28 Identification of common objects within Enterprise Modelling and Enterprise Architecture Strategy Resources Goals Competencies Critical Success Factors (CSFs) Requirements PPIs Business Functions/Tasks Business Services SLA Tasks Events KPIs SPIs Data Components Data Entities Data Service Data Objects Appl. Functions Appl. Feature Application Service Infrastructure Devices Application Components Infrastructure Services Platform Service Platform device Infrastructure Components Platform Components
29 Enterprise Modelling and Enterprise Architecture is an integrated part of the LEADing Practice Frameworks, Methods and Approaches
30 Enterprise Modelling and Enterprise Architecture is an integrated part of the LEADing Practice Reference Framework Rule Engine Compliance Rules Business Rule Goal Logical Design Conceptual Context Complexity Reporting Decision Table Object Connections Physical Execution Decision Table Measurements Business Measurements Optimization Area Groups Steps Activity Artifacts Performance Information Knowledge Management Efficiency Effectiveness
31 Working with Enterprise Modelling and Enterprise Architecture through the LEAD Objects In the LEAD object modelling principles, a LEAD object refers to a specific, specialized object that is used by the Decomposition & Composition principles within the LEADing Practice Frameworks, LEADing Practice Methods and LEADing Practice Approaches. In terms of the LEAD Way of Working within Modelling and Architecture using the LEAD meta objects and the classification* of any of the general LEAD objects, which are categorized** in the following 17 object groups: Requirement & Goal Rules Services Owner Flow Application Platform Media Channel Business Competency Object (categorization) Roles Measurement Data Infrastructure Compliance *Classify = to assemble by order **Categorize = to divide into groups
32 The LEADing Practice Reference Framework Structural Way of Working
33 The Structural Way Through The Layers 33
34 Modelling and Architecture through working with the LEAD Objects The purpose of LEAD Object modelling is to: Decompose the Objects into the smallest parts that can, should and needs to be modelled, and then compose the Objects entities before building them (through mapping, simulation and scenarios). Visualize and clarify Object relationships with the LEAD artifacts by using maps, matrices and models (alternative representation of information). Reduce and/or enhance complexity of Modelling and Architecture principles applying the decomposition and composition method or modelling it through the architectural layers (Layered Architecture Method). Adding Requirements Communicate Value to the customers throughout the entire LifeCycle. Blueprinting and Implementation.
35 The LEADing Practice Reference Framework Decomposition & Composition
36 The LEADing Practice AGILE Concept The LEADing Practice AGILE Concept has been created in order to describe the requirement relationship between the LEAD Way of Thinking, Way of Working and Way of Modelling with both objects and domains within the Business, Application and Technology Layers of the LEADing Practice Reference Frameworks using interrogatives (what, who, why, etc.) and behavior (conceptual, logical, physical, etc.).
37 Some Basics around the Interrogatives used within the LEAD AGILE Concept Interrogative Context Meaning Whence Source Pertaining to source, origin, foundation or cause Who Personal/actor used to identify a particular person or persons involved Why Reason Pertaining to the motivation or reason What Context Pertaining to identity, nature, or value of a object or matter Where Location Location, place or area Whether Options Choosing between alternatives and/or options How Manner Pertaining to manner, method or way When Time Pertaining to time or timing
39 The LEAD Way of Thinking around Architecture and Modelling The LEADing Practice Way of Thinking around Architecture and Modelling disciplines, is the essential starting point that creates the guiding principles. Providing a structural concept around strategic definitions e.g. wants, needs, value identification, goals, issues and problems. The way of thinking postulates what ought to be with the right value abstraction level that can analyze, appraise, approximate, assess and capture Objects and/or artifacts idea, design, plan, scheme and structure in order to understand the underlying concept, thought, view, vision as well as perspective, philosophy and belief.
40 Objective of the LEADing Practice Reference Framework - How is it used Relation to Strategy Understand business model security drivers Outline goals Identify performance and value opportunities Capture value and performance expectations and drivers Align value drivers to business strategy Define innovation and transformation Define Transformation potential Develop and formalize change potential Focus Area Analyze business strategy and the relation Identify requirements to security Focus on value issues and Identify internal and external security drivers (competitive forces) weaknesses cluster Develop standards Ensure measurements (across business areas) Apply continuous improvements Ensure strategic reporting and decision flow strategy development Value Based design through the layers Business model linked to Develop competitive and differentiated advantage Business Transformation & Innovation Enablement (BITE) related to security aspects
41 LEADing Practice Maps A LEAD Map is an accurate list and representation of the decomposed and/or composed Objects. A LEAD Map is often in the form of a list that can be in a simple row as well as a catalog, and has the purpose of building an inventory or index list of the Objects that are to be either decomposed and/or composed in the different LEAD Layers (business, application and technology).
