Enterprise Security Architecture: Approaches and a Framework



Similar documents
INTERPRETATION OF SERVICE- ORIENTED ARCHITECTURE (SOA) WITH ORGANIZATIONAL STRATEGIC PLANNING

Software Development in the Large!

SOA: The missing link between Enterprise Architecture and Solution Architecture

Chap 1. Introduction to Software Architecture

Understanding the Role of Enterprise Architecture. towards Better Institutionalization

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

A COMPARISON OF ENTERPRISE ARCHITECTURE FRAMEWORKS

Design Specification for IEEE Std 1471 Recommended Practice for Architectural Description IEEE Architecture Working Group 0 Motivation

Strategic Planning of Information Technology and Its Application in Organization

A Variability Viewpoint for Enterprise Software Systems

This is an author-deposited version published in : Eprints ID : 15447

Trends in Enterprise Architecture

Architecture Description of <Architecture Name> for <System of Interest>

Enterprise Architecture (EA) is the blueprint

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

Best Poster Award: International Congress on Child and Adolescent Psychiatry 2012

Enterprise Architecture Review

Enterprise Architecture Assessment Guide

A Software process engineering course

The Role of the Software Architect

Enterprise and Software Architecture Work

The Open Group Architectural Framework

IMPROVING THE CRM SYSTEM IN HEALTHCARE ORGANIZATION

A Framework for Enterprise Security Architecture and Its Application in Information Security Incident Management

Service Oriented Privacy Modeling in Enterprises with ISRUP E- Service Framework

Towards Visual EAM Analytics: Explorative Research Study with Master Students

Enterprise Architecture Development Based on Enterprise Ontology

The Role of Agile Methodology in Project Management

Scaling Down Large Projects to Meet the Agile Sweet Spot

International Journal of Mechatronics, Electrical and Computer Technology

A New Proposed Software Engineering Methodologyfor Healthcare Applications Development

Service Modelling & Service Architecture:

Federal Enterprise Architecture and Service-Oriented Architecture

Development of Enterprise Architecture of PPDR Organisations W. Müller, F. Reinert

SOLUTION BRIEF CA ERwin Modeling. How can I understand, manage and govern complex data assets and improve business agility?

Requirements Traceability

Mapping Service-Orientation to TOGAF 9 - Part II: Architecture Adoption, Service Inventories and Hierarchies

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

A Methodology for Development of Enterprise Architecture of PPDR Organisations W. Müller, F. Reinert

DoD Enterprise Architecture

The EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other.

Design Approach for a Data Sharing Environment. Presented by Gene Boomer CNO Financial

Enterprise Architectures (EA) & Security

Clarifying a vision on certification of MDA tools

Software Project Management using an Iterative Lifecycle Model

Abstract. 1 Introduction

Enterprise Architecture Management. Prof. Dr. Knut Hinkelmann MSc Business Information Systems

Development/Maintenance/Reuse: Software Evolution in Product Lines

Enterprise Architecture (Re)Charter Template

Investigation of Relationship between Customer Relationship Management Dimensions and Organizational Productivity

CHANCELLOR'S COMMUNICATION

Managing Change Using Enterprise Architecture

A pragmatic approach to modeling large systems

Data Governance 8 Steps to Success

PROCESS-DRIVEN SOFTWARE DEVELOPMENT METHODOLOGY FOR ENTERPRISE INFORMATION SYSTEM

Introduction to MDM Part 4 - Enterprise Data Architecture Master Data Management

Importance of Software Documentation

CUSTOMER RELATIONSHIP MANAGEMENT (CRM) AND ITS IMPACT ON PERFORMANCE IMPROVEMENT OF COMPANIES IN IRAN TELECOMMUNICATIONS

Research Topics in Software Engineering

Three Schools of Thought on Enterprise Architecture

Ubiquitous, Pervasive and Mobile Computing: A Reusable-Models-based Non-Functional Catalogue

INTERNATIONAL STANDARD

CHALLENGES AND WEAKNESSES OF AGILE METHOD IN ENTERPRISE ARCHITECTURE

Adopting Service Oriented Architecture increases the flexibility of your enterprise

Traceability Patterns: An Approach to Requirement-Component Traceability in Agile Software Development

Strategic Enterprise Application Integration

The Impact of Cloud Computing on Saudi Organizations: The Case of a Telecom Company

Project Academy Series

Migration to Cloud Computing: a Sample Survey Based on a Research in Progress on the Investigation of Standard Based Interoperability Protocols

Requirement Management with the Rational Unified Process RUP practices to support Business Analyst s activities and links with BABoK

Exploring Enterprise Architecture for Change Management

Revel8or: Model Driven Capacity Planning Tool Suite

Factors Influencing the Adoption of Biometric Authentication in Mobile Government Security

REVIEW ON THE EFFECTIVENESS OF AGILE UNIFIED PROCESS IN SOFTWARE DEVELOPMENT WITH VAGUE SYSTEM REQUIREMENTS

ITC 19 th November 2015 Creation of Enterprise Architecture Practice

Guy Tozer, Doriq Associates DG Conference Europe 2009

How To Scale Agile Development With Knowledge Management

How To Understand The Role Of Enterprise Architecture In The Context Of Organizational Strategy

Family Evaluation Framework overview & introduction

Visual Paradigm product adoption roadmap

An Integrated Quality Assurance Framework for Specifying Business Information Systems

Transcription:

Enterprise Security Architecture: Approaches and a Framework Amir Mohtarami Tarbiat Modares University, Department of Information Technology Management, Tehran, Iran Hadi Kandjani Institute for Integrated and Intelligent Systems (IIIS), School of ICT, Griffith University, Brisbane, Australia

INTRODUCTION Information Technology cannot be architected in enterprise without addressing security issues. Enterprise security architecture will be needed in compliant with enterprise IT architecture. The question arise that, how we can deal with security in enterprise architecture. Is it a part of EA? If so, where is its arrangement in total EA processes? At next sections, after a brief look at EA concept, we try to answer these questions.

