"A system security policy is often perceived as a set of mandatory requirements levied upon the system by an organizational directive or Information System Security Officer (ISSO). To the user, these security requirements may bear little resemblance to his actual working system security policy, which controls data modification and user privileges. In the course of reengineering business processes and information systems, the system modeling activities provide a unique opportunity: This paper presents a methodology for security policy definition using the Zachman information systems architecture as a tool. The system security policy can be extracted from the Zachman framework, providing a technique for reconciling the security policy as defined by directive with the user’s working system security
requirements."
Zachman and Security Policy
Downloaded 15 times
Signup for Thought Leader
Get the latest IT management thought leadership delivered to your mailbox.
Our 100% “NO SPAM” Guarantee
We respect your privacy. We will not share, sell, or otherwise distribute your information to any third party. Period. You have full control over your data and can opt out of communications whenever you choose.
Don’t Miss These Related References:
- Introduction to Zachman and TOGAF Enterprise Architecture Frameworks
- An Overview of the Zachman Enterprise Architecture Framework
- Introduction to Zachman Framework
- A Tutorial on the Zachman Enterprise Architecture (EA) Framework [Presentation]
- Introduction to the Zachman Enterprise Architecture Framework V2