There are various approaches to Enterprise Security Architecture. The Sherwood Applied Business Security Architecture (SABSA) is considered the main model for Enterprise Security Architecture. SABSA is especially known for its approach to creating risk-driven enterprise information security architectures and solutions that support critical business objectives. Two frameworks that are used for EA are the Zachman Framework and TOGAF. They often influence EISA, and when SABSA is paired with one of these frameworks it is most effective.
Read the following documents:
Shen, Y., Lin, F., & Rohm, T. (2009). A framework for enterprise security architecture and its application in information security incident management (Links to an external site.). Communications of the IIMA, 9(4). Retrieved from http://www.iima.org/index.php?option=com_phocadownload&view=category&download=159%3Aa-framework-for-enterprise-security-architecture-and-its-application-in-information-security-incident-management&id=29%3A2009-volume-9-issue-4&Itemid=68
The Open Group. (2011, October). TOGAF® and SABSA® Integration: How SABSA and TOGAF complement each other to create better architectures [PDF file size 2.2 MB]. Retrieved from http://vanharen.net/Player/eKnowledge/togaf-and-sabsa-integration.pdf
Zachman, J. A. (2003). Excerpts from The Zachman framework for enterprise architecture: Primer for enterprise engineering and manufacturing [PDF file size 83.9 KB]. Retrieved from http://www.businessrulesgroup.org/BRWG_RFI/ZachmanBookRFIextract.pdf
After reading the documents about different frameworks, write a short paper discussing their application to EISA.
What is the Zachman Framework?
How does the security framework fit into the Zachman Framework, according to the authors?
What is The Open Group Architecture Framework (TOGAF)?
Compare/contrast to the Zachman Framework.
Finally, how does SABSA fit into the Zachman Framework? TOGAF?
The paper should be 2 to 3 pages long. Use the American Psychological Association (APA) style (most current edition) for citing all the resources used.