42 LEADing Practice Maps: Forces & Drivers (FD) Map Forces & Drivers External Driver/Forces For Why specification: Internal Driver/Forces For Where specification: Business, Service, Role, Technology, etc.
43 LEADing Practice Maps: Requirement (Rq) Map Requirement Who/Whom specification e.g. Stakeholder/Owner Where specification e.g. Layer, Objects, Area (, service, data, infrastructure) etc What specification: High Level Requirements What specification: Detailed Requirements
44 LEADing Practice Maps: Measurement & Reporting (MR) Map What/which specification: Where specification: Who/whom specification: Measuremen t & Reporting Objective (CSF, plan, forecast, budget) Performance Indicator (Strategic/Tactical /Operational) Service Measurements (Service Level Agreements) Process Measurements (PPI) Reporting System Reports
45 LEADing Practice Maps: Information (I) Map Information What/which specification: Object (Business, Information or Data) Data Entity How specification: Data Compliance (Including security) Who/whom specification: Business Owner Reporting
46 LEADing Practice Maps: Rule (Ru) Map Securit y Rule Business Rules Service Tier Service Rules What/which specification: Process Rules Gateways Business Object Information Object How specification: Business Compliance
47 LEADing Practice Maps: Process (P) Map What specification: Who/Whose specification: Process Business Process Area Process Groups Business process Process Steps Process Activities Stakeholder involved Process Owner Managers involved Roles/Resourc es involved
48 LEADing Practice Maps: Process Measurement Map Process Measurement Name Definition Rationale Dimension Application Function/Task
49 LEADing Practice Maps: Process Compliance Map Process Process Compliance Process Rule Process Description Process Rationale
50 LEADing Practice Maps: Service (Se) Map What specification Who/Whose specification Service Service Area Service Group Business Service Service Channel Stakeholder Involved Service Owner Manager Involved Role/Resourc e Involved
51 LEADing Practice Maps: Application (A) Map Component Whence specification: Version number Logical/Physical Component Application Module What/Which specification: Application Function Application Feature Application Task
52 LEADing Practice Maps: Application Service (AS) Map What/Which : What : Where : Who : Whose : Why : Application Service Application Service Service Description Business Service Service Provider Service Consumer Service Owner Service Requirement
53 LEADing Practice Maps: System Measurement & Reporting (AM) Map What/Which specification: Measurement Measurement Name Measurement Definition Rationale Dimension Application Function/System Report
54 LEADing Practice Maps: Application Screen (Asc) Map Screen What/Which specification: Who/Whom specification: Screen Name Screen Description Application Service Application Task Input or Output Application Role
55 LEADing Practice Maps: Application Role (ARo) Map Role Who/Whom specification: What/Which specification: Application Role Role Description Rationale
56 LEADing Practice Maps: Application Rule (AR) Map Rule What/Which specification: Application Rule Rule Description Rationale Nature
57 LEADing Practice Maps: Application Rule (AR) Map Compliance Application Compliance What/Which specification: Application Rule Compliance Description Rationale
58 LEADing Practice Maps: Application Goal & Requirement Map What/Which specification: Who/Whom specification: Goal/Require ment Objective Expectation Requirement, Specification or Assumption Details Business Process Application Component Application Function or Application Service Stakeholder
59 LEADing Practice Maps: Data (D) Map What/which specification: Who is involved: Where is it used: Data Data Component Data Object (information/ data) Data Entity Data Type Data Service Data Owner Data Users Data Channel Channel
60 LEADing Practice Maps: Data Rule (DR) Map What/Which What Where Whose Why Rule Data Rule Data Rule Description Data Compliance Data Rule Owner Data Rule Rationale
61 LEADing Practice Maps: Platform (PL) Map What/Which Who is involved: Where Platfor m Logical/Physical Component Device Function Service Owner Users Channel Media
62 LEADing Practice Maps: Platform Service (PLS) Map What/which Where Whose Who Why Platform Serv Service ice Name Platform Service Business Descripti Service on Applicati on Service Applicati on Function Data Service Infrastruc ture Service Service Flow Data Flow Service Provider Service Owner Service Consume r Service Require ment
63 LEADing Practice Maps: Platform Rule (PLR) Map What/Which What Where Whose Why Rule Platform Rule Platform Rule Description Platform Compliance Platform Rule Owner Platform Rule Rationale
64 LEADing Practice Maps: Platform Distribution (PLD) Map What/Which What Where Whose Why Distributi on Platform Distribution Name Logical Application Component Platform Distribution Description Platform Service Platform Distribution Owner Platform Distribution Requirement
