Powerful Analysis Techniques
In the final installment of this blog series, I want to address the domain of risk, security and compliance, an area of increasing importance for architects, process designers and others. As an example, in some previous blogs, I have already outlined the new EU General Data Protection Regulation (GDPR) and its impact. In one of my posts, I used a simple example of data classification and how you can use this to assess your application landscape. But what I showed there did not in effect demonstrate the full power of the analysis techniques we have implemented in Enterprise Studio. Starting with a classification of your data like in the figure below, this classification can be propagated across your entire architecture model, where the meaning of the various elements and relationships is considered to provide a sensible and useful outcome.
A quick assessment to the impact of privacy and security
If an application has access to multiple data objects, the underlying analysis algorithm takes the highest level of classification from these objects as the norm for that application. So, if it uses both high- and medium-confidentiality data, it receives the highest classification. If this and other applications are used in a business process, that process receives the highest classification again; if some business role performs this and other processes, and if an actor perform several roles, the highest level again counts. This even works for the new relationship-to-relationship feature in ArchiMate 3.0, where you can, for example, model what data is associated with a flow between two applications: if these two exchange highly sensitive data, they need to have at least that same security classification.
Using this analysis provides you with fast way to make an initial assessment of the impact of privacy, security and similar issues. It helps CISOs, CROs, Data Protection Officers and others zoom in on high-risk areas, prioritize investments in beefing up security where it is most needed, and address security-by-design, data privacy impact assessments and other demands from regulations like the GDPR.
Try different scenarios to analyze your vulnerabilities
Another and even more advanced example is the risk assessment method we have implemented as part of our enterprise risk and security management functionality. This is based on a combination of standards such as ArchiMate, Open FAIR and SABSA, and is described in a whitepaper by The Open Group and in some previous blogs (1, 2). With this method, you can use your architecture models to analyze what your vulnerabilities are, what the potential impact of internal and external threats could be, and how to mitigate against these. The figure below shows an example of such an analysis.
All the ‘traffic lights’ in this figure are interconnected: For example, if you increase the control strength (CS) of the measures that mitigate against your vulnerabilities, your vulnerability level (Vuln) goes down, the loss event frequency (LEF) also decreases, and consequently your risk goes down. These results can also be presented in a more ‘management-friendly’ way with heatmaps like the ones below.