Part One – Integration of Security & Risk in a TOGAF Enterprise Architecture

No ratings

Presented at COSAC 2015 by

Pascal Koning

A mainstream framework for enterprise architecture is TOGAF. Surprisingly, this successful framework does not consider information security. At current, the Security Forum of The Open Group runs a project that aims to support the integration of security and risk in the TOGAF standard for Enterprise Architecture. The project is inspired by the business-driven approach of SABSA. In this presentation, the foundation work is explained that has been developed in the past three years. It contains the core security and risk concepts from Information Security Management (ISM) and Enterprise Risk Management (ERM) and relates them to the TOGAF framework. This approach is holistic, risk-integrated and security-integrated. No check-in-the-box mentality here. The items discussed will give direction to thoughts about future developments of the TOGAF standard and provide guidance for security practitioners who need to work in a TOGAF 9 environment. It will also provide a glossary of security concepts that serves as a basis for future practitioner guidance.