Biblio

Recent technological advancement demands organizations to have measures in place to manage their Information Technology (IT) systems. Enterprise Architecture Frameworks (EAF) offer companies an efficient technique to manage their IT systems aligning their business requirements with effective solutions. As a result, experts have developed multiple EAF's such as TOGAF, Zachman, MoDAF, DoDAF, SABSA to help organizations to achieve their objectives by reducing the costs and complexity. These frameworks however, concentrate mostly on business needs lacking holistic enterprise-wide security practices, which may cause enterprises to be exposed for significant security risks resulting financial loss. This study focuses on evaluating business capabilities in TOGAF, NIST, COBIT, MoDAF, DoDAF, SABSA, and Zachman, and identify essential security requirements in TOGAF, SABSA and COBIT19 frameworks by comparing their resiliency processes, which helps organization to easily select applicable framework. The study shows that; besides business requirements, EAF need to include precise cybersecurity guidelines aligning EA business strategies. Enterprises now need to focus more on building resilient approach, which is beyond of protection, detection and prevention. Now enterprises should be ready to withstand against the cyber-attacks applying relevant cyber resiliency approach improving the way of dealing with impacts of cybersecurity risks.

Digitization has increased exposure and opened up for more cyber threats and attacks. To proactively handle this issue, enterprise modeling needs to include threat management during the design phase that considers antagonists, attack vectors, and damage domains. Agile methods are commonly adopted to efficiently develop and manage software and systems. This paper proposes to use an enterprise architecture repository to analyze not only shipped components but the overall architecture, to improve the traditional designs represented by legacy systems in the situated IT-landscape. It shows how the hidden structure method (with Design Structure Matrices) can be used to evaluate the enterprise architecture, and how it can contribute to agile development. Our case study uses an architectural descriptive language called ArchiMate for architecture modeling and shows how to predict the ripple effect in a damaging domain if an attacker's malicious components are operating within the network.

Energy Distribution Grids are considered critical infrastructure, hence the Distribution System Operators (DSOs) have developed sophisticated engineering practices to improve their resilience. Over the last years, due to the "Smart Grid" evolution, this infrastructure has become a distributed system where prosumers (the consumers who produce and share surplus energy through the grid) can plug in distributed energy resources (DERs) and manage a bi-directional flow of data and power enabled by an advanced IT and control infrastructure. This introduces new challenges, as the prosumers possess neither the skills nor the knowledge to assess the risk or secure the environment from cyber-threats. We propose a simple and usable approach based on the Reference Model of Information Assurance & Security (RMIAS), to support the prosumers in the selection of cybesecurity measures. The purpose is to reduce the risk of being directly targeted and to establish collective responsibility among prosumers as grid gatekeepers. The framework moves from a simple risk analysis based on security goals to providing guidelines for the users for adoption of adequate security countermeasures. One of the greatest advantages of the approach is that it does not constrain the user to a specific threat model.