Enterprise Security Architecture: Mythology or Methodology?

Michelle McClintock, Katrina Falkner, Claudia Szabo, Yuval Yarom

Abstract

Security has never been more important. However, without a holistic security structure that secures all assets of an organisation (physical, digital or cognitive), an organisation is at a critical risk. Enterprise architecture (EA) applies engineering design principles and provides a complete structure to design and build an organisation using classification schema and descriptive representations. The grouping of security with EA, through a framework with corresponding security classifications and representations, promises a complete security solution. We evaluate security frameworks and find that grouping security with EA is not new, however current solutions indicate a lack of research process in development, a disjoint focus in either technical or policy / department or project. Thus, there is a need for a holistic solution. We use a Design Science Research methodology to design, develop, and demonstrate a security EA framework that provides an organisation with a complete security solution regardless of industry, budgetary constraints, or size, and survey professionals to critically analyse the framework. The results indicate the need for a complete security structure including benefits in governance, resourcing, functional responsibilities, risk management and compliance.

Download


Paper Citation


in Harvard Style

McClintock M., Falkner K., Szabo C. and Yarom Y. (2020). Enterprise Security Architecture: Mythology or Methodology?.In Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-423-7, pages 679-689. DOI: 10.5220/0009404406790689


in Bibtex Style

@conference{iceis20,
author={Michelle McClintock and Katrina Falkner and Claudia Szabo and Yuval Yarom},
title={Enterprise Security Architecture: Mythology or Methodology?},
booktitle={Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2020},
pages={679-689},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009404406790689},
isbn={978-989-758-423-7},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Enterprise Security Architecture: Mythology or Methodology?
SN - 978-989-758-423-7
AU - McClintock M.
AU - Falkner K.
AU - Szabo C.
AU - Yarom Y.
PY - 2020
SP - 679
EP - 689
DO - 10.5220/0009404406790689