1. Re-using Enterprise Architecture Repositories for Agile Threat Modeling
- Author
-
Per Carlsson, Robert Lagerström, and Wenjun Xiong
- Subjects
business.industry ,Computer science ,Legacy system ,Enterprise architecture ,020206 networking & telecommunications ,020207 software engineering ,02 engineering and technology ,Enterprise modelling ,ArchiMate ,Threat model ,0202 electrical engineering, electronic engineering, information engineering ,Unified threat management ,Architecture ,business ,Software engineering ,Agile software development - Abstract
Digitization has increased exposure and opened up for more cyber threats and attacks. To proactively handle this issue, enterprise modeling needs to include threat management during the design phase that considers antagonists, attack vectors, and damage domains. Agile methods are commonly adopted to efficiently develop and manage software and systems. This paper proposes to use an enterprise architecture repository to analyze not only shipped components but the overall architecture, to improve the traditional designs represented by legacy systems in the situated IT-landscape. It shows how the hidden structure method (with Design Structure Matrices) can be used to evaluate the enterprise architecture, and how it can contribute to agile development. Our case study uses an architectural descriptive language called ArchiMate for architecture modeling and shows how to predict the ripple effect in a damaging domain if an attacker's malicious components are operating within the network.
- Published
- 2019