Secure governance in enterprise architecture — Access control perspective

Abstract

Enterprise Architecture (EA) models have proven to be very useful for the management and governance of enterprises. Such EA models are used for analysis and steering purposes, thereby leading to a competitive advantage for the enterprise. However, the management of EA model evolution from an initial (As-is) to an a posterior (To-be) state is a challenging task for EA modelers, due to the huge number and the complex dependencies amongst models. In this paper, we tackle the challenge of a controlled evolution of EA models which seeks to give more control to EA modelers over what the impact of EA evolution means in terms of properties (e.g. security) of the EA. We propose a core knowledge model for representing EA evolution which supports the EA modeler in deciding about the (To-be) model compliance. Our model is based on the three notions of change operation, artifact-to-artifact dependency, and reactive event-condition-action (ECA) rules. We instantiate our approach for the case where security properties must be maintained through EA evolution.