65 LEADing Practice Maps: Infrastructure (IF) Map What/Which specification: Who is involved: Where is it used: Infrastructure Logical/Physical Component Device Function Feature Service Owner Users Channel
66 LEADing Practice Maps: Infrastructure Rules (IFR) Map What/Which What Where Whose Why Rule Infrastructure Rule Infrastructure Rule Description Infrastructure Rule Compliance Infrastructure Rule Owner Infrastructure Rule Rationale
68 LEAD Requirement Management Method - Conceptual Description Why Stakeholder (ST) Matrix What in terms of security context e.g. Performance/Val ue Expectation Why specification e.g. Goal/Reason How - specification e.g. Expected areas What in terms of security context e.g. Performance/Val ue Expectation Why specification e.g. Goal/Reason How - specification e.g. Expected areas Who security specification: Stakehol der Stakeholder Who - in terms of security ownership: Stakeholder (Business Unit) Stakeholder (Department) Stakeholder (Operational Manager) Where specification: Business Area or Technology Area, etc. Business/Tec hnology Area Business Area Technology Area
69 The concept of the LEAD Requirement Management Reference Method
70 LEAD Requirement Management Method-Conceptual Context: Example of how to link the What to the Why in the Business Competency Object Group What (Objects) Business Competency Organizational Construct/Design Resources and security aspects Why (Value Expectation) Revenue Model Service Model Cost Model Performance Model Value Model Operating Model Develop the organizational competencies X X Slim line and optimize the Organizational Compliance Construct X X Redesign the organizational business areas according to security construct and compliance aspects X (X) X Improve balance between buy and lease security forces (X) X Reduce organizational complexity (X) X X Integrate and standardize business functions and service X (X) Better resource and skills security performance X X Improve security management skills of staff (X) X Improve ability to attract security talents (X) X Optimize security resources (X) X X Capabilities Cross Organizational development and optimization (X) X X Select which and activity can be integrated or standardized X X Choose the aspects and events that have direct customer and supplier interaction (X) X X X Improve integration of business Securities across partner networks X X X Identify the management for better reporting and decision making X X Services Classify the main 's for optimization (X) X X Categorize the supporting 's for possible standardization and cost cutting X (X) X (X) High Importants X = Targeted Align pricing with service strategies according to revenue stream X X Medium Importants (X) = XSecondary target Low Importants
72 The LEADing Practice Reference Framework Business Decomposition & Composition
74 LEAD Requirement Management Method-Conceptual Description and Relations: Relating the Stakeholder Needs and Wants to the Objects and Layers
75 Applying the Objects to the Layers using the Decomposition & Composition Method (example: )
76 LEAD Requirement Management Method - Conceptual Description Why Requirement Matrix Why, in terms of reason security specification e.g. Motivation and Drivers for Whither specification e.g. Goal & Objectives (Business/Application/Technol ogy) Requirem ent Who/Whom specification e.g. Stakeholder/Owner Where specification e.g. Layer, Objects, Area (, service, data, infrastructure) etc What specification: High Level Requirements What specification: Detailed Requirements Which expectation specification e.g. Value/Performance Why, in terms of reason security specification e.g. Motivation and Drivers for Whither specification e.g. Goal & Objectives (Business/Application/Technol ogy) Which expectation specification e.g. Value/Performance
77 Layered Architecture method: Architecture The main principle behind the Leading Enterprise Architecture Development (LEAD) concept, and what makes it differ from other traditional Enterprise Architecture frameworks, is the fact that it does not only work in domains, but across layers (business, application and technology) within multiple domains through using the decomposition and composition method to integrate effortlessly across the different layers when interlinking the different modelling principles. As shown in the below example, each layer s Objects are defined by the specific layers requirements, the capability of the object, the resources, tasks and. The functions that a layer provides can be seen as the layer s services since a layer provides a set of functions and tasks and thereby services to its upper layer. In turn, the upper layer uses the lower layer s services (functionality and tasks) to achieve its own functions (services). The n th layer (+1 and/or 1) can therefore be seen as a service requester or provider since it ether gives input or uses the services provided by its lower layer.
