Please use this identifier to cite or link to this item: https://hdl.handle.net/2440/132936
Type: Thesis
Title: Enterprise security architecture - mythology or methodology?
Author: Graham, Michelle Rey
Issue Date: 2021
School/Discipline: School of Computer Science
Abstract: Security is a complex issue for organisations, with its management now a fiduciary responsibility as well as a moral one. Organisational security, such as computer security, human security, access control, risk management etc.; is conducted in separate business units creating a silo effect. A cohesive and holistic approach is required to mitigate the risk of security breaches and parts of the business not monitored by any silo. Without a holistic robust structure, the assets of an organisation are at critical risk. Enterprise architecture (EA) is a strong and reliable structure that has been tested and used effectively for designing, building, and managing organisations globally for at least 30 years. Grouping security with EA promises to leverage the benefits of EA in the security domain. Through a review of existing security frameworks this work evaluates the extent to which they employ EA and determines there is a need for developing a comprehensive solution. This research designs, develops, evaluates and demonstrates a security EA framework for organisations regardless of their industry, budgetary constraints or size. The framework is developed from the Zachman framework 2013 Version 3.0 because it is the most complete, most referenced in our frameworks review, and historically the methodology that is chosen by others to base their frameworks on. The results support the need for a holistic security structure and indicate benefits including reduction of security gaps, improved security investment decisions, clear functional responsibilities and a complete security nomenclature and international security standard compliance among others. This research bridges the gap and changes the way we fundamentally view security in an organisation, from individual silo capabilities to a holistic security eco-system with highly interdependent primitive security models.
Advisor: Falkner, Katrina
Szabo, Claudia
Yarom, Yuval
Dissertation Note: Thesis (Ph.D.) -- University of Adelaide, School of Computer Science, 2021
Keywords: Information systems security policy
enterprise architecture
design science research
grounded method
business process modelling
Provenance: This electronic version is made publicly available by the University of Adelaide in accordance with its open access policy for student theses. Copyright in this thesis remains with the author. This thesis may incorporate third party material which has been used by the author pursuant to Fair Dealing exceptions. If you are the owner of any included third party copyright material you wish to be removed from this electronic version, please complete the take down form located at: http://www.adelaide.edu.au/legals
Appears in Collections:Research Theses

Files in This Item:
File Description SizeFormat 
Graham2021_PhD.pdf6.5 MBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.