1 Enterprise Security Architecture: Approaches and a Framework Amir Mohtarami Tarbiat Modares University, Department of Information Technology Management, Tehran, Iran Hadi Kandjani Institute for Integrated and Intelligent Systems (IIIS), School of ICT, Griffith University, Brisbane, Australia
2 INTRODUCTION Information Technology cannot be architected in enterprise without addressing security issues. Enterprise security architecture will be needed in compliant with enterprise IT architecture. The question arise that, how we can deal with security in enterprise architecture. Is it a part of EA? If so, where is its arrangement in total EA processes? At next sections, after a brief look at EA concept, we try to answer these questions.
3 ENTERPRISE ARCHITECTURE The literature of Enterprise Architecture (EA) shows many definitions for this term. More commonly, when we are referring to the Enterprise Architecture, we are referring to the models, documents, and reusable items (as components, frameworks, objects, and so on) that reflect the actual architecture . However, moreover EA is defined as a framework or blueprint for how the enterprise achieves the current and future business objectives.
4 EA FRAMEWORKS In large and complex enterprises, the use of a comprehensive framework for defining and expanding the vision and mission of the enterprises in all aspects of the enterprise is required. EA Frameworks offer some structured and organized frames for thinking and analyzing the enterprise. An architecture framework provides a structure and a common set of semantics that enforce consistency across the wide range of participants in enterprise architecture initiatives who typically come from diverse areas of the business .
5 ENTERPRISE SECURITY ARCHITECTURE If we consider the enterprise security as a critical and complex issue in today s enterprises, so we could apply the concept of architecture to the term of enterprise security. It means that enterprise security architecture contains models, documents, and reusable items (as components, frameworks, objects, and so on) that reflect the actual security goals, policies, objectives, processes, mechanisms and technologies.
6 THREE APPROACHES TO ESA 1) Security as a Technical issue 2) Security as a 7 th abstraction in Zachman Framework 3) Embedding security in EA
7 CONCLUSIONS There is a consensus about the importance of security issues among IT practitioners, but they are not agreed about the security architecture and its relations to Enterprise Architecture. One approach looks for it as a domain in enterprise technical architecture. But this approach addresses security in the technology context only and does not support integration of security requirements into business solutions from inception. Another approach, considers security as a complete viewpoint with its own models to be integrated into solutions but separate from the business process, information and technology viewpoints. Planning this way will take longer and will not produce the high quality of doing things in a more unified way.
8 CONCLUSIONS Alternatively to building a security-only viewpoint, architects can organize security requirements, principles, patterns, components and bricks (that is, the elemental standards and technologies) into the appropriate primary EA viewpoint artifacts. This approach is that one the authors think run effectively and proposed a framework around it. Ultimately, it seems that the organizations use security architecture effort separated from enterprise architecture. This could not be a rational decision because of no comprehensiveness, redundancy of effort which leads to both incomplete enterprise and security architecture.
9 REFERENCES A. Mohtarami, S. H. Khodadad Hosseini and S. Elahi, "Designing a Framework for Architecting IT Innovation Systems," Rahbord, pp , R. Sessions, Simple Architectures for Complex Enterprises, Microsoft Press, J. McDowell, "An Information Technology Security Architecture for the State of Arizona," The Arizona Department of Administration, J. McDowell, "An Information Technology Security Architecture for the State of Arizona," The Arizona Department of Administration, A. Mohtarami, S. H. Khodadad Hosseini and H. Kandjani, "An Architectural Framework for IT Innovation Systems," European Journal of Scientific Research, vol. 106, no. 3, pp , R. Hilliard, "Ieee-std recommended practice for architectural description of software-intensive systems," IEEE, ieee. org., M. Pulkkinen, "Systemic management of architectural decisions in enterprise architecture planning. four dimensions and three abstraction levels," in Proceedings of the 39th Annual Hawaii International Conference on System Sciences, Vol. 8. IEEE, C. Perks and T. beveridge, Guide to Enterprise IT Architecture, New York: Springer Inc., J. Zachman, "The Zachman Framework: A Primer for EnterpriseEngineering and Manufacturing (electronic book).," Available through J. Sherwood, A. Clark and D. Lynas, "Enterprise Security Architecture: A Business-Driven Approach," cmp, p. pp2, G. Kreizman and B. Robertson, "Integrating Security Into the Enterprise Architecture Frameworkand Integrating Security Into the Enterprise Architecture Framework.," V. K. Thanh, "An IT security policy framework. Asian Institute of Technology," Thesis no. CS , D. Mehan, "Paradigm Shifts, Paradoxes, and Prognostications, Adapted from Talks Given at: IEEE Spring Conference, Boston, MA ITAA Regional Meeting, Santa Clara, CA". J. Zachman, John Zachman's Concise Definition of The Zachman Framework, USA, J. Schekkerman, How to survive in the jungle of enterprise architecture framework: Creating or choosing an enterprise architecture framework, Trafford, S. W. Ambler, "Agile Enterprise Architecture: Beyond Beyond Enterprise Data Modeling," [Online]. Available: ISO/IEC/IEEE 42010:2011, Systems and software engineering Architecture description, the latest edition of the original IEEE Std 1471:2000, last update 5 February J. zachman, "https://www.zachman.com," [Online]. Available: https://www.zachman.com/ea-articles-reference/54-the-zachman-frameworkevolution. [Accessed ].
ITIL V3 Application Support Volume 1 Service Management For Application Support ITIL is a Registered Trade Mark and Community Trademark of the Office of Government and Commerce. This document may contain
Introduction to OpenUP (Open Unified Process) Different projects have different process needs. Typical factors dictate the needs for a more formal or agile process, such as team size and location, architecture
The Enterprise Architecture Realization Scorecard: A Result Oriented Assessment Instrument Leo Pruijt, Raymond Slot, Henk Plessius, Rik Bos and Sjaak Brinkkemper HU University of Applied Sciences Information
GAO United States General Accounting Office Executive Guide March 2004 Version 1.1 INFORMATION TECHNOLOGY INVESTMENT MANAGEMENT A Framework for Assessing and Improving Process Maturity a GAO-04-394G March
Arbeitsberichte der Hochschule für Wirtschaft FHNW Nr. 28 Enterprise Architectures for Cloud Computing Laura Aureli, Arianna Pierfranceschi, Holger Wache ISSN Nr. 1662-3266 (Print) Nr. 1662-3274 (Online)
2011 Fourth IEEE International Conference on Utility and Cloud Computing SMICloud: A Framework for Comparing and Ranking Cloud Services Saurabh Kumar Garg, Steve Versteeg and Rajkumar Buyya Cloud Computing
Evaluation and Integration of Risk Management in CMMI and ISO/IEC 15504 Dipak Surie, Email : email@example.com Computing Science Department Umea University, Umea, Sweden Abstract. During software development,
ReBEC: a Method for Capturing Experience during Software Development Projects Gerardo Matturro 1, Andrés Silva 2 1 Universidad ORT Uruguay, Cuareim 1451, 11200 Montevideo, Uruguay firstname.lastname@example.org
Enterprise Mobility Management Understanding The Dynamics of Connectivity Enterprise Mobility Management 2 Table of Contents Introduction... 3 Mobility Management for Business Results... 4 Enterprise Mobility
UNIVERSITY OF TRENTO DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY 38050 Povo Trento (Italy), Via Sommarive 14 http://www.dit.unitn.it A PEER-TO-PEER ARCHITECTURE FOR DISTRIBUTED KNOWLEDGE MANAGEMENT
General Principles of Software Validation; Final Guidance for Industry and FDA Staff Document issued on: January 11, 2002 This document supersedes the draft document, "General Principles of Software Validation,
Knowledge Management in Call Centres Pooya Rasooli and Amir Albadvi Tarbiat Modares University, Tehran, Iran P_rasooli@yahoo.com Abstract: Call centres, or their contemporary successors contact centres,
Enterprise Architecture Review Arquitectura multivapa mediante Ajax y ORM Héctor Arturo Flórez Fernández * Fecha de recepción: octubre 29 de 2010 Fecha de aceptación: noviembre 23 de 2010 Abstract Enterprise
Page 1 White Paper, December 2012 Gerry Conway How IT-CMF can increase the Energy Efficiency of Data Centres Abstract Data centres and their management are under increasing pressure; to increase the efficiency
Consumer Voices for Coverage: Advocacy Evaluation Toolkit Robert Wood Johnson Foundation Consumer Voices for Coverage Evaluation Prepared by: Debra A. Strong Todd Honeycutt Judith Wooldridge Mathematica
WHITE PAPER Governing the Electronic Health Record Crossing Traditional Boundaries of Healthcare Governance All rights reserved. No part of this publication may be reproduced or transmitted in any form,
J. Basic. Appl. Sci. Res., 2(1)386-391, 2012 2012, TextRoad Publication ISSN 2090-4304 Journal of Basic and Applied Scientific Research www.textroad.com The Role of Customer Relationship Management System
SEC-TOE FRAMEWORK: EXPLORING SECURITY DETERMINANTS IN BIG DATA SOLUTIONS ADOPTION Khairulliza Ahmad Salleh, Department of Information Systems and Operations Management, University of Auckland, Auckland,
BIG DATA PROJECT SUCCESS A META ANALYSIS Koronios, Andy, University of South Australia, Adelaide, Australia, email@example.com Gao, Jing, University of South Australia, Adelaide, Australia, firstname.lastname@example.org
Module 5 Co Teaching Academy 2 v.1: Co Teaching Strategies 2005 National Institute for Urban School Improvement Arizona State University P.O.Box 872011 Tempe Arizona 85287-2011 Phone 480.965.0391 Fax 480.727.7012
HOW TO REALISE CORPORATE VALUE FROM ENTERPRISE ARCHITECTURE Kluge, Christian, Queensland University of Technology, Faculty of Information Technology, Brisbane Qld 4000, Australia, email@example.com Dietzsch,
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES AliMaqousi 1, TatianaBalikhina 1, Michael Mackay 2 1 Petra University, Faculty of Information Technology, Jordan firstname.lastname@example.org,
2008 International Conference on Information Security and Assurance Investigation of Stakeholders Commitment to Information Security Awareness Programs Jemal H. Abawajy, K. Thatcher and Tai-hoon Kim School
Career Management Making It Work for Employees and Employers Stuck in neutral. That s how many employees around the world would describe their career. In fact, according to the 2014 Global Workforce Study,
Semantic Search in Portals using Ontologies Wallace Anacleto Pinheiro Ana Maria de C. Moura Military Institute of Engineering - IME/RJ Department of Computer Engineering - Rio de Janeiro - Brazil [awallace,anamoura]@de9.ime.eb.br
Cloud-Based Software Engineering PROCEEDINGS OF THE SEMINAR NO. 58312107 DR. JÜRGEN MÜNCH 5.8.2013 Professor Faculty of Science Department of Computer Science EDITORS Prof. Dr. Jürgen Münch Simo Mäkinen,