Integrating Risk and Security w ithin a TOGAF® Enterprise Architecture

Contents......Page 3
Preface......Page 5
Trademarks......Page 7
Acknowledgements......Page 8
Referenced Documents......Page 9
1 Introduction......Page 11
1.2 What about Risk Management?......Page 12
1.3 Where is the Controls Checklist?......Page 13
2.3 National Cybersecurity Frameworks......Page 15
2.7 Open FAIR......Page 16
2.8 SABSA®......Page 17
3 Enterprise Security Architecture......Page 18
3.1.1 Definition of Risk......Page 19
3.1.2 Core Concepts for Enterprise Risk Management......Page 21
3.2.1 Security......Page 22
3.2.3 Core Concepts for Information Security Management......Page 23
3.2.4 Operational Security Processes......Page 25
4 Security as a Cross-Cutting Concern......Page 26
5.1.2 Security Principles......Page 27
5.1.5 Security Resource Plan......Page 28
5.2 Phase A: Architecture Vision......Page 29
5.3.2 Security Domain Model......Page 30
5.3.4 Risk Assessment......Page 31
5.3.7 Applicable Control Framework Register......Page 32
5.4.2 Security Classification......Page 33
5.5 Phase D: Technology Architecture......Page 34
5.7 Phase F: Migration Planning......Page 35
5.9 Phase H: Architecture Change Management......Page 36
5.10.1 Business Attribute Profile......Page 37
5.10.2 Control Objectives/Security Objectives......Page 39
5.12 Use of the ArchiMate® Modeling Language......Page 40
Acronyms......Page 42
Index......Page 43