UNIVERSITI TEKNOLOGI MALAYSIA

FINAL EXAMINATION SEMESTER II, 2012/13

SUBJECT CODE SUBJECT NAME COURSE DURATION DATE VENUE FULL MARK

: MCS 2453 : SECURITY ARC ITECTURE ! MODEL : MC : T"#$ %&$ E'"&

: J()$ 1*+,, 2013 : SEMINAR : 20 &"0#1 ALL, LVL 1 B-%.# N2/"

INSTRUCTION:
1. Plan your answers properly.

This examination paper consists of 2 printed pages INCLUDING this page

GOOD LUCK

You also be able to analyze the relationship of rows that represent the perspective of different players in the process with columns that represent aspects of the process from the given framework.&") F0"&$8%0# <%0 $"-+. )20 &"0#1* .1 S+")4"041 given and propose a simple document for the CEO of the related Healthcare Organization that discusses the details of the owner’s perspective and security & owner perspective point of view..."."0$ I)<%0&"+7.9($1+7%)1: You are given an article that explains the security planning using Zachman framework for enterprise before the final exam.2"0+ III 3 C"1$ S+(45 6($1+7%)1 INSTRUCTION: A)18$0 "-. eferring to the article given title !"he Zachman Framework# the $wner%s Perspective & 'ecurity(# you need to analyse the . You already study the detailed description of the security perspective of all the players of an enterprise or the individual rows of the Zachman Framework.

I)+0%4(.&") F0"&$8%0#.s perspective has 8 different aspects.s world security must not be underestimated.. "his article discussed the ules of the framework and how is it possible to accept the security to be part of the framework without contradicting with ule 71 that says 3 Do Not Add Rows or Columns to the Framewor 3. >ike each perspective of the Zachman Framework..ccording to the Zachman 3= Y3# 3= EN3# 3= O3# 3= AT3# 3 O=3# and 3= ERE3 provides a complete understanding of the sub?ect. 'everal popular frameworks have been used to architect enterprises# such as the +epartment of +efense .ccording to -Zachman 4556. of end product -/nterprise# house# software.rchitecture framework for enterprise architecture0 it is a uni1ue approach to provide a logical understanding of ever increasing size and complexities of information systems. "he Zachman framework is an /nterprise . 2n fact today. .s perspective# represents the viewpoint of the owners of the system.. 2n the given article Zachman Framework 3/nterprise .rchitecture3 was generally described as a whole. the !wner"s #erspecti$e "he second row 3 ow 43 in the Zachman framework depicts the $wner. 2t# the $wner. "hey then focused in the 4 nd ow which discusses the $wner%s Perspective. . "he authors considered the owners are the business people who run the organization. =sually# they provide more details about business specific things. .rchitecture Framework -+o+. "hey kept it 8 ows 9 8 :olumns and emphasize on the need of the security re1uirement for business.+7%) Frameworks help people organize integrated models of their enterprises.rchitecture Framework -F/.# the Federal /nterprise . "he authors discussed the rows and columns that map the perspectives and aspects of an /nterprise respectively.F. <owever# the only way that someone can make security part of the 3/nterprise . "hey made no change to the nature of the framework itself. $wner.rchitecture3 is by making security a supplement to the framework# which does not contradict any rule. "he owners of the business are those who run it.s perspective.# the owners of the system are the recipient -customers# users.F.". .

. "he comprehensive list of these data points provides a standard method for semantic description# narrative or conceptual data model useable for health care delivery. <ere clear distinction between working units are materialized into various departments. "his chart provides a standardized workflow modeling method# or specification which could be a standard for similarly operating care delivery organizations. . 2n the third column 3= O3 the $wner 2dentify and define the roles of individuals participating in health care delivery in an organization. "ypically this is the place where the $wner defines Bwhat activities could occur in what sequenceC 2t is called . Dasically this aspect addresses the human resources within the enterprise by creating an organization chart.. 2n the fourth column 3= AT3 "he owner defines and describes the essential types of information re1uired for operation of a care delivery organization. /ssentially here is where the owner defines the <ealthcare delivery process. "he $wner also defines enterpriseAwide standards in order to have full control over the 1uality of <ealthcare services. 2n the second column 3= EN> the $wner determines the order and timing for the processes of fundamental health care services in a care delivery organization.$rganization :alendar. 2n the fifth column 3 O=3 the $wner 2dentifies and describes the fundamental health care# management and support activities in a care delivery organization. "he owner may provide a standardized activity modeling methodology or a conceptual activity model standardized for organizations which operate in an essentially identical manner. "he owner provides a standard method for 1uantifying the value of individual healthfulness and its contribution to organizations.pplying the Zachman Framework to <ealthcare $rganization each aspect is described as below@ 2n the first column 3= Y3 the $wner identifies and describes the means to 1uantify individual healthfulness and the business ob?ectives of a health care delivery organization. <ere the owner may provide a standardized process modeling methodology or a conceptual process model which could be a standard for a group of similarly functioning care delivery organizations.

2n the last column 3= ERE3 the $wner specifies and describes the layout of health care facilities and their interconnection.". <ere clear distinction between working units are materialized into various departments. = O 2n this aspect the $wner 2dentifies and defines the roles of individuals participating in health care delivery in an organization. "herefore# this affects the access control and the authorization of 3F<..&") F0"&$8%0#. "his leads to the most critical !communication( part of the business. the !wner"s #erspecti$e % &ecurit' Eow that the <ealthcare /nterprise . "he security here should be able to validate these decisions and should properly 1uantify individual healthfulness. "his defines a logical reasoning for business decisions. .rchitecture has been discussed from the $wner. = EN 2n this aspect the $wner determines the order and timing for the processes for fundamental health care services in a care delivery organization.. "his timing is called . <owever# the strength of <ealthcare $rganization is as strong as its structure. <owever# this level of assurance should be able to assess the risk associated with each time line and mitigate those risks in worst cases. 2n some cases there may be no tolerable time delay.s perspective will be produced again but this time with embedded within it. . "he security here is to make sure the <ealthcare services are delivered with tolerable time delay.s Perspective we would like to discuss the same perspective with security as supplement part of it.:ompany :alendar. 2t should also be able to mitigate in case of failures. "hus# the security here is that every department in the <ealthcare organization should have distinct level of access to data."3# the robustness of 3<$F3# and the logistics between <ealthcare departments in 3F</ /3 column. "he $wner must consider various scenarios before defining the layout for the health care facilities and their interconnection. /ach aspect of the $wner. = Y 2n this column the owner identifies and describes the means to 1uantify individual healthfulness and the business ob?ectives of a health care delivery organization.

. "herefore# to handle such scenarios defining access control and authorization on process could assist to modify the process or the se1uence of the process securely and appropriately. . For example# the validation of process of entering the health records of a patient. <owever# based on these categories there should an approach or mechanism to impose these classifications. "herefore# various security services were introduced. For example# these services include but not limited to@ authorization# access-control# nonrepudiation# confidentiality# Integrity# and availability. Highly Sensitive data is only available to few people. "hus# securing the <ealthcare delivery process will guarantee the strengths of the process and will provide a failAsafe measures. 2t also implies physical security of <ealthcare delivery locations# buildings under any conditions. "he nurse# for instance# can be classified as Sensitive and therefore she can view 'ensitive data. 2f the input is faulty# that is to say health record for patient . For example# in the <ealthcare $rganization <ighly 'ensitive data# such as laboratory test# is only available to the patient doctors. $n the other hand# a nurse or doctor. "he security here would means there is no disconnection among <ealthcare $rganization layouts. was mistakenly entered for patient D# it is hard to validate the output from a process. "he doctors need to know these details about their patient in order to provide a proper treat to them. "his includes communication channels and logistics. /ssentially here is where the owner defines the <ealthcare delivery process. = ERE 2n this aspect the $wner specifies and describes the layout of health care facilities and their interconnection. For example# avoiding building facilities to caught up in fire0 provide sufficient source of oxygen to ensure the safety of those with critical situation to be able to survive. "his leads to the most critical !communication( part of the business.= AT "his aspect should classify the <ealthcare data in three levels@ Highly Sensitive# Sensitive# and Public. secretary may only view the personal 2nfo of the patient and his appointments with the doctor hence this data can be classified as Public.s secretary needs not to know about the data in this level. O= 2n this aspect the $wner 2dentifies and describes the fundamental health care# management and support activities in a care delivery organization.

R$<$0$).. Zachman. "he Zachman framework for enterprise architecture@ Primer for enterprise engineering and manufacturing. . Gohn . -4556..$ Zachman# G.