78 Layered Architecture method: Architecture The LEAD layered method is built upon the concept of interlinking the objects that are within and work across the layers. While the layers and their specific objects may/will have different modelling principles, they do still have correlations, relationships and/or connections with other layers and these need to be related/connected in the right way: The Business Layer describes the objects within the Business layer e.g. the Business Goals, Business Requirements and Business Competencies are linked to Business Securities, Business Services and business workflow. The Application Layer describes the deliverables within the application, date and Information Architecture. The maps, matrices and models depicts how Data Goals, Data Flow & Service, Data Requirements and Data Components are linked to Application Goals, Information Flow & Service, Application Requirements and Application Flow & Component. The Technology Layer describes the deliverables within the platform and infrastructure areas. The maps, matrices and models depicts how Platform Goals, Platform Flow & Service, Platform Requirements and Platform Components are linked to Infrastructure Goal, Infrastructure Flow & Service, Infrastructure Requirements and Infrastructure Component.
Objects and Object Relations Around Business Modelling and Business Architecture Professor Mark von Rosing Prof. Mark von Rosing Professor BPM & EA Guru Business Transformation Evangelist Internationally
Service Modelling & Service Architecture: From Service Renewal and Service Flows to Service Architecture Presenter: Professor Paul Buhler Head of the Global University Alliance SOA Research & Development
Business Innovation & Transformation Enablement (BITE) Method Henrik von Scheel LEAD Developer, responsible for BITE Method LEAD the Way Copyright note on Intellectual Capital: ALL RIGHTS RESERVED LEADing
Extended Process Modeling: LEADing Practice Modeling with igrafx Ed Maddock VP of Development and Process Management Solutions Copyright note on Intellectual Capital: ALL RIGHTS RESERVED LEADing Practice
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
NASCIO EA Development Tool-Kit Solution Architecture Version 3.0 October 2004 TABLE OF CONTENTS SOLUTION ARCHITECTURE...1 Introduction...1 Benefits...3 Link to Implementation Planning...4 Definitions...5
Banking Transformation Framework Transform Your Bank in Measurable Steps Table of Contents 2 Establish a Platform for Transformation 3 Transform Your Business 3 Use the Reference Architecture As a Foundation
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished
Enterprise Security Architecture for Cyber Security M.M.Veeraragaloo 5 th September 2013 Outline Cyber Security Overview TOGAF and Sherwood Applied Business Security Architecture (SABSA) o o Overview of
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
SETLabs Briefings VOL 6 NO 4 2008 Building Blocks for Enterprise Business Architecture By Eswar Ganesan and Ramesh Paturi A unified meta-model of elements can lead to effective business analysis Enterprise
Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help
1/22 As a part of Qlik Consulting, works with Customers to assist in shaping strategic elements related to analytics to ensure adoption and success throughout their analytics journey. Qlik Advisory 2/22
SERVICE-ORIENTED MODELING FRAMEWORK (SOMF ) VERSION 2.1 SERVICE-ORIENTED SOFTWARE ARCHITECTURE MODEL LANGUAGE SPECIFICATIONS 1 TABLE OF CONTENTS INTRODUCTION... 3 About The Service-Oriented Modeling Framework
IT Risk Management Era: Research Challenges and Best Practices IARA Work Group July 1 st, 2007, Santa Clara - California Eyal Adar, Founder & CEO Eyal@WhiteCyberKnight.com Chairman of the EU SRMI (Security
White Paper An Enterprise Security Program and Architecture to Support Business Drivers seccuris.com (866) 644-8442 Contents Introduction... 3 Information Assurance... 4 Sherwood Applied Business Security
OVERVIEW OF THE INDUSTRY STANDARDS Table of Contents Background... 3 What is it we do Around Standard... 3 Why we do it... 3 How is it we do it... 4 Which areas do we develop Industry Standards... 4 1.
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
SOA: The missing link between Enterprise Architecture and Solution Architecture Jaidip Banerjee and Sohel Aziz Enterprise Architecture (EA) is increasingly being acknowledged as the way to maximize existing
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
LEADing Practice: Artifact Description: Business, Information & Data Object Modelling Relating Objects 1 Table of Contents 1.1 The Way of Thinking with Objects... 3 1.2 The Way of Working with Objects...
3 DATA QUALITY MATURITY CHAPTER OUTLINE 3.1 The Data Quality Strategy 35 3.2 A Data Quality Framework 38 3.3 A Data Quality Capability/Maturity Model 42 3.4 Mapping Framework Components to the Maturity
Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft
Enterprise Architecture Assessment Guide Editorial Writer: J. Schekkerman Version 2.2 2006 Preface An enterprise architecture (EA) establishes the organization-wide roadmap to achieve an organization s
From Capability-Based Planning to Competitive Advantage Assembling Your Business Transformation Value Network Marc Lankhorst, BiZZdesign Iver Band, Cambia Health Solutions INTRODUCTIONS 2 1 Marc Lankhorst
State of Minnesota IT Governance Framework June 2012 Table of Contents Table of Contents... 2 Introduction... 4 IT Governance Overview... 4 Process for Developing the New Framework... 4 Management of the
An Oracle White Paper December 2011 Cloud Computing Maturity Model Guiding Success with Cloud Capabilities Executive Overview... 3 Introduction... 4 Cloud Maturity Model... 4 Capabilities and Domains...
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum firstname.lastname@example.org September 2011 Overview What is SCAP? Why SCAP?
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
This article was downloaded by: [220.127.116.11] On: 20 February 2012, At: 01:40 Publisher: Taylor & Francis Informa Ltd Registered in England and Wales Registered Number: 1072954 Registered office: Mortimer
Incident Management & Forensics Working Group Charter February 2013 2013 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print,
The Perusal and Review of Different Aspects of the Architecture of Information Security Vipin Kumar Research Scholar, CMJ University, Shillong, Meghalaya (India) Abstract The purpose of the security architecture
Business Business Services Services and Enterprise and Enterprise This Workshop Two parts Background: Business Value of Enterprise TOGAF s and the Business Services We will use the key steps, methods and
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
Governance and Management of Information Security Øivind Høiem, CISA CRISC Senior Advisor Information Security UNINETT, the Norwegian NREN About Øivind Senior Adviser at the HE sector secretary for information
Integrating an ITILv3 Service Management Architecture into Business Architectures Key Challenges experienced and Lessons Learned Trevor Lea-Cox, 2011 1 Introducing Service Management 2, 2012, 2012 1 ITIL
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
Architecting the Cloud: Enterprise Architecture Patterns for Cloud Computing Prakash C. Rao VP/Chief Architect MMC Ltd Claudia Rose President/BBII Enterprises Faculty: FEAC Institute A tough place to be!
PROFESSIONAL QUALIFICATION SCHEME INTERMEDIATE QUALIFICATION SERVICE LIFECYCLE CONTINUAL SERVICE IMPROVEMENT CERTIFICATE SYLLABUS Page 2 of 18 Document owner The Official ITIL Accreditor Contents CONTINUAL
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
Independent Insight for Oriented Practice An SOA Roadmap John C. Butler Chief Architect A CBDI Partner Company www.cbdiforum.com Agenda! SOA Vision and Opportunity! SOA Roadmap Concepts and Maturity Levels!
Position Paper Cross-Domain vs. Traditional IT for Providers Joseph Bondi Copyright-2013 All rights reserved. Ni², Ni² logo, other vendors or their logos are trademarks of Network Infrastructure Inventory
International Research Journal of Applied and Basic Sciences 2013 Available online at www.irjabs.com ISSN 2251838X / Vol, 5 (11): 14381445 Science Explorer Publications Presenting a model for the deployment
SOLUTION BRIEF CA IT Asset Manager how can I manage my asset lifecycle, maximize the value of my IT investments, and get a portfolio view of all my assets? agility made possible helps reduce costs, automate
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, email@example.com Abstract: The term of scenario is used
OVERVIEW OF THE LEADING PRACTICE ENTERPRISE & INDUSTRY STANDARDS The value of applying standards to increase the level of reusability, replication and standardization Contents What is LEADing Practice...
