Business Security Architecture: Weaving Information Security into Your Organization's Enterprise Architecture through SABSA®

2012 ◽  
Vol 21 (1) ◽  
pp. 47-54 ◽  
Author(s):  
Jason S. Burkett
Keyword(s):  
Information Security ◽  
Enterprise Architecture ◽  
Security Architecture ◽  
Business Security

Enterprise Architecture as Context and Method for Designing and Implementing Information Security and Data Privacy Controls in Government Agencies

2010 ◽  
pp. 340-370
Author(s):  
Scott Bernard ◽  
Shuyuan Mary Ho
Keyword(s):  
Information Security ◽  
Data Privacy ◽  
Enterprise Architecture ◽  
Security And Privacy ◽  
System Level ◽  
Security Architecture ◽  
Government Agencies ◽  
Information Flows ◽  
Work Processes ◽  
The Face

Government agencies are committing an increasing amount of resources to information security and data privacy solutions in order to meet legal and mission requirements for protecting agency information in the face of increasingly sophisticated global threats. Enterprise Architecture (EA) provides an agency-wide context and method that includes a security sub-architecture which can be used to design and implement effective controls. EA is scalable, which promotes consistency and alignment in controls at the enterprise, program, and system levels. EA also can help government agencies improve existing security and data privacy programs by enabling them to move beyond a system-level perspective and begin to promote an enterprise-wide view of security and privacy, as well as improve the agility and effectiveness of lifecycle activities for the development, implementation, and operation of related security and privacy controls that will assure the confidentiality, integrity, and availability of the agency’s data and information. This chapter presents the EA3 “Cube” EA methodology and framework, including an integrated security architecture, that is suitable for use by government agencies for the development of risk-adjusted security and privacy controls that are designed into the agency’s work processes, information flows, systems, applications, and network infrastructure.

E-Business and Security

2011 ◽  
pp. 262-277
Author(s):  
Sharon Nachtigal
Keyword(s):  
Information Security ◽  
Business Environment ◽  
Future Research ◽  
Security Issues ◽  
Business Executives ◽  
Security Challenges ◽  
Modern Business ◽  
Alternative Approaches ◽  
Structured Approach ◽  
Business Security

This chapter is concerned with a major problem for any e-business organization, the security of its Information Systems. A review of information security characteristics and components is presented, followed by a detailed discussion of e-business security issues. Based on a structured approach for describing e-business functionality, e-business characteristics relevant to information security are identified. The major e-business security challenges are considered and e-business security issues are discussed and requirements are identified in different aspects of the realm. The current perimeter security approach appears to be inadequate to the modern business environment. Hence, a different approach is needed. A few alternative approaches are discussed and a review of previous and future research on e-business security is presented. Hence, the chapter aims to contribute both to academics and to e-business executives by providing the information security insight and awareness to the e-business unique security issues and challenges.

A Risk Integration Framework for the Service-Oriented Enterprise

2020 ◽  
pp. 133-153
Author(s):  
Eric Grandry ◽  
Christophe Feltus ◽  
Eric Dubois
Keyword(s):  
Information System ◽  
Information Security ◽  
Enterprise Architecture ◽  
Security Risks ◽  
Conceptual Integration ◽  
Integration Framework ◽  
Management Domain ◽  
Service Oriented ◽  
Architecture Management

Enterprise architecture management provides the mechanism for governing enterprise transformations required by changes in the environment. In this article, the authors focus on changes that result from the analysis of information system risks and of their impacts on the services delivered by the enterprise. The authors present how the concepts of an information system risks management domain can be integrated into the ArchiMate enterprise architecture modelling language. This article approaches the conceptual integration in two design cycles: first, this article will consider information security risks, and then the authors generalize to information system risks. Additionally, the authors illustrate the application of the proposed approach and demonstrate the benefits of the integrated model through the handling of a case study, first in the domain of information security, and then in the domain of information privacy. The generalized risk-oriented EA model leads to a risk integration framework for the service-oriented enterprise.

Information security architecture

2005 ◽  
Vol 2005 (11) ◽  
pp. 10-16 ◽  
Author(s):  
J.H.P. Eloff ◽  
M.M. Eloff
Keyword(s):  
Information Security ◽  
Security Architecture
Sign in / Sign up

Export Citation Format

Share Document