Top

Published in:

2021 | OriginalPaper | Chapter

Security Architecture Framework for Enterprises

Authors : Michelle Graham, Katrina Falkner, Claudia Szabo, Yuval Yarom

Published in: Enterprise Information Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Security is a complex issue for organisations, with its management now a fiduciary responsibility as well as a moral one. Without a holistic robust security structure that considers human, organisational and technical aspects to manage security, the assets of an organisation are at critical risk. Enterprise architecture (EA) is a strong and reliable structure that has been tested and used effectively for at least 30 years in organisations globally. It relies on a holistic classification structure for organisational assets. Grouping security with EA promises to leverage the benefits of EA in the security domain. We conduct a review of existing security frameworks to evaluate the extent to which they employ EA. We find that while the idea of grouping security with EA is not new, there is a need for developing a comprehensive solution. We design, develop, and demonstrate a security EA framework for organisations regardless of their industry, budgetary constraints or size; and survey professionals to analyse the framework and provide feedback. The survey results support the need for a holistic security structure and indicate benefits including reduction of security gaps, improved security investment decisions, clear functional responsibilities and a complete security nomenclature and international security standard compliance among others.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter On Enterprise Architecture Patterns: A Tool for Sustainable Transformation

next chapter GDPR Compliance Tools: Best Practice from RegTech

http://www.zdnet.com/article/millions-verizon-customer-records-israeli-data/.

http://www.wired.co.uk/article/wannacry-ransomware-virus-patch.

https://www.theregister.co.uk/2017/04/07/icloud_wipe_threat/.

ASD. Cyber Crime in Australia July to September 2019 (2020)

Patterson, T.: Holistic security: why doing more can cost you less and lower your risk. Comput. Fraud Secur. 6, 13–15 (2003)

Roeleven, S., Broer, J.: Why Two Thirds of Enterprise Architecture Projects Fail. ARIS Expert Paper (2010)

Angelo, S.: Security Architecture Model Component Overview. Sans Security Essentials (2001)

Copeland, M.: Cyber Security on Azure. Apress, Berkeley (2017). https://doi.org/10.1007/978-1-4842-2740-4CrossRef

Gorazo. Enterprise Architecture Literature Review (2014)

Anderson, R.: Security Engineering. John Wiley & Sons, New Jersey (2008)

Moulton, R., Coles, R.S.: Applying information security governance. Comput. Secur. 22(7), 580–584 (2003)CrossRef

Gregor, S., Hevner, A.R.: Positioning and presenting design science research for maximum impact. MIS Q. 37(2), 337–355 (2013)CrossRef

10.

Hevner, A.R., et al.: Design science in information systems research. MIS Quarterly, pp. 75–105 (2004)

11.

Nunamaker Jr., J.F., Chen, M., Purdin, T.D.: Systems development in information systems research. J. Manag. Inform. Syst. 7(3), 89–106 (1990)

12.

Venable, J., Pries-Heje, J., Baskerville, R.: FEDS: a framework for evaluation in design science research. Eur. J. Inform. Syst. 25(1), 77–89 (2016)CrossRef

13.

Sein, M.K., et al.: Action design research. MIS Quarterly, pp. 37–56 (2011)

14.

Peffers, K., et al.: The design science research process: a model for producing and presenting information systems research. In: Proceedings of the First International Conference on Design Science Research in Information Systems and Technology (DESRIST 2006). ME Sharpe, Inc. (2006)

15.

Oppenheim, A.N.: Questionnaire Design, Interviewing and Attitude Measurement. Bloomsbury Publishing, London (2000)

16.

Zachman, J.A.: A framework for information systems architecture. IBM Syst. J. 26(3), 276–292 (1987)CrossRef

17.

EBI. E.B.I., Glossary (2015)

18.

Eloff, J., Eloff, M.: Information security architecture. Comput. Fraud Secur. 11, 10–16 (2005)CrossRef

19.

ITGI. I.G.I., Board briefing on IT governance. Information Systems Audit and Control Foundation (2001)

20.

Anderson, R.: Why information security is hard-an economic perspective. In: Proceedings 17th Annual Computer Security Applications Conference, pp. 358–365. IEEE (2001)

21.

ISACA: An Introduction to the Business Model for Information Security (2009)

22.

Vaishnavi, V., Kuechler, W.: Design research in information systems (2004)

23.

McClintock, M., et al.: Enterprise security architecture: mythology or methodology? In: International Conference on Enterprise Information Systems (2020)

24.

Crotty, M.: The Foundations of Social Research: Meaning and Perspective in the Research Process. Sage, London (1998)

25.

Hirschheim, R.: Information systems epistemology: an historical perspective. Res. Methods Inform. Syst. 9, 13–35 (1985)

26.

Fosnot, C.T.: Constructivism: Theory, Perspectives, and Practice. Teachers College Press, New York (2013)

27.

Strauss, A., Corbin, J.: Basics of Qualitative Research Techniques. Sage Publications, New York (1998)

28.

Mills, J., Bonner, A., Francis, K.: The development of constructivist grounded theory. Int. J. Qual. Methods 5(1), 25–35 (2006)CrossRef

29.

Lee, A.S., Baskerville, R.L.: Generalizing generalizability in information systems research. Inform. Syst. Res. 14(3), 221–243 (2003)CrossRef

30.

Williams, M.: Questionnaire design. Making Sense of Social Research, pp. 104–124 (2003)

31.

Rattray, J., Jones, M.C.: Essential elements of questionnaire design and development. J. Clin. Nurs. 16(2), 234–243 (2007)CrossRef

32.

Urquhart, C., Lehmann, H., Myers, M.D.: Putting the ‘theory’ back into grounded theory: guidelines for grounded theory studies in information systems. Inform. Syst. J. 20(4), 357–381 (2010)CrossRef

33.

Starks, H., Brown Trinidad, S.: Choose your method: a comparison of phenomenology, discourse analysis, and grounded theory. Qual. Health Res. 17(10), 1372–1380 (2007)

34.

Strauss, A., Corbin, J.: Grounded theory methodology. Handb. Qual. Res. 17, 273–85 (1994)

35.

Martin, P.Y., Turner, B.A.: Grounded theory and organizational research. J. Appl. Behav. Sci. 22(2), 141–157 (1986)CrossRef

36.

Siponen, M., Willison, R.: Information security management standards: problems and solutions. Inform. Manag. 46(5), 267–270 (2009)CrossRef

37.

Bittler, R.S., Kreizman, G.: Gartner Enterprise Architecture Process: Evolution 2005. G00130849, Gartner, Stamford, CT, pp. 1–12 (2005)

38.

Josey, A.: TOGAF Version 9.1 Enterprise Edition: An Introduction. The Open Group (2009)

39.

USG. U.S.F.G., Introduction to the Federal Enterprise Architecture Framework V2 (2013)

40.

DoD, C.: DoDAF Architecture Framework Version 2.02. Website, August 2010

41.

ISO. I.S.O./I.E.C. 27000, 27001 and 27002 for information security management (2013)

42.

Zachman, J.A.: The framework for enterprise architecture: background, description and utility. Zachman International (1996)

43.

Sherwood, J., Clark, A., Lynas, D.: Enterprise security architecture. SABSA White Paper, vol. 2009 (1995)

44.

Shariati, M., Bahmani, F., Shams, F.: Enterprise information security, a review of architectures and frameworks from interoperability perspective. Procedia Comput. Sci. 3, 537–543 (2011)CrossRef

45.

Oda, S.M., Fu, H., Zhu, Y.: Enterprise information security architecture a review of frameworks, methodology, and case studies. In: ICCSIT 2009. IEEE (2009)

46.

Zachman, J.P.: The Zachman Framework Evolution (2011)

47.

Veiga, A.D., Eloff, J.H.: An information security governance framework. Inform. Syst. Manag. 24(4), 361–372 (2007)CrossRef

48.

Claycomb, W., Shin, D.: Mobile-driven architecture for managing enterprise security policies. In: ACMSE 2006. ACM (2006)

Title: Security Architecture Framework for Enterprises
Authors: Michelle Graham
Katrina Falkner
Claudia Szabo
Yuval Yarom
Publisher: Springer International Publishing
Book: Enterprise Information Systems
Print ISBN: 978-3-030-75417-4

Electronic ISBN: 978-3-030-75418-1

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-75418-1_40

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner