Enterprise Architecture and Cyber Defence Ontology


Having not had the opportunity to continue this blog and the theme of using semantics to develop the evidence based enterprise these last few years i am going to begin again with a new area of focus. The focus will be a series of posts and models covering Cyber Defence and Enterprise Architecture, an area i have been working in these last four years. I am going to start with some basic principles to cover what i will exploring:

  • Enterprise Architecture patterns (including conceptual models, building blocks etc) represent the basis for evidence based EA
  • A pattern should have a specification and qualification, at a minimum a metamodel or an ontology to provide that specification and qualification
  • Evidence, broadly construed, is anything presented in support of an assertion. This support may be strong or weak. The strongest type of evidence is that which provides direct proof of the truth of an assertion. (Wikipedia Definition)
  • Evidence should be derived from domains within the organisation through recorded instances and lessons and classified through domain ontologies.
  • EA patterns qualified by ontological models creates an evidential design process

So i am going to use an Enterprise Architecture Ontology, a Cyber Defence Ontology, a Security Ontology and an ITIL Service Management Ontology to provide the qualification and the guidelines for evidence within architectural patterns. So an ontology in the context of an architectural guideline or pattern representation is a specification of conceptualizations (from enterprise architecture and security domains) that constitutes evidence-based architectural practice. The evidence would be drawn from security frameworks or security operations demonstrating where weak or vulnerable architectural solutions have failed to prevent a cyber attack.  For example, an architectural guideline or pattern would define a set of key concepts,  decisions and actions (also concepts), as well as a set of rules (relationships) that relate the evaluation of a security decision criterion to further reasoning steps or to its associated actions. Thus enabling security restrictions or policies to enhance an architectural pattern (through Architectural and Solution Building Blocks) and improve the security aspects of a physical deployment of the future solution.

I have attached to this post a series of high level images of the Ontologies and SKOS models i will be using. The service technology model is an example the integration between the Cyber Defence Ontology, the Enterprise Architecture Ontology and the ITIL Ontology. At a high level it shows the relationships between the controls of the enterprise technology architecture, which defines the product, supplier management with a supporting actor of Security