The Open Group Library

  • Home /
  • Editors' Picks /
  • Integrating Risk and Security within a TOGAF® Enterprise Architecture

Integrating Risk and Security within a TOGAF® Enterprise Architecture

Integrating Risk and Security within a TOGAF® Enterprise Architecture
Integrating Risk and Security within a TOGAF® Enterprise Architecture

Reference: G152

$0.00

1 Review(s) | Add Your Review

Availability: Available to download

This document is The Open Group Guide addressing how to integrate considerations of security and risk into an Enterprise Architecture.
$0.00
Description

Details

This document is The Open Group Guide addressing how to integrate considerations of security and risk into an Enterprise Architecture. It provides guidance for security practitioners and Enterprise Architects who need to work with the TOGAF® standard, a standard of The Open Group, to develop an Enterprise Architecture.

This Guide was revised in March 2019 to update references to the TOGAF Standard, Version 9.2.

Additional Information

Additional Information

Reference G152
Author(s) The Open Group Security Forum, in collaboration with The SABSA® Institute
US ISBN 1-937218-66-9
Published 1 Apr 2019
Pages 42
Type Guides
Subject Security
Standards Information

Standards Information Base

Common Name TOGAF Security & Risk
Status Adopted
Service Category Software Engineering Services
Service Architecture
Type The Open Group Guide
Reviews

Customer Reviews 1 item(s)

A perfect paper for 20th century enterprise security architects
The content is very conventional. I think without the content of this text, architects could also think that security is a transverse concern starting from the preliminary phase until the requirements management. This is hopefully not new.

This paper is considering security just like purchasing or any other function that may be embedded within the enterprise with a specific vocabulary.

1- If we consider that the Enterprise is comprised of multiple functions with some overlapping activities that inter-operate to create value, then some emerging threats and behaviors are expected. The Enterprise's attack surface may not be identifiable from a top-down description approach.

2- Unfortunately, this paper failed to treat security as a system of systems resilience problem. Especially for Corporates, APTs cannot be addressed with this traditional risk management practices effectively. See NIST SP800-160 Nov19 or CERT-RMM

3- Perhaps less important but it is sad that supply chain is not, not even once, mentioned in this paper. We all know that supply chain is a core area of any Enterprise of the 21st century.Thus, it is a core security concern area.
Quality
Review by Emre Salmanoglu / (Posted on 16/12/2019)
About
Quick Links
Account
More
© The Open Group