Explain what is meant by the term “Enterprise Architecture”. What are some considerations when defining the architecture?

Any modelling endeavor requires the minimum requirements of methodologies to be employed. With the various options available we continue to operate at the enterprise at the level of granularity, that is view the architecture at a very abstract level. As shown in the picture in page 233 of the text book. The picture finds to the factor the concepts which was presented previously into parts that suggests systems and process. There have been a differences in trust levels and exposure with the help of separating the internal and external from each other and even distinguish the differences between from cloud services and the internet.

Most of the users of cloud services are likely to be accessed via the internet but some of the cloud services will generally be run by units that have had their security investigated and approved. The whole purpose of doing this is to oppose to traffic originating from uninvestigated entities on the internet. The public internet is commonly perceived and treated as hostile entity until the authority or further information is not circulated. There will be some suspicion but these cloud services have to be trusted sufficiently such that they support business functions and their normalities. Though internet does not have such a trust and for this reason the two abstract areas are viewed as separate clouds, separate assurance levels.

As we all can notice that the aggregated “presentation” function has now two components. The first one is internal presentations and the other one is external presentations. Every individual presentation is represented as a series of separate presentation layer components comprising a larger abstraction. The component architecture articulates the vital of the conceptual view by stating that presentation services are separate functions from the underlying applications. To keep a cleaner representation separate application rectangles connected to separate presentation layers have not been drawn.

This level of application requires trying to separate out each application and its specific presentation would introduce many of the detail and the requirement is hopefully unnecessary to understand what components embrace the architecture. As a replacement for, the architect and, definitely, the security architect can accept some mapping that makes intellect between these two components.

Obviously, at hand we have multiples of each type of application. When revising definite application instances that are individual parts of this component architecture, the very aspect of precisely what links to what will be required. To this level the system architect is very much interested in gross alignments of functions which are to be properly understood in any case when an application is deployed to this frame, every aspects is understand the application components that must get diagrammed in detail. Furthermore, there is to have a convey to application designer to manage the how the application is to be factored so that the particulars of the expected components.

Integration and mechanism are other integral part of the distinct systems. Any system which provides identity services or storage should be internal and also should supports an external copy that can be toughened against exposure. In the same time, the customer supporting and business ratifying applications must be available externally. System architect provides a guide for how to separate the business function that made up any particular system that becomes a part or expresses the enterprise architecture.

Security Architecture and Enterprise Architecture

Security Architecture(SA)

The systematic approach to improve network security and mitigate the existing risk or future risk is the basic definition of security architecture.  Typically, security architecture includes systems, processes and tools in organizational place which will help prevent attacks or mitigate possible risk of exposure to the threatening environments.  Modern organization no matter the sizes have a security architecture. Organizations without security architecture are open to lots of gaps and weakness and viable to possible attack from hackers, malware attacks and threats from various threat agents. Without security architecture cybercriminals will have an easier access to main systems causing various damages.

Security architecture are generalized by some of its main characteristics, which are mentioned below:

1)      Security architecture are confined by its own discrete security methodology.

2)      SA composes its own distinct views and perspectives.

3)      There is non-normative flow of information through systems and among applications.

4)      System architecture acquaint with distinctive, single purpose components in design.

5)      There are unique set of skills and competencies of the enterprise and IT architects.

Throughout the architecture fields and in all phases of the architecture development security concerns are prevalent. The fundamental purpose of system architecture is to protect the value of the systems and information assets of the organization. There are no single purpose components of its own in system architecture but rather it acts as quality of systems in the architecture. There are building blocks, collaboration and interfaces. Security architecture unique elements usually interface with the business systems in a balanced and cost effective way. The whole purpose of this is to maintain the security policies of the organization without interfering with the system operations and functions. This whole process is least costly and most effective to plan and implement security specific functions in system architecture as early as possible in the development cycle to avoid costly retrofit. The approach of the security architect ensures the proper flow of all the application but also the abnormal flows, failure and the possible ways the system application can be interrupted and fail.

The areas of concern for the security architect are:

1)      Authentication

2)      Authorization

3)      Audit

4)      Assurance

5)      Availability

6)      Assets protection

7)      Administration

8)      Risk management

Enterprise Architecture (EA)

Enterprise architecture is a demanding approach which helps organization to understand the importance and describes the structure of an enterprise. A very effective and sustainable enterprise depends on the well managed enterprise architecture. Enterprise architecture is well regarded on three objectives.

1)      A discipline: The way of thinking about the structure of an enterprise.

2)      A process: Process which determines how the architecture are created, how they can be evolve throughout the time and how they are managed.

3)       Sets of work products: A set of products determine the models and diagrams which describe the structure of enterprise.

Adopting enterprise architecture comes with numerous advantages and rational explanation behind such a design approach. Some of these includes

1)      Better agility: Enterprise architecture gives organization a better agility function. EA helps business remain agile by ensuring new developments and without affecting the operations.

2)      Efficient execution of strategy: enterprise architecture helps the various aspects of IT strategy, business needs and technology per requirements of business needs. These strategy helps in achieving the organizational goals and keep their strategy on check.

3)      Effective use of IT resources: enterprise architecture helps laying out the roadmap of existing system, technology and data. The issues and problems can be quickly narrowed down and solved accordingly.

4)      Communication and planning:  Enterprise architecture will help in understanding the issues and prioritize those issues when developing operation plan. Furthermore, enterprise architecture can help manage the change that organization undergoes throughout the span of time. Clarity in responsibilities and skills promote communication between the internal and external stakeholders which ultimately creates the environment viable for prosperity and achievement of goals is easy.

There is large share of interconnection between EA and SA as well as there is big differences in their related fields and how these differences make each of them unique in the security and sustainability of organizational hierarchy which clearly depict in the above discussion.

Risk assessment is the assessment of the potential adverse impacts to organizational operation and assets, or any technological interest arising from the operation and use of information systems or information processed or stored or being transmitted by those systems. Risk are common and its inevitable in most situation or scenario. Organization conduct risk assessment to find out the risk which are so common to the organizations core missions or very core to business functions which affects day to day operations. Assessment of risk can support a wide variety of risk based decision. Activities which are often controlled by higher hierarchy and activities by organizational officials across all three tiers in the risk management building. To understand the whole risk assessment theory, we have to undergo the whole concept of risk.

Risk

A measure of the extent to which an entity is vulnerable by a potential event or occurrence. Risk is usually a function of the adverse impacts which arose if the circumstance occurs or likely to occur. Information risk or security risk are the risk that arise due to the loss of confidentiality, integrity or the availability of information which reflects the adverse impacts of organizational operations.

Threats

A threat is a potential circumstance which could result to adverse impact of organization operation and assets, or loss of information system via potential unauthorized access, destruction or denial of services.

Vulnerabilities

A vulnerability is a weakness or pressure point in an information system or enactment that could be exploited by a threat source. System vulnerabilities can be associated with various function associated with security controls. It is also important to allow for the possibility of emergent vulnerabilities which allows organization to tackle and understand the arising threat. Vulnerabilities are not only identified within the information systems but they can be identified everywhere in the organization and it comes in all ways mostly unexpected ways.

Credible attack vectors

Credible attack vector is a path by which hacker can gain access to a network server or a system. With access of network, attack vendors enable hackers to exploit system vulnerabilities. Common attack vectors include viruses, malware, web pages’ pop ups and social engineering. Attackers which are privileged accounts are the only way to gain access to valuable data. Tools and methods are used to identify the critical importance of attack vectors. Malware attacks happens every day in poor networking and system components. The main purpose of attack vectors is to gain access the personally identifiable information or any information which can be sold or make money out of it.

If an attacker can retrieve the API and libraries, then use these to write an agent, and then get the attacker’s agent installed, how should Digital Diskus protect itself from such an attack? Should the business analytics system provide a method of authentication of valid agents in order to protect against a malicious one? Is the agent a worthy attack surface?

To protect against such an attack, Digital Diskus should implement proper security measures such as authentication and authorization for access to its API and libraries. This would ensure that only authorized agents can access and use these resources. Additionally, Digital Diskus can implement security measures such as code signing or digital certificates to verify the authenticity of an agent and prevent the execution of malicious code.

The agent itself can also be considered a potential attack surface and as such, should be designed with security in mind. This could include implementing proper input validation, using secure coding practices, and implementing logging and monitoring to detect and respond to potential security incidents.

Overall, implementing a combination of secure design and secure deployment practices can help protect Digital Diskus from such attacks and ensure the integrity and security of its business analytics system.