ENTERPRISE ARCHITECTURE The literature of Enterprise Architecture (EA) shows many definitions for this term. More commonly, when we are referring to the Enterprise Architecture, we are referring to the models, documents, and reusable items (as components, frameworks, objects, and so on) that reflect the actual architecture [5]. However, moreover EA is defined as a framework or blueprint for how the enterprise achieves the current and future business objectives.

EA FRAMEWORKS In large and complex enterprises, the use of a comprehensive framework for defining and expanding the vision and mission of the enterprises in all aspects of the enterprise is required. EA Frameworks offer some structured and organized frames for thinking and analyzing the enterprise. An architecture framework provides a structure and a common set of semantics that enforce consistency across the wide range of participants in enterprise architecture initiatives who typically come from diverse areas of the business [8].

ENTERPRISE SECURITY ARCHITECTURE If we consider the enterprise security as a critical and complex issue in today s enterprises, so we could apply the concept of architecture to the term of enterprise security. It means that enterprise security architecture contains models, documents, and reusable items (as components, frameworks, objects, and so on) that reflect the actual security goals, policies, objectives, processes, mechanisms and technologies.

THREE APPROACHES TO ESA 1) Security as a Technical issue 2) Security as a 7 th abstraction in Zachman Framework 3) Embedding security in EA

CONCLUSIONS There is a consensus about the importance of security issues among IT practitioners, but they are not agreed about the security architecture and its relations to Enterprise Architecture. One approach looks for it as a domain in enterprise technical architecture. But this approach addresses security in the technology context only and does not support integration of security requirements into business solutions from inception. Another approach, considers security as a complete viewpoint with its own models to be integrated into solutions but separate from the business process, information and technology viewpoints. Planning this way will take longer and will not produce the high quality of doing things in a more unified way.

CONCLUSIONS Alternatively to building a security-only viewpoint, architects can organize security requirements, principles, patterns, components and bricks (that is, the elemental standards and technologies) into the appropriate primary EA viewpoint artifacts. This approach is that one the authors think run effectively and proposed a framework around it. Ultimately, it seems that the organizations use security architecture effort separated from enterprise architecture. This could not be a rational decision because of no comprehensiveness, redundancy of effort which leads to both incomplete enterprise and security architecture.

REFERENCES A. Mohtarami, S. H. Khodadad Hosseini and S. Elahi, "Designing a Framework for Architecting IT Innovation Systems," Rahbord, pp. 37-65, 2014. R. Sessions, Simple Architectures for Complex Enterprises, Microsoft Press, 2008. J. McDowell, "An Information Technology Security Architecture for the State of Arizona," The Arizona Department of Administration, 2001. J. McDowell, "An Information Technology Security Architecture for the State of Arizona," The Arizona Department of Administration, 2001. A. Mohtarami, S. H. Khodadad Hosseini and H. Kandjani, "An Architectural Framework for IT Innovation Systems," European Journal of Scientific Research, vol. 106, no. 3, pp. 326-344, 2013. R. Hilliard, "Ieee-std-1471-2000 recommended practice for architectural description of software-intensive systems," IEEE, http://standards. ieee. org., 2000. M. Pulkkinen, "Systemic management of architectural decisions in enterprise architecture planning. four dimensions and three abstraction levels," in Proceedings of the 39th Annual Hawaii International Conference on System Sciences, Vol. 8. IEEE, 2006. C. Perks and T. beveridge, Guide to Enterprise IT Architecture, New York: Springer Inc., 2003. J. Zachman, "The Zachman Framework: A Primer for EnterpriseEngineering and Manufacturing (electronic book).," Available through http://www.zachmaninternational.com., 2003. J. Sherwood, A. Clark and D. Lynas, "Enterprise Security Architecture: A Business-Driven Approach," cmp, p. pp2, 2005. G. Kreizman and B. Robertson, "Integrating Security Into the Enterprise Architecture Frameworkand Integrating Security Into the Enterprise Architecture Framework.," 2006. V. K. Thanh, "An IT security policy framework. Asian Institute of Technology," Thesis no. CS-05-23., 2015. D. Mehan, "Paradigm Shifts, Paradoxes, and Prognostications, Adapted from Talks Given at: IEEE Spring Conference, Boston, MA ITAA Regional Meeting, Santa Clara, CA". J. Zachman, John Zachman's Concise Definition of The Zachman Framework, USA, 2008. J. Schekkerman, How to survive in the jungle of enterprise architecture framework: Creating or choosing an enterprise architecture framework, Trafford, 2003. S. W. Ambler, "Agile Enterprise Architecture: Beyond Beyond Enterprise Data Modeling," 2002. [Online]. Available: http://www.agiledata.org/essays/enterprisearchitecture.html. ISO/IEC/IEEE 42010:2011, Systems and software engineering Architecture description, the latest edition of the original IEEE Std 1471:2000, last update 5 February 2014. J. zachman, "https://www.zachman.com," 2001. [Online]. Available: https://www.zachman.com/ea-articles-reference/54-the-zachman-frameworkevolution. [Accessed 2 2015].

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information