Enterprise Security Architecture: Mythology Or Methodology?

Security has never been more important. However, without a holistic security structure that secures all assets of an organisation (physical, digital or cognitive), an organisation is at a critical risk. Enterprise architecture (EA) applies engineering design principles and provides a complete structure to design and build an organisation using classification schema and descriptive representations. The grouping of security with EA, through a framework with corresponding security classifications and representations, promises a complete security solution. We evaluate security frameworks and find that grouping security with EA is not new, however current solutions indicate a lack of research process in development, a disjoint focus in either technical or policy / department or project. Thus, there is a need for a holistic solution. We use a Design Science Research methodology to design, develop, and demonstrate a security EA framework that provides an organisation with a complete security solution regardless of industry, budgetary constraints, or size, and survey professionals to critically analyse the framework. The results indicate the need for a complete security structure including benefits in governance, resourcing, functional responsibilities, risk management and compliance.