Assessing and implementing a Data Governance program in an organization Executive Summary As companies realize the importance of data and the challenges they face in integrating the data from various sources,
TECHNOLOGY BRIEF: SERVICE CATALOG MANAGEMENT Catalog : A CA Process Map JULY 2009 Enrico Boverino SR PRINCIPAL CONSULTANT, TECHNICAL SALES ITIL SERVICE MANAGER ITAC CERTIFIED Table of Contents Executive
Business Systems Business Functions The key linkage of Strategy, Process and Requirements Leveraging value from strategic business architecture By: Frank Kowalkowski, Knowledge Consultants, Inc.. Gil Laware,
Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive
Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the
February 9, 2015 February 9, 2015 Page i Table of Contents General Characteristics... 1 Career Path... 3 Typical Common Responsibilities for the ure Role... 4 Typical Responsibilities for Enterprise ure...
IBM Software Integrated Service Management: Visibility. Control. Automation. Enabling service innovation 2 Integrated Service Management: Visibility. Control. Automation. Every day, the world is becoming
White Paper An Overview of the Kalido Data Governance Director Operationalizing Data Governance Programs Through Data Policy Management Managing Data as an Enterprise Asset By setting up a structure of
Applying Business Architecture to the Cloud Mike Rosen, Chief Scientist Mike.Rosen@ WiltonConsultingGroup.com Michael Rosen Agenda n What do we mean by the cloud? n Sample architecture and cloud support
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
Enabling Data Quality Establishing Master Data Management (MDM) using Business Architecture supported by Information Architecture & Application Architecture (SOA) to enable Data Quality. 1 Background &
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
[project.headway] I N T E G R A T I O N S E R I E S Integrating Project HEADWAY And CMMI P R O J E C T H E A D W A Y W H I T E P A P E R Integrating Project HEADWAY And CMMI Introduction This white paper
SOA + BPM = Agile Integrated Tax Systems Hemant Sharma CTO, State and Local Government Nothing Endures But Change 2 Defining Agility It is the ability of an organization to recognize change and respond
HITRUST CSF Assurance Program Simplifying the information protection of healthcare data 1 May 2015 2015 HITRUST LLC, Frisco, TX. All Rights Reserved Table of Contents Background CSF Assurance Program Overview
IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE ABSTRACT Changing regulatory requirements, increased attack surfaces and a need to more efficiently deliver access to the business
How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management
white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by
Whitepaper Bridging the IT Business Gap The Role of an Enterprise Architect Today s enterprises understand the value that Information Technology (IT) can bring to their business. IT supports day-to-day
WHITE PAPER November 2010 IT Financial Management and Cost Recovery Patricia Genetin Sr. Principal Consultant/CA Technical Sales David Messineo Sr. Services Architect/CA Services Table of Contents Executive
PRACTICES REPORT BEST PRACTICES SURVEY: AGGREGATE FINDINGS REPORT Business Intelligence and Analytics: Leveraging Information for Value Creation and Competitive Advantage April 2007 Table of Contents Program
Information Security Management Programs: Assessment Analysis Lessons Learned and Best Practices Revealed JUSTIN SOMAINI AND ALAN HAZLETON This article, the fourth in a series, expands on the overlooked
GRC Stack Research Sponsorship Overview Achieving Governance, Risk Management and Compliance (GRC) goals requires appropriate assessment criteria, relevant control objectives and timely access to necessary
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
Chapter 2 Anatomy of an Enterprise Software Delivery Project Chapter Summary I present an example of a typical enterprise software delivery project. I examine its key characteristics and analyze specific
The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish
Service Offering Data Governance Baseline Deployment Overview Benefits Increase the value of data by enabling top business imperatives. Reduce IT costs of maintaining data. Transform Informatica Platform
IT Advisory Identity & Access Management new complex so don t start? Ing. John A.M. Hermans RE Associate Partner March 2009 ADVISORY Agenda 1 KPMG s view on IAM 2 KPMG s IAM Survey 2008 3 Best approach
Security Security Introduction Businesses today need to defend themselves against an evolving set of threats, from malicious software to other vulnerabilities introduced by newly converged voice and data