Enterprise Architectures (EA) & Security

Similar documents
An Analysis of The SABSA Framework. Note: Most of this information comes from the SABSA website. TJS. SABSA Overview

SABSA A Brief Introduction

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Enterprise Architecture Roles in Delivering Business Capabilities

Enterprise Security Architecture

Enterprise Security Architecture for Cyber Security. M.M.Veeraragaloo 5 th September 2013

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

Module F13 The TOGAF Certification for People Program

Security Architecture and Design from a Business/Enterprise Driven Viewpoint

The Perusal and Review of Different Aspects of the Architecture of Information Security

Setting up an Effective Enterprise Architecture capability. Simon Townson Principal Enterprise Architect SAP

Managing Change Using Enterprise Architecture

Background: Business Value of Enterprise Architecture TOGAF Architectures and the Business Services Architecture

The Open Group Architectural Framework

Agile and Enterprise Architecture

Business Security Architecture: Weaving Information Security into Your Organization's Enterprise Architecture through SABSA

Enterprise Architecture Management. Prof. Dr. Knut Hinkelmann MSc Business Information Systems

ENTERPRISE ARCHITECTURE AS THE CORE ENGINE FOR SUCCESSFUL BUSINESS TECHNOLOGY TRANSFORMATION

Sisyphus Would Be Proud

Avancier Reference Model

SOA: The missing link between Enterprise Architecture and Solution Architecture

Solutions. An introduction to the science & art of system architecture engineering

The Open Group Cloud Work Group

WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101

How to bridge the gap between business, IT and networks

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Enterprise Architecture: A Governance Framework

Master Data Management Architecture

From Capability-Based Planning to Competitive Advantage Assembling Your Business Transformation Value Network

EA vs ITSM. itsmf

Job Description. Job Title Branch Business Group Reporting to Location. Purpose. Key Tasks

COBIT 5 Introduction. 28 February 2012

ITIL V3 - The Future Is Here

Architecting enterprise BPM systems for optimal agility

White Paper What Solutions Architects Should Know About The TOGAF ADM

Development of Enterprise Architecture of PPDR Organisations W. Müller, F. Reinert

Enterprise Architecture (EA) is the blueprint

Practice Description Business process management and enterprise architecture

Growth Through Excellence

TOGAF overview and relation

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

ITC 19 th November 2015 Creation of Enterprise Architecture Practice

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

A Methodology for Development of Enterprise Architecture of PPDR Organisations W. Müller, F. Reinert

POSITION SPECIFICATION ENTERPRISE ARCHITECT UK&I

SOA + BPM = Agile Integrated Tax Systems. Hemant Sharma CTO, State and Local Government

Government Enterprise Architecture

Visualizing the Business Impact of Technical Cyber Risks

How To Compare Itil To Togaf

The Cornwell Enterprise Architecture Maturity Dashboard

Benefits of the SAP Enterprise Architecture Framework for Enterprise SOA

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR

Government-wide Enterprise Architecture In KOREA. National Computerization Agency

SAP Enterprise Architecture Framework Unveiled: Aligning IT to the Business

BPM case study: Competency Centre in a large Swiss bank

Agenda. Seda Overview Seda EA Project Requirements Enterprise Architecture Approach

Integrated Performance Management

1.0 Background and Problem Statement

Five Core Principles of Successful Business Architecture

Practitioner Certificate in Information Assurance Architecture (PCiIAA)

A COMPARISON OF ENTERPRISE ARCHITECTURE FRAMEWORKS

Security Architecture Principles A Brief Introduction. Mark Battersby , Oslo

INFORMATION TECHNOLOGY FLASH REPORT

ESKITP5022 Software Development Level 2 Role

Enterprise Architecture Service

Advanced Topics for TOGAF Integrated Management Framework

Real-time: changing the billing landscape

How Managed Services Has Changed Remote Infrastructure Management. Presented by: Bill Whitney March 26, 2008

The Value of the Project Management Office. March 2009 A survey conducted by Pole to Pole Communications, on behalf of CA

ArchiMate and TOGAF. What is the added value?

Increasing the Role (and Impact) of BPM in Your Organization. Taking BPM and BPMS enabled BPM to the next level

TOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy

Adapting an Enterprise Architecture for Business Intelligence

A Ready Business has total visibility and control. Seamlessly manage your global telecommuncations in a secure environment

Practical meta data solutions for the large data warehouse

Why Data Governance - 1 -

A Comparison of Common Business Modeling Approaches to GODS Generic Business Architecture

DESIGNING SECURE ENTERPRISE ARCHITECTURES. A comprehensive approach: framework, method, and modelling language

Illustrations and Answers for TDT4252 exam, June Sobah Abbas Petersen IDI/NTNU

Data analytics the changing use of data within Internal Audit

Patrick Bossert Director of Asset Information September

Software Development in the Large!

Why Two Thirds of Enterprise Architecture Projects Fail

Judith Jones Architecting-the-Enterprise

Extended Enterprise Architecture Framework Essentials Guide

Setting goals and measuring the value of Enterprise IT Architecture using COBIT 5 framework

Aligning TOGAF and NAF Experiences from the Norwegian Armed Forces

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Digital Asset Management. Delivering greater value from your assets by using better asset information to improve investment decisions

Protecting Malaysia in the Connected world

White Paper An Enterprise Security Program and Architecture to Support Business Drivers

Sparx Systems Enterprise Architect for Team Players

Key Account Management

, Head of IT Strategy and Architecture. Application and Integration Strategy

OMG SOA Workshop - Burlingame Oct 16-19, 2006 Integrating BPM and SOA Using MDA A Case Study

Enterprise Architecture Review

SHAREPOINT SOLUTIONS

G-Cloud III Services Service Definition Accenture Cloud Security Services

Integrating an ITILv3 Service Management Architecture into Business Architectures

Project organisation and establishing a programme management office

Transcription:

Enterprise Architectures (EA) & Security A synopsis of current state EA s and enterprise security as an add on Marcel Schlebusch 2013-07-18 mwrinfosecurity.com MWR InfoSecurity mwrinfosecurity.com MWR InfoSecurity 1

Something to ponder 9gag.com mwrinfosecurity.com MWR InfoSecurity 2

Overview Introduction: Brief history and overview of EA Common problems faced by EA programmes Security as part of EA A comparison of 4 EA frameworks EA trends Literature study An optimist s vision for EA and ESA Conclusion mwrinfosecurity.com MWR InfoSecurity 3

Introduction: Brief history and overview of EA 26 Years of EA 1960s and 1970s (Information Architectures) 1987 (John Zachman) 1990s (Term EA, different views start to form) 2000s (Many different approaches to EA emerge) mwrinfosecurity.com MWR InfoSecurity 4

Introduction: Brief history and overview of EA... Overview of EA What is Enterprise Architecture? Enables translating business vision into enterprise change Enables management of complexity Purpose/Goals: Effectiveness, Efficiency, Agility, and Durability What is an EA framework? Reference structure that provides models, tools and processes to plan, produce and operate an EA programme mwrinfosecurity.com MWR InfoSecurity 5

Common problems faced by EA programmes At the very least, these questions will be addressed: Should my organisation implement an Enterprise Architecture? Which EA framework is the best? We ve spent a fortune on EA, why are we not getting ROI? Why do EA programmes commonly fail? What are the current business trends in EA? How do we get started with EA? mwrinfosecurity.com MWR InfoSecurity 6

Security as part of EA Zoom in on Security mwrinfosecurity.com MWR InfoSecurity 7

Security as part of EA There are many security standards ISO 27001 (BS 7799) NIST 800-12 800-14 800-26 800-37 800-53 rev3 PCI-DSS Etc There are Risk Frameworks RiskIT (Risk framework by ISACA) ISO 27005 Etc There are Enterprise Security Architecture (ESA) Frameworks SABSA (Sherwood Applied Business Security Architecture) IAEAF (Information Assurance Enterprise Architectural Framework) OSA (Open security architecture) mwrinfosecurity.com MWR InfoSecurity 8

Security as part of EA... Positioning Enterprise Security Architecture Business architecture Goals of ESA: Establish common language Structured management of security complexity Enable business-to-security alignment Traceability to business reqs. Security Architecture Information Architecture Technology architecture mwrinfosecurity.com MWR InfoSecurity 9

Security as part of EA... Positioning Enterprise Security Architecture ESA is a subset of EA Stretches across all other Architectures mwrinfosecurity.com MWR InfoSecurity 10

Security as part of EA... Business assets Information assets Technology assets mwrinfosecurity.com MWR InfoSecurity 11

Security as part of EA... SABSA as an example Risk driven methodology Consists of frameworks, models, methods and processes Free for use by all Overarches all other security standards Everything is driven from an analysis of the business requirements for security The SABSA layered model The SABSA lifecycle mwrinfosecurity.com MWR InfoSecurity 12 Source: SABSA whitepaper www.sabsa.org

Security as part of EA... SABSA as an example Business View Business view of What Business view of Why Business view of How Business view of Who Business view of Where Business view of When Architect s View Designer s View Builder s View The SABSA matrix Tradesman s View Service Manager s View mwrinfosecurity.com MWR InfoSecurity 13 Source: SABSA whitepaper www.sabsa.org

Security as part of EA... The SABSA Matrix Business View Architect s View Designer s View Builder s View Tradesman s View Service Manager s View mwrinfosecurity.com MWR InfoSecurity 14 Source: SABSA whitepaper www.sabsa.org

Security as part of EA... SABSA as an example The SABSA Business Attributes mwrinfosecurity.com MWR InfoSecurity 15 Source: SABSA whitepaper www.sabsa.org

A comparison of 4 EA frameworks Zoom out back to the Enterprise mwrinfosecurity.com MWR InfoSecurity 16

A comparison of 4 EA frameworks Over the past decade many EA approaches have emerged, 4 are leading the pack: 1. Zachman framework for EA 2. The Open Group Architecture Framework (TOGAF) 3. Federal Enterprise Architecture (FEA) 4. Gartner Enterprise Architecture Framework mwrinfosecurity.com MWR InfoSecurity 17

A comparison of 4 EA frameworks... In comparing these frameworks, the following will be shown: 1. A summary/overview of each framework 2. A score-sheet, directly comparing the frameworks 3. Some usage statistics (mostly from USA and Europe) mwrinfosecurity.com MWR InfoSecurity 18

A comparison of 4 EA frameworks... Zachman framework for EA Taxonomy Categorising deliverables Planning tool Views & view-points Also: Limited usefulness as EA History in manufacturing Broad acceptance mwrinfosecurity.com MWR InfoSecurity 19

A comparison of 4 EA frameworks... The ARCHITECT John Sherwood John Zachman SABSA VS. 6 x 6 matrix Views View-points Enterprise Security Framework Enterprise Framework mwrinfosecurity.com MWR InfoSecurity 20

A comparison of 4 EA frameworks... TOGAF Process driven (via ADM) Enterprise Continuum (general -> specific) Technical reference models (TRM) Standards information bases (SIB) Also: Holistic perspective History in defence Broad acceptance mwrinfosecurity.com MWR InfoSecurity 21

A comparison of 4 EA frameworks... FEA Segmented enterprise 5 Reference models Development process Planning and communication tool Also: Holistic perspective US-Gov Standard Broad US-Gov acceptance mwrinfosecurity.com MWR InfoSecurity 22

A comparison of 4 EA frameworks... Gartner Better described as a practice EA as a service to large enterprises mwrinfosecurity.com MWR InfoSecurity 23

A comparison of 4 EA frameworks... Score-sheet (2007) Rating Scale: 1. Very poor Public 2. Inadequate 3. Acceptable 4. Very Good Criteria Zachman TOGAF FEA Gartner Taxonomy Completeness 4 2 2 1 Process Completeness 1 4 2 3 Reference Model Guidance 1 3 4 1 Practise Guidance 1 2 2 4 Maturity Model 1 1 3 2 Business Focus 1 2 1 4 Governance Guidance 1 2 3 3 Partitioning Guidance 1 2 4 3 Prescriptive Catalogue 1 2 4 2 Vendor Neutrality 2 4 3 1 Information Availability 2 4 2 1 Time to Value 1 3 1 4 mwrinfosecurity.com MWR InfoSecurity 24

A comparison of 4 EA frameworks... Score-sheet (2012) Rating Scale: 1. Very poor Public 2. Inadequate 3. Acceptable 4. Very Good Criteria Zachman TOGAF FEA Gartner Taxonomy Completeness 4 3 2 1 Process Completeness 1 4 3 3 Reference Model Guidance 1 3 4 1 Practise Guidance 1 2 2 4 Maturity Model 1 2 4 2 Business Focus 1 2 3 4 Governance Guidance 1 2 3 3 Partitioning Guidance 1 3 4 3 Prescriptive Catalogue 1 3 4 2 Vendor Neutrality 2 4 3 1 Information Availability 2 4 3 1 Time to Value 2 4 2 4 mwrinfosecurity.com MWR InfoSecurity 25

A comparison of EA frameworks: Usage survey 2003 Organisation's Own None Zachman Other TOGAF Source: Capgemini EA survey 2003 0% 5% 10% 15% 20% 25% 30% 35% 40% mwrinfosecurity.com MWR InfoSecurity 26

A comparison of EA frameworks: Usage survey 2012 Organisation's Own TOGAF Pragmatic EA Other MoDAF Zachman None FEA Source: Ovum EA survey 2012 0% 5% 10% 15% 20% 25% mwrinfosecurity.com MWR InfoSecurity 27

EA trends: Literature study Gartner: Analysts predict that 95% of organisations will support multiple approaches to EA by 2015 By 2020 the majority of Global 1000 organisations will support EA as a distinct discipline To prepare for 2020, Gartner advises to: Ensure that EA practices are driven by the business direction EA should lead from the top, and be driven from the top Use EA to predict the impact of investment decisions Source: Gartner EA Hype Cycle 2012 mwrinfosecurity.com MWR InfoSecurity 28

EA trends: Literature study (Gartner EA Hype Cycle 2012) mwrinfosecurity.com MWR InfoSecurity 29

EA trends: Literature study The blended approach to EA Gartner identifies different approaches to EA Traditional Top down approach Federated Useful for larger organisations Middle-Out Most dynamic approach Managed Diversity Option based approach A true "blended" approach is one whereby the enterprise architecture (EA) team determines the appropriate mix of above EA approaches based on business-outcomedriven decision criteria. Source: Gartner EA Hype Cycle 2012 mwrinfosecurity.com MWR InfoSecurity 30

EA trends: Literature study Oracle Survey What does a partially successful or unsuccessful implementation look like? Isolation Trap Optimised An EA Maturity representation Enterprise Architecture Losing Fragmented Solution Architecture Source: Oracle EA survey mwrinfosecurity.com MWR InfoSecurity 31

An optimist s view of EA and ESA... The blended approach Rating Scale: 1. Very Public poor 2. Inadequate 3. Acceptable 4. Very Good Criteria Zachman TOGAF FEA Gartner Taxonomy Completeness 4 3 2 1 Process Completeness 1 4 3 3 Reference Model Guidance 1 3 4 1 Practise Guidance 1 2 2 4 + SECURITY, of course Maturity Model 1 2 4 2 Business Focus 1 2 3 4 Governance Guidance 1 2 3 3 Partitioning Guidance 1 3 4 3 Prescriptive Catalogue 1 3 4 2 Vendor Neutrality 2 4 3 1 Information Availability 2 4 3 1 Time to Value 2 4 2 4 mwrinfosecurity.com MWR InfoSecurity 32

An optimist s view of EA and ESA... The blended approach Gartner SABSA TOGAF Zachman Requirements Definition a Process a a Goals and Artefacts a a mwrinfosecurity.com MWR InfoSecurity 33

An optimist s view of EA and ESA... The blended approach SABSA and TOGAF integration mwrinfosecurity.com MWR InfoSecurity 34

An optimist s view of EA and ESA... The blended approach Are we not increasing the complexity? mwrinfosecurity.com MWR InfoSecurity 35

An optimist s view of EA and ESA... The ideal state Market leading Strategic SECURE Compliant Competitive Cost effective Dynamic Efficient Documented Intelligent mwrinfosecurity.com MWR InfoSecurity 36

Conclusion For organisations practicing EA and ESA: EA and ESA are tools for change It takes time (track maturity) EA is not an IT function Drive from the top! Be open to a blended approach Include security here For EA and ESA professionals: Understand that ESA delivers into EA Manage expectations (long term value) The value of EA careers are increasing Be skilled in multiple frameworks mwrinfosecurity.com MWR InfoSecurity 37

Conclusion At the very least, these questions will be addressed: Should my organisation implement an Enterprise Architecture? -YES Which EA framework is the best? - BLEND We ve spent a fortune on EA, why are we not getting ROI? It takes time, but measure the maturity of your programme, and re-focus efforts on delivering business value Why do EA programmes commonly fail? Not driven from the top or focus shifts to shorter term solutions architecture What are the current business trends in EA? Blended EA approaches and EA tools How do we get started with EA? Combine Zachman, TOGAF and SABSA and let the TOGAF ADM guide your process mwrinfosecurity.com MWR InfoSecurity 38

mwrinfosecurity.com MWR InfoSecurity 39

References: [1] Article: A Comparison of the Top Four Enterprise-Architecture Methodologies by Roger Sessions [2] White-paper: A Comparison of the Five Major Enterprise Architecture Methodologies https://online.ist.psu.edu/sites/ist871/files/t10_comparisonof5.pdf [3] Ovum Research: Amongst others: http://ovum.com/2012/03/22/hybrid-enterprise-architectureframeworks-are-in-the-majority/ [4] Gartner: Hype Cycle for Enterprise Architecture, 2012 [5] TOGAF: http://www.opengroup.org/togaf/ [6] Whitepaper: The Oracle Enterprise Architecture Framework (Oracle October 2009) [7] Whitepaper: Enterprise Security Architecture www.sabsa.org [8] Whitepaper: TOGAF and SABSA Integration The Open Group (October 2011) mwrinfosecurity.com MWR InfoSecurity 40

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information