Enterprise Architecture and Cyber Defence Ontology


Having not had the opportunity to continue this blog and the theme of using semantics to develop the evidence based enterprise these last few years i am going to begin again with a new area of focus. The focus will be a series of posts and models covering Cyber Defence and Enterprise Architecture, an area i have been working in these last four years. I am going to start with some basic principles to cover what i will exploring:

  • Enterprise Architecture patterns (including conceptual models, building blocks etc) represent the basis for evidence based EA
  • A pattern should have a specification and qualification, at a minimum a metamodel or an ontology to provide that specification and qualification
  • Evidence, broadly construed, is anything presented in support of an assertion. This support may be strong or weak. The strongest type of evidence is that which provides direct proof of the truth of an assertion. (Wikipedia Definition)
  • Evidence should be derived from domains within the organisation through recorded instances and lessons and classified through domain ontologies.
  • EA patterns qualified by ontological models creates an evidential design process

So i am going to use an Enterprise Architecture Ontology, a Cyber Defence Ontology, a Security Ontology and an ITIL Service Management Ontology to provide the qualification and the guidelines for evidence within architectural patterns. So an ontology in the context of an architectural guideline or pattern representation is a specification of conceptualizations (from enterprise architecture and security domains) that constitutes evidence-based architectural practice. The evidence would be drawn from security frameworks or security operations demonstrating where weak or vulnerable architectural solutions have failed to prevent a cyber attack.  For example, an architectural guideline or pattern would define a set of key concepts,  decisions and actions (also concepts), as well as a set of rules (relationships) that relate the evaluation of a security decision criterion to further reasoning steps or to its associated actions. Thus enabling security restrictions or policies to enhance an architectural pattern (through Architectural and Solution Building Blocks) and improve the security aspects of a physical deployment of the future solution.

I have attached to this post a series of high level images of the Ontologies and SKOS models i will be using. The service technology model is an example the integration between the Cyber Defence Ontology, the Enterprise Architecture Ontology and the ITIL Ontology. At a high level it shows the relationships between the controls of the enterprise technology architecture, which defines the product, supplier management with a supporting actor of Security Operations, SOC supplier management and the deployed product used by Security Operations. At a further level of detail the three ontologies are able to show the interfaces between the three distinct business units (Service Management, Security Operations and Enterprise Architecture) thus providing an operating pattern for their interaction, collaboration and in particular the incident and change management processes necessary for in-life support.

Cyber SKOS

ITIL Ontology

Enterprise Architecture Ontology

Srvice Technology Model

Security Framework Ontology

Cyber Defence Ontology Model

The role of an enterprise architecture repository – principle 1


Enterprise Architecture Management System
Enterprise Architecture Management System

The Enterprise Architecture Repository is both a means to store all of the artefacts concerning the enterprise architecture and a federated information system linking with other sources of data and c0ntent. This federated environment produces a enterprise architecture management system to support architectural development. There is quite an interesting overview of this on the Aris Community blog.

Along side the standard features of the repository, to hold the information pertaining to the AsIs and ToBe models, is the need for the system to support research development and evidence management. The enterprise architecture is represented by a collection of facts and statements about the enterprise. They are collected in a set of artefacts and are used through the architecture development methodology to build future versions of the enterprise. It is the change from the current state of the enterprise to a new state that evidence is required and applied to support change decisions. The evidence that is used and cited within artefacts it should be stored within the architecture repository. This enables the evidence to analysed and tracked through the lifetime of the decision.

The evidence repository is a subset of the EA repository or federated knowledge base that has defined relationships that link the evidence to the artefact. This can be achieved through simple hyperlinks but a defined approach with specific artefact metadata and unique identifiers would offer a structured relationship. This should also encompass the evidence metadata to provide the attributes to support tracking such as the value, confidence and temporal attributes.

Whilst it is important to store evidence cited within artefacts within the EA repository it is also important to store research and information to act as future evidence. This form of evidence should be built with a formal process and should be collected in line with future views of the organisation. This type of evidence can include horizon scanning of new technologies, customer or user opinions and surveys, planned legislative changes or innovations.

I have made this principle 1 because i consider an enterprise architecture repository a fundamental part of enterprise architecture and building up and storing evidence is a vital part of evidence based enterprise architecture.

Enterprise Ontology – a framework for building and identifying corporate evidence


Role of an enterprise ontology

For an overview of this concept i am going to reference an article written by Dave McComb called The Enterprise Ontology. It offers a good description of an ontology, an Enterprise Ontology as well as some very good reasons as to why an organisation should build one. The article was written in 2006 and i will quote the first paragraph: At the time of this writing almost no enterprises in North America have a formal enterprise ontology.

Yet we believe that within a few years this will become one of the foundational pieces to most information system work within major enterprises.

We are now in 2011 and i am not aware of any publicised stories of any companies in the USA or Europe or the rest of the world for that matter that are able to say they have an enterprise ontology and that it is underpinning the information systems that exist within organisation.

Whilst it is expected that it will take an organisation some time to design, model and build an enterprise ontology the benefits will, if it is managed effectively, bring considerable change to people and value to the information created.

An enterprise ontology provides the enterprise indexing system to define meaning, classification and categorisation for past, current and future information. By providing this it aids evidence and evidence based enterprise architecture by creating a means to “frame” information by specific terms and definitions and thus aid like to like relationships.

If we consider evidence as either proofs or observations derived from a formal or scientific approach as well as opinions and expert statements created from renowned experience and capability; thus that evidence has to be

Building up evidence


The likelihood of delivering value through enterprise architecture, in my mind, is based on the evidence behind the arguments supporting the decisions made in any architectural change. So what are the ways in which evidence based methods and practices can be developed to work with the task of managing Enterprise Architecture as a function within an organisation.

I will use this blog to explore the various ways to build up appropriate tools and techniques to support evidence based enterprise architecture but first i want to describe a view of the future. A future where an organisation is is using this approach to shape the design and development of their enterprise architecture.

This future organisation already has very mature enterprise content management, metadata management and master data management policies and practices in place. With these foundations in operation the Enterprise Achitecture team are now exploring the potential of semantic technologies to make more use of their knowledge, information and data repositories. By this i mean they are going to use an inferencing engine to drive answers from an EA knowledge base. The asserted model will then be used to create evidence to support multiple decisions in a architectural strategy.

To be able to create specific data or content assertions the inference engine would have to be supported by a detailed federated ontological environment and secondary knowledge bases. An arrangement for this type of environment could include upper ontologies such as Cyc or WolfrumAlpha then specific ontologies such as an enterprise ontology (covering organisation domains) working with an enterprise architecture ontology which would be supported by extension ontologies including an ITIL ontology, SOA ontology, OMG BPMN ontology and OMG Business Motivation Model ontology.

I accept that the above suggestion would be quite a piece of work to do and i am not aware of any organisations attempting such a thing. Leading academic institutions have over the years put out papers covering projects that built an enterprise ontology and i have only come across a few organisations that have attempted it but i am sure this will change over the next few years. The biggest challenge to this is the cost and effort required to build and maintain the knowledge and evidence through knowledge bases and ontologies. Yet, this cost would be nothing compared to the cost of failed strategies.