CFP last date
20 January 2025
Reseach Article

Enterprise Architecture Frameworks: A Critique Review from a Security Perspective

by Bandar M. Alshammari
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 174 - Number 5
Year of Publication: 2017
Authors: Bandar M. Alshammari
10.5120/ijca2017915416

Bandar M. Alshammari . Enterprise Architecture Frameworks: A Critique Review from a Security Perspective. International Journal of Computer Applications. 174, 5 ( Sep 2017), 9-15. DOI=10.5120/ijca2017915416

@article{ 10.5120/ijca2017915416,
author = { Bandar M. Alshammari },
title = { Enterprise Architecture Frameworks: A Critique Review from a Security Perspective },
journal = { International Journal of Computer Applications },
issue_date = { Sep 2017 },
volume = { 174 },
number = { 5 },
month = { Sep },
year = { 2017 },
issn = { 0975-8887 },
pages = { 9-15 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume174/number5/28401-2017915416/ },
doi = { 10.5120/ijca2017915416 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:21:19.658663+05:30
%A Bandar M. Alshammari
%T Enterprise Architecture Frameworks: A Critique Review from a Security Perspective
%J International Journal of Computer Applications
%@ 0975-8887
%V 174
%N 5
%P 9-15
%D 2017
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Enterprise Architecture (EA) provides organizations with an effective and efficient technique to manage their information technology (IT) systems. EA allows organizations to align their business needs with the required IT resources. Therefore, several enterprise architecture frameworks have been developed for several purposes depending on the organizations’ objectives. These include achieving their vision in an effective approach and reducing complexity and cost of their systems. These frameworks also aim to make systems collaborate in the most efficient way. However, these EA frameworks pay little attention to endorsing security of the organizations. Specifically, they mostly focus on the organizations business needs and ignore the fact that securing their IT systems is crucial. This will eventually result in making these organizations at a higher risk of security attacks. This paper surveys the most common enterprise architecture frameworks in literature. It illustrates their objectives and the types of organisations deploy them. It also defines the principles that these frameworks aim to follow in order to achieve the organizations mission. The paper also surveys a number of security design principles that are critical for any organization to follow in order to protect it assets. Towards the end of this paper, a critique review of these frameworks and a suggested approach for applying security with regard to certain security design principles at an early stage of development.

References
  1. A. S. Alghamd. Evaluating defensearchitectureframeworksforc4i system using analytic hierarchy process. Journal of Computer Science, 5(12):1075–1081, 2009.
  2. H. Bergh-Hoff, C.-F. Srensen, J. E. Garshol, B. H. M. Jakobsen, G. M. Vangen, r. D. Pettersen, and J. Hansen. ICT Architecture Principles for the Norwegian Higher Education Sector. September 2015. Technical Report.
  3. M. Bishop. Computer Security: Art and Science. 2003. Boston: Addison- Wesley.
  4. R. Covington, H. Jahangir, G. Wright, P. Silverstein, H. Dia, , and B. Rasmussen. The oracle enterprise architecture framework. White Paper Oracle, October 2009. http://www.oracle.com/technetwork/articles/entarch/oeaframework- 133702.pdf.
  5. D. Deighton. Enterprise Architecture Principles. March 2014. Technical Report, https://intranet.birmingham.ac.uk/it/documents/public/architecture/ Enterprise-Architecture-Principles.pdf.
  6. M. Dowd, J. McDonald, and J. Schuh. The art of software security assessment identifying and preventing software vulnerabilities. 2006. Addison Wesley Professional.
  7. M. Howard. Attack surface: Mitigate security risks by minimizing the code you expose to untrusted users, volume 11. 2004.
  8. INFORMATION and C. TECHNOLOGY. Enterprise Architecture Principles. July 2015. Technical Report, http://www.usask.ca/avp-ict/stewardship/EA.
  9. G. McGraw. Software Security: Building Security In. 2006. Upper Saddle River, NJ: Addison-Wesley.
  10. UK Ministry of Defence. Mod architecture framework. December 2012. https://www.gov.uk/guidance/modarchitecture- framework.
  11. US Ministry of Defence. The DoDAF Architecture Framework. August 2010. http://dodcio.defense.gov/Library/DoDArchitecture- Framework/.
  12. The Executive Office of the President of the United States (EOPOTUS). A Common Approach to Federal Enterprise Architecture. May 2012. Technical Report.
  13. CIO Office. WUSTL Enterprise Architecture Principles. 2015. Technical Report, https://cio.wustl.edu/wpcontent/ uploads/2015/05/WUSTL-Enterprise-ITArchitecture- Principles-BYU.pdf.
  14. Queensland Government Chief Information Office. Queensland government enterprise architecture framework 2.0 (QGEA). April 2009. https://www.qgcio.qld.gov.au.
  15. J. H. Saltzer and M. D. Schroeder. The protection of information in operating systems. In in Proceedings of the IEEE, pages 1278–1308, 1975.
  16. R. Sessions. A Comparison of the Top Four Enterprise Architecture Methodologies. May 2007. https://msdn.microsoft.com/en- us/library/bb466232.aspx.
  17. A. Spiessens. Patterns of safe collaboration. 2007. PhD thesis.
  18. P. S. Helen Sun and Sean Xu. Oracle enterprise architecture framework: Information architecture domain. White Paper Oracle, December 2011. http://www.oracle.com/technetwork/topics/entarch/oeainfo- arch- framework-dev-process-513866.pdf.
  19. The Open Group. Togaf version 9.1, 2011. http://pubsopengroup.org/architecture/togaf9-doc/arch/.
  20. J. Viega and G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. 2002. Boston: Addison-Wesley.
  21. J. A. Zachman. A framework for information systems architecture. IBM Systems Journal, 26(3):276, 1987. IBM Publication G321-5298.
Index Terms

Computer Science
Information Sciences

Keywords

Enterprise Architecture Frameworks Enterprise Architecture Principles Security Design Principles Security Metrics