Professional Documents
Culture Documents
4/30/2021 DRAFT 3
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
The Zachman Framework for
Enterprise Architecture
4/30/2021 DRAFT 4
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
4/30/2021 DRAFT 5
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Primitive Models versus
Composite Models
• A primitive model resides only within 1 cell
• A primitive model can exhaustively answer one
of the 6 fundamental interogatives (questions):
What, How, Where, When, Who, Why, for
example:
– What are all of the roles in an enterprise (Who?)
– What are all of the processes in the enterprise
(How?)
• Composite model crosses between columns,
e.g. a Role X Process matrix
4/30/2021 DRAFT 6
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
How do Architecture Frameworks
Help Us with Cyber Security?
• NIST Special Publication 800-39 defines the
role of Risk Executive
– Risk executive is in charge of business continuity
and disaster recovery, among other risks
• To do continuity and DR, an exhaustive list of enterprise
processes is required, i.e. what we populate Zachman
framework column 2 with (How?)
– Risk executive needs a blueprint of the organization
(Enterprise Architecture) to know whether or not to
approve changes
• If you conduct changes without a blueprint, catastrophy is
likely, e.g. building collapses
4/30/2021 DRAFT 7
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Everyone Has Their Own
Specifications
• Zachman rows represent the full range of
specification perspectives
– Executive
– Business Management
– Architect
– Engineer
– Technician
– The Enterprise
• Examples of common cybersecurity
specifications: System Security Plan, Plan of
Actions and Milestores, Accreditation Letter
4/30/2021 DRAFT 8
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
The Goldmine is in Row 2
• Row 2 is the Business Management
perspective
– Business managers control investment
decisions for the enterprise, i.e. the money
• Row 2 models are hierarchies
– All of the primitives are categorized in the
hierarchy
– Closeness in the hierarchy implies similarity
– A deep hierarchy represents a detailed
understanding of each set of primitives
4/30/2021 DRAFT 9
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Frameworks for Row 3
• Row 3 contains models from the Architect’s
perspective
• Architects do not specify every detail, that’s
what engineers do in Row 4
– Architects specify the architecturally significant
constraints, i.e. critical success factors
• Example Row 3 Frameworks
– For defense industry: DODAF, MODAF
– Solution Architectures: TOGAF, IEEE-1471,
ISO/IEC 42010
– Telecomm and Finance: RM-ODP
4/30/2021 DRAFT 10
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Architectural Problem Solving
Patterns
• Business Question Analysis
• Document Mining
• Hierarchy Formation
• Enterprise Workshop
• Nominal Group Technique
• Minipatterns for Problem Solving
Meetings
4/30/2021 DRAFT 11
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Business Question Analysis
4/30/2021 DRAFT 12
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Document Mining
• Extracts primitives from enterprise
documentation, i.e. populates row 1
• Document mining can be exhaustive, i.e.
capture all the primitive entities in a column
• Document Mining is preferable to
interviewing because:
– Documents usually represent a consensus
of two or more people
– 1:1 interviews represent only 1 opinion on a
certain day in a certain life
4/30/2021 DRAFT 13
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Hierarchy Formation
• Hierarchy formation populates row 2 of
the Zachman Framework
• A hierarchy is created using a cards on
the wall exercise, group discussion
– Non-experts can perform this task
– Experts are used in an Enterprise Workshop
to confirm and perfect the results
• Hierarchies help us understand the
primitives and find commonality
4/30/2021 DRAFT 14
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Enterprise Workshop
• Document Mining and Hierarchy
Formation can be conducted by non-expert
teams
– The non-experts draft a 70% solution,
imperfect, but much better than a blank page
• Business owners and experts are called
into the Enterprise Workshop to take the
70% solution to 100%, in terms of accuracy
and completeness
4/30/2021 DRAFT 15
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Nominal Group Technique
• NGT is a classic idea creation technique, e.g. a
powerful form of brainstorming
– It very quickly generates results without substantial time
wasted in discussing digressions
• NGT involves:
– Silent writing – to formulate ideas quickly in a large group
working in parallel
– Group notes – recording of the ideas on a flip chart so that
everyone can be a heads-up active participant
– Group definitions – information sharing to define the ideas
– Straw poll – prioritizing the ideas by casting multiple informal
votes
4/30/2021 DRAFT 16
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
Minipatterns for Problem
Solving Meetings
• Get Organized
• Breakouts
• Flipcharts
• Time Management
• Groundrules
• Idea Parking Lot
• Other Problem Solving Catalogs
4/30/2021 DRAFT 17
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
REFERENCES
4/30/2021 DRAFT 18
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions