Skip to main content
SpringerLink
Log in

Security Architecture Framework for Enterprises

  • Conference paper
  • First Online:
Enterprise Information Systems (ICEIS 2020)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 417))

Included in the following conference series:

  • 1353 Accesses

Abstract

Security is a complex issue for organisations, with its management now a fiduciary responsibility as well as a moral one. Without a holistic robust security structure that considers human, organisational and technical aspects to manage security, the assets of an organisation are at critical risk. Enterprise architecture (EA) is a strong and reliable structure that has been tested and used effectively for at least 30 years in organisations globally. It relies on a holistic classification structure for organisational assets. Grouping security with EA promises to leverage the benefits of EA in the security domain. We conduct a review of existing security frameworks to evaluate the extent to which they employ EA. We find that while the idea of grouping security with EA is not new, there is a need for developing a comprehensive solution. We design, develop, and demonstrate a security EA framework for organisations regardless of their industry, budgetary constraints or size; and survey professionals to analyse the framework and provide feedback. The survey results support the need for a holistic security structure and indicate benefits including reduction of security gaps, improved security investment decisions, clear functional responsibilities and a complete security nomenclature and international security standard compliance among others.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    http://www.zdnet.com/article/millions-verizon-customer-records-israeli-data/.

  2. 2.

    http://www.wired.co.uk/article/wannacry-ransomware-virus-patch.

  3. 3.

    https://www.theregister.co.uk/2017/04/07/icloud_wipe_threat/.

References

  1. ASD. Cyber Crime in Australia July to September 2019 (2020)

    Google Scholar 

  2. Patterson, T.: Holistic security: why doing more can cost you less and lower your risk. Comput. Fraud Secur. 6, 13–15 (2003)

    Google Scholar 

  3. Roeleven, S., Broer, J.: Why Two Thirds of Enterprise Architecture Projects Fail. ARIS Expert Paper (2010)

    Google Scholar 

  4. Angelo, S.: Security Architecture Model Component Overview. Sans Security Essentials (2001)

    Google Scholar 

  5. Copeland, M.: Cyber Security on Azure. Apress, Berkeley (2017). https://doi.org/10.1007/978-1-4842-2740-4

    Book  Google Scholar 

  6. Gorazo. Enterprise Architecture Literature Review (2014)

    Google Scholar 

  7. Anderson, R.: Security Engineering. John Wiley & Sons, New Jersey (2008)

    Google Scholar 

  8. Moulton, R., Coles, R.S.: Applying information security governance. Comput. Secur. 22(7), 580–584 (2003)

    Article  Google Scholar 

  9. Gregor, S., Hevner, A.R.: Positioning and presenting design science research for maximum impact. MIS Q. 37(2), 337–355 (2013)

    Article  Google Scholar 

  10. Hevner, A.R., et al.: Design science in information systems research. MIS Quarterly, pp. 75–105 (2004)

    Google Scholar 

  11. Nunamaker Jr., J.F., Chen, M., Purdin, T.D.: Systems development in information systems research. J. Manag. Inform. Syst. 7(3), 89–106 (1990)

    Google Scholar 

  12. Venable, J., Pries-Heje, J., Baskerville, R.: FEDS: a framework for evaluation in design science research. Eur. J. Inform. Syst. 25(1), 77–89 (2016)

    Article  Google Scholar 

  13. Sein, M.K., et al.: Action design research. MIS Quarterly, pp. 37–56 (2011)

    Google Scholar 

  14. Peffers, K., et al.: The design science research process: a model for producing and presenting information systems research. In: Proceedings of the First International Conference on Design Science Research in Information Systems and Technology (DESRIST 2006). ME Sharpe, Inc. (2006)

    Google Scholar 

  15. Oppenheim, A.N.: Questionnaire Design, Interviewing and Attitude Measurement. Bloomsbury Publishing, London (2000)

    Google Scholar 

  16. Zachman, J.A.: A framework for information systems architecture. IBM Syst. J. 26(3), 276–292 (1987)

    Article  Google Scholar 

  17. EBI. E.B.I., Glossary (2015)

    Google Scholar 

  18. Eloff, J., Eloff, M.: Information security architecture. Comput. Fraud Secur. 11, 10–16 (2005)

    Article  Google Scholar 

  19. ITGI. I.G.I., Board briefing on IT governance. Information Systems Audit and Control Foundation (2001)

    Google Scholar 

  20. Anderson, R.: Why information security is hard-an economic perspective. In: Proceedings 17th Annual Computer Security Applications Conference, pp. 358–365. IEEE (2001)

    Google Scholar 

  21. ISACA: An Introduction to the Business Model for Information Security (2009)

    Google Scholar 

  22. Vaishnavi, V., Kuechler, W.: Design research in information systems (2004)

    Google Scholar 

  23. McClintock, M., et al.: Enterprise security architecture: mythology or methodology? In: International Conference on Enterprise Information Systems (2020)

    Google Scholar 

  24. Crotty, M.: The Foundations of Social Research: Meaning and Perspective in the Research Process. Sage, London (1998)

    Google Scholar 

  25. Hirschheim, R.: Information systems epistemology: an historical perspective. Res. Methods Inform. Syst. 9, 13–35 (1985)

    Google Scholar 

  26. Fosnot, C.T.: Constructivism: Theory, Perspectives, and Practice. Teachers College Press, New York (2013)

    Google Scholar 

  27. Strauss, A., Corbin, J.: Basics of Qualitative Research Techniques. Sage Publications, New York (1998)

    Google Scholar 

  28. Mills, J., Bonner, A., Francis, K.: The development of constructivist grounded theory. Int. J. Qual. Methods 5(1), 25–35 (2006)

    Article  Google Scholar 

  29. Lee, A.S., Baskerville, R.L.: Generalizing generalizability in information systems research. Inform. Syst. Res. 14(3), 221–243 (2003)

    Article  Google Scholar 

  30. Williams, M.: Questionnaire design. Making Sense of Social Research, pp. 104–124 (2003)

    Google Scholar 

  31. Rattray, J., Jones, M.C.: Essential elements of questionnaire design and development. J. Clin. Nurs. 16(2), 234–243 (2007)

    Article  Google Scholar 

  32. Urquhart, C., Lehmann, H., Myers, M.D.: Putting the ‘theory’ back into grounded theory: guidelines for grounded theory studies in information systems. Inform. Syst. J. 20(4), 357–381 (2010)

    Article  Google Scholar 

  33. Starks, H., Brown Trinidad, S.: Choose your method: a comparison of phenomenology, discourse analysis, and grounded theory. Qual. Health Res. 17(10), 1372–1380 (2007)

    Google Scholar 

  34. Strauss, A., Corbin, J.: Grounded theory methodology. Handb. Qual. Res. 17, 273–85 (1994)

    Google Scholar 

  35. Martin, P.Y., Turner, B.A.: Grounded theory and organizational research. J. Appl. Behav. Sci. 22(2), 141–157 (1986)

    Article  Google Scholar 

  36. Siponen, M., Willison, R.: Information security management standards: problems and solutions. Inform. Manag. 46(5), 267–270 (2009)

    Article  Google Scholar 

  37. Bittler, R.S., Kreizman, G.: Gartner Enterprise Architecture Process: Evolution 2005. G00130849, Gartner, Stamford, CT, pp. 1–12 (2005)

    Google Scholar 

  38. Josey, A.: TOGAF Version 9.1 Enterprise Edition: An Introduction. The Open Group (2009)

    Google Scholar 

  39. USG. U.S.F.G., Introduction to the Federal Enterprise Architecture Framework V2 (2013)

    Google Scholar 

  40. DoD, C.: DoDAF Architecture Framework Version 2.02. Website, August 2010

    Google Scholar 

  41. ISO. I.S.O./I.E.C. 27000, 27001 and 27002 for information security management (2013)

    Google Scholar 

  42. Zachman, J.A.: The framework for enterprise architecture: background, description and utility. Zachman International (1996)

    Google Scholar 

  43. Sherwood, J., Clark, A., Lynas, D.: Enterprise security architecture. SABSA White Paper, vol. 2009 (1995)

    Google Scholar 

  44. Shariati, M., Bahmani, F., Shams, F.: Enterprise information security, a review of architectures and frameworks from interoperability perspective. Procedia Comput. Sci. 3, 537–543 (2011)

    Article  Google Scholar 

  45. Oda, S.M., Fu, H., Zhu, Y.: Enterprise information security architecture a review of frameworks, methodology, and case studies. In: ICCSIT 2009. IEEE (2009)

    Google Scholar 

  46. Zachman, J.P.: The Zachman Framework Evolution (2011)

    Google Scholar 

  47. Veiga, A.D., Eloff, J.H.: An information security governance framework. Inform. Syst. Manag. 24(4), 361–372 (2007)

    Article  Google Scholar 

  48. Claycomb, W., Shin, D.: Mobile-driven architecture for managing enterprise security policies. In: ACMSE 2006. ACM (2006)

    Google Scholar 

Download references

Acknowledgements

This work has been supported by an Australian Research Council Discovery Early Career Research Award (project number DE200101577).

Author information

Authors and Affiliations

  1. School of Computer Science, University of Adelaide, North Terrace, Adelaide, Australia

    Michelle Graham, Katrina Falkner, Claudia Szabo & Yuval Yarom

Authors
  1. Michelle Graham
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Katrina Falkner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Claudia Szabo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuval Yarom
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Michelle Graham , Katrina Falkner , Claudia Szabo or Yuval Yarom .

Editor information

Editors and Affiliations

  1. Polytechnic Institute of Setúbal/INSTICC, Setúbal, Portugal

    Joaquim Filipe

  2. Warsaw University of Technology, Warsaw, Poland

    Michał Śmiałek

  3. George Mason University, Fairfax, VA, USA

    Alexander Brodsky

  4. MODESTE/ESEO, Angers, France

    Slimane Hammoudi

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Graham, M., Falkner, K., Szabo, C., Yarom, Y. (2021). Security Architecture Framework for Enterprises. In: Filipe, J., Śmiałek, M., Brodsky, A., Hammoudi, S. (eds) Enterprise Information Systems. ICEIS 2020. Lecture Notes in Business Information Processing, vol 417. Springer, Cham. https://doi.org/10.1007/978-3-030-75418-1_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-75418-1_40

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-75417-4

  • Online ISBN: 978-3-030-75418-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation