Enterprise Security Architecture: Approaches and a Framework

Size: px

Start display at page:

Download "Enterprise Security Architecture: Approaches and a Framework"

Leslie Jacobs
8 years ago
Views:

1 Enterprise Security Architecture: Approaches and a Framework Amir Mohtarami Tarbiat Modares University, Department of Information Technology Management, Tehran, Iran Hadi Kandjani Institute for Integrated and Intelligent Systems (IIIS), School of ICT, Griffith University, Brisbane, Australia

Technology Management, Tehran, Iran Hadi Kandjani Institute for

2 INTRODUCTION Information Technology cannot be architected in enterprise without addressing security issues. Enterprise security architecture will be needed in compliant with enterprise IT architecture. The question arise that, how we can deal with security in enterprise architecture. Is it a part of EA? If so, where is its arrangement in total EA processes? At next sections, after a brief look at EA concept, we try to answer these questions.

The question arise that, how we can deal with security in enterprise architecture. Is it a part of EA?

3 ENTERPRISE ARCHITECTURE The literature of Enterprise Architecture (EA) shows many definitions for this term. More commonly, when we are referring to the Enterprise Architecture, we are referring to the models, documents, and reusable items (as components, frameworks, objects, and so on) that reflect the actual architecture [5]. However, moreover EA is defined as a framework or blueprint for how the enterprise achieves the current and future business objectives.

reusable items (as components, frameworks, objects, and so on) that reflect the actual architecture [5].

4 EA FRAMEWORKS In large and complex enterprises, the use of a comprehensive framework for defining and expanding the vision and mission of the enterprises in all aspects of the enterprise is required. EA Frameworks offer some structured and organized frames for thinking and analyzing the enterprise. An architecture framework provides a structure and a common set of semantics that enforce consistency across the wide range of participants in enterprise architecture initiatives who typically come from diverse areas of the business [8].

EA Frameworks offer some structured and organized frames for thinking and analyzing the enterprise.

5 ENTERPRISE SECURITY ARCHITECTURE If we consider the enterprise security as a critical and complex issue in today s enterprises, so we could apply the concept of architecture to the term of enterprise security. It means that enterprise security architecture contains models, documents, and reusable items (as components, frameworks, objects, and so on) that reflect the actual security goals, policies, objectives, processes, mechanisms and technologies.

It means that enterprise security architecture contains models, documents, and reusable items (as components,

6 THREE APPROACHES TO ESA 1) Security as a Technical issue 2) Security as a 7 th abstraction in Zachman Framework 3) Embedding security in EA

7 CONCLUSIONS There is a consensus about the importance of security issues among IT practitioners, but they are not agreed about the security architecture and its relations to Enterprise Architecture. One approach looks for it as a domain in enterprise technical architecture. But this approach addresses security in the technology context only and does not support integration of security requirements into business solutions from inception. Another approach, considers security as a complete viewpoint with its own models to be integrated into solutions but separate from the business process, information and technology viewpoints. Planning this way will take longer and will not produce the high quality of doing things in a more unified way.

But this approach addresses security in the technology context only and does not support integration of security requirements into business solutions from inception.

8 CONCLUSIONS Alternatively to building a security-only viewpoint, architects can organize security requirements, principles, patterns, components and bricks (that is, the elemental standards and technologies) into the appropriate primary EA viewpoint artifacts. This approach is that one the authors think run effectively and proposed a framework around it. Ultimately, it seems that the organizations use security architecture effort separated from enterprise architecture. This could not be a rational decision because of no comprehensiveness, redundancy of effort which leads to both incomplete enterprise and security architecture.

This approach is that one the authors think run effectively and proposed a framework around it.

9 REFERENCES A. Mohtarami, S. H. Khodadad Hosseini and S. Elahi, "Designing a Framework for Architecting IT Innovation Systems," Rahbord, pp , R. Sessions, Simple Architectures for Complex Enterprises, Microsoft Press, J. McDowell, "An Information Technology Security Architecture for the State of Arizona," The Arizona Department of Administration, J. McDowell, "An Information Technology Security Architecture for the State of Arizona," The Arizona Department of Administration, A. Mohtarami, S. H. Khodadad Hosseini and H. Kandjani, "An Architectural Framework for IT Innovation Systems," European Journal of Scientific Research, vol. 106, no. 3, pp , R. Hilliard, "Ieee-std recommended practice for architectural description of software-intensive systems," IEEE, ieee. org., M. Pulkkinen, "Systemic management of architectural decisions in enterprise architecture planning. four dimensions and three abstraction levels," in Proceedings of the 39th Annual Hawaii International Conference on System Sciences, Vol. 8. IEEE, C. Perks and T. beveridge, Guide to Enterprise IT Architecture, New York: Springer Inc., J. Zachman, "The Zachman Framework: A Primer for EnterpriseEngineering and Manufacturing (electronic book).," Available through J. Sherwood, A. Clark and D. Lynas, "Enterprise Security Architecture: A Business-Driven Approach," cmp, p. pp2, G. Kreizman and B. Robertson, "Integrating Security Into the Enterprise Architecture Frameworkand Integrating Security Into the Enterprise Architecture Framework.," V. K. Thanh, "An IT security policy framework. Asian Institute of Technology," Thesis no. CS , D. Mehan, "Paradigm Shifts, Paradoxes, and Prognostications, Adapted from Talks Given at: IEEE Spring Conference, Boston, MA ITAA Regional Meeting, Santa Clara, CA". J. Zachman, John Zachman's Concise Definition of The Zachman Framework, USA, J. Schekkerman, How to survive in the jungle of enterprise architecture framework: Creating or choosing an enterprise architecture framework, Trafford, S. W. Ambler, "Agile Enterprise Architecture: Beyond Beyond Enterprise Data Modeling," [Online]. Available: ISO/IEC/IEEE 42010:2011, Systems and software engineering Architecture description, the latest edition of the original IEEE Std 1471:2000, last update 5 February J. zachman, " [Online]. Available: [Accessed ].

McDowell, "An Information Technology Security Architecture for the State of Arizona," The Arizona Department of Administration, 2001. J.

INTERPRETATION OF SERVICE- ORIENTED ARCHITECTURE (SOA) WITH ORGANIZATIONAL STRATEGIC PLANNING

ISSN: 0976-2876 (Print) ISSN: 2250-0138(Online) INTERPRETATION OF SERVICE- ORIENTED ARCHITECTURE (SOA) WITH ORGANIZATIONAL STRATEGIC PLANNING MOHAMMAD GHASEMI a1 AND HAMIDREZA OVEISI KEIKHA b a Assistant