Research Article Open Access

Enterprise Architecture Security Assessment Framework (EASAF)

Bandar Mzel Alshammari1
  • 1 Aljouf University, Saudi Arabia

Abstract

Many existing studies have shown that the causes of most of system attacks are not related to coding vulnerabilities that apply to individual systems, issues related to the run-time environment, or the technology in place. In fact, they are caused by issues associated with how systems within organizations are structured. Therefore, it is necessary to examine security with regard to all components that influence the organization’s systems, including data, processes and even employees. The most promising approach to achieving this goal is Enterprise Architecture (EA). The main goal of this project is to develop a framework based on the concepts of well-established EA frameworks such as TOGAF and Zachman and their compositional layers (e.g., application, information and process). This framework will be combined with a data flow analysis of the principles that trace the potential information flow between high- and low-security enterprise components. Therefore, this paper studies various enterprise architecture frameworks and shows how to develop an enterprise architecture framework that considers the organization’s information security from the perspective of information flow. This framework will have various layers, each with a set of security metrics that quantify the organization’s relative security based on the specifications of that layer. The defined framework will be capable of defining Enterprise Architecture security-related principles and metrics. These principles and metrics will eventually be used to define how to develop secure enterprise systems based on the enterprise architecture with regard to security-critical information flow within any given organization. The defined framework will also be capable of providing guidance for information security architects by recognizing certain parts of the organization that are less secure than others.

Journal of Computer Science
Volume 13 No. 10, 2017, 558-571

DOI: https://doi.org/10.3844/jcssp.2017.558.571

Submitted On: 26 July 2017 Published On: 23 October 2017

How to Cite: Alshammari, B. M. (2017). Enterprise Architecture Security Assessment Framework (EASAF). Journal of Computer Science, 13(10), 558-571. https://doi.org/10.3844/jcssp.2017.558.571

  • 4,623 Views
  • 6,066 Downloads
  • 10 Citations

Download

Keywords

  • Enterprise Architecture
  • Security Design Principles
  • Security Metrics
  • Architecture Principles