No notes for slide• • • • • Essentially started in 1987 with the publication of in the IBM Systems Journal of an article titled 'A Framework for Information Systems Architecture,' by J.A. Zachman where he laid out both the challenge and the vision of enterprise architectures that would guide the field for the next 20 years U.S. DoD Technical Architecture Framework for Information Management (TAFIM) and was introduced in 1994 which had influenced creation of Clinger-Cohen Act of 1996 which was aimed at improving effectiveness of Govt. IT investments Federal Enterprise Architecture Framework version 1.1 was released in 1999 FEAF renamed to FEA in 2002 TAFIM was retired in 1998 and the work done was turned over to The Open Group who morphed into what is today knows as TOGAF (The Open Group Architecture Framework) • • • First: use Zachman Taxonomy to the fact that every architecture artifact must live in one and only one cell Second: achieve architectural completeness by completing every cell Third: cells in columns should be related to each other. • • Provide structure, coherence and cohesiveness. Must enable business-to-security alignment. Defined top-down beginning with business strategy. Ensure that all models and implementations can be traced back to the business strategy, specific business requirements and key principles. Provide abstraction so that complicating factors, such as geography and technology religion, can be removed and reinstated at different levels of detail only when required. Establish a common 'language' for information security within the organization • From a security architecture point of view, when compared to other security frameworks such as SABSA, NCF has gaps. Among other things, NCF lacks business alignment, traceability and assurance capabilities. For example, the NCF implementation process relies heavily on executives to inform the business about mission priority, risk appetite and budget. This information is critical to the selection of NCF Profiles for an organization. However, business executives are just now starting to engage in conversations about cybersecurity. This is a marked improvement over years past and NCF deserves credit for acting as a catalyst to start those conversations. Executive involvement is a step in the right direction but we still need to help executives and security professionals articulate their organization's security requirements in a way that yields business alignment and leads to successful implementations. Without a good understanding of the business drivers for security and the strategies that go along with them, it is very difficult for security architects to tailor their NCF Profiles effectively in a way that aligns the security technical solutions with the business risk appetite.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2018
Categories |