Module 5: Enterprise

Security Using Zachman

Framework
Lecture Materials for the John Wiley & Sons book:
Cyber Security: Managing Networks, Conducting
Tests, and Investigating Intrusions

April 30, 2021 DRAFT 1

 What is Security Architecture?
Why Do We Need It?
• Architecture is the design of a complex structure that
enable change and reuse
– An office building blueprint
– Peoplesoft solution architecture
– An enterprise architecture
• Enterprise architecture is the architecture of an
enterprise, e.g.
– The Ohio State University
– The State Department
• The goal of strategy and enterprise architecture is
enterprise agility, i.e. what’s needed for competitiveness
and success
4/30/2021 DRAFT 2
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Enterprises are Very Complex
and Changing
• Imagine a complex building: The US Capitol
– Its blueprints capture bricks, mortar, plumbing, electrical,
HVAC
• Imagine an enterprise, such as the US Congress
– Its enterprise architecture includes the building blueprints…
plus:
– The people, the furniture, the computers, electronics, and
constant change
• Incorporating cybersecurity requirements in the
enterprise change process
– assures that changes result in secure systems and a secure
enterprise

4/30/2021 DRAFT 3
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 The Zachman Framework for
Enterprise Architecture

• Periodic Table of Enterprise Architecture

• Invented by John A. Zachman in mid
1980s
• Utilized by over 3000 large enterprises to
gain self understanding and agility

4/30/2021 DRAFT 4
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 4/30/2021 DRAFT 5
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Primitive Models versus
Composite Models
• A primitive model resides only within 1 cell
• A primitive model can exhaustively answer one
of the 6 fundamental interogatives (questions):
What, How, Where, When, Who, Why, for
example:
– What are all of the roles in an enterprise (Who?)
– What are all of the processes in the enterprise
(How?)
• Composite model crosses between columns,
e.g. a Role X Process matrix
4/30/2021 DRAFT 6
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 How do Architecture Frameworks
Help Us with Cyber Security?
• NIST Special Publication 800-39 defines the
role of Risk Executive
– Risk executive is in charge of business continuity
and disaster recovery, among other risks
• To do continuity and DR, an exhaustive list of enterprise
processes is required, i.e. what we populate Zachman
framework column 2 with (How?)
– Risk executive needs a blueprint of the organization
(Enterprise Architecture) to know whether or not to
approve changes
• If you conduct changes without a blueprint, catastrophy is
likely, e.g. building collapses

4/30/2021 DRAFT 7
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Everyone Has Their Own
Specifications
• Zachman rows represent the full range of
specification perspectives
– Executive
– Business Management
– Architect
– Engineer
– Technician
– The Enterprise
• Examples of common cybersecurity
specifications: System Security Plan, Plan of
Actions and Milestores, Accreditation Letter
4/30/2021 DRAFT 8
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 The Goldmine is in Row 2
• Row 2 is the Business Management
perspective
– Business managers control investment
decisions for the enterprise, i.e. the money
• Row 2 models are hierarchies
– All of the primitives are categorized in the
hierarchy
– Closeness in the hierarchy implies similarity
– A deep hierarchy represents a detailed
understanding of each set of primitives
4/30/2021 DRAFT 9
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Frameworks for Row 3
• Row 3 contains models from the Architect’s
perspective
• Architects do not specify every detail, that’s
what engineers do in Row 4
– Architects specify the architecturally significant
constraints, i.e. critical success factors
• Example Row 3 Frameworks
– For defense industry: DODAF, MODAF
– Solution Architectures: TOGAF, IEEE-1471,
ISO/IEC 42010
– Telecomm and Finance: RM-ODP
4/30/2021 DRAFT 10
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Architectural Problem Solving
Patterns
• Business Question Analysis
• Document Mining
• Hierarchy Formation
• Enterprise Workshop
• Nominal Group Technique
• Minipatterns for Problem Solving
Meetings

4/30/2021 DRAFT 11
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Business Question Analysis

• Determines the appropriate metamodel for an

enterprise architecture
– “Metamodel” means what kinds of entities and
relationships will we model
• Starts with questions from business owners
– Proceeds with selection of primitives (columns)
from the Zachman Framework
– The business questions drive the relationships that
will be modeled, i.e. using matrices across columns

4/30/2021 DRAFT 12
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Document Mining
• Extracts primitives from enterprise
documentation, i.e. populates row 1
• Document mining can be exhaustive, i.e.
capture all the primitive entities in a column
• Document Mining is preferable to
interviewing because:
– Documents usually represent a consensus
of two or more people
– 1:1 interviews represent only 1 opinion on a
certain day in a certain life
4/30/2021 DRAFT 13
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Hierarchy Formation
• Hierarchy formation populates row 2 of
the Zachman Framework
• A hierarchy is created using a cards on
the wall exercise, group discussion
– Non-experts can perform this task
– Experts are used in an Enterprise Workshop
to confirm and perfect the results
• Hierarchies help us understand the
primitives and find commonality
4/30/2021 DRAFT 14
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Enterprise Workshop
• Document Mining and Hierarchy
Formation can be conducted by non-expert
teams
– The non-experts draft a 70% solution,
imperfect, but much better than a blank page
• Business owners and experts are called
into the Enterprise Workshop to take the
70% solution to 100%, in terms of accuracy
and completeness
4/30/2021 DRAFT 15
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Nominal Group Technique
• NGT is a classic idea creation technique, e.g. a
powerful form of brainstorming
– It very quickly generates results without substantial time
wasted in discussing digressions
• NGT involves:
– Silent writing – to formulate ideas quickly in a large group
working in parallel
– Group notes – recording of the ideas on a flip chart so that
everyone can be a heads-up active participant
– Group definitions – information sharing to define the ideas
– Straw poll – prioritizing the ideas by casting multiple informal
votes

4/30/2021 DRAFT 16
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 Minipatterns for Problem
Solving Meetings
• Get Organized
• Breakouts
• Flipcharts
• Time Management
• Groundrules
• Idea Parking Lot
• Other Problem Solving Catalogs

4/30/2021 DRAFT 17
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions
 REFERENCES

• 1. William Stallings, ―Cryptography and

Network Security Principles and Practice‖,
Pearson Education Inc., 6th Edition, 2014,
ISBN: 978-93-325- 1877-3.
• 2. Thomas J. Mowbray, ―Cyber Security
– Managing Systems, Conducting Testing,
and Investigating Intrusions‖, John Wiley &
Sons, Inc.,2014

4/30/2021 DRAFT 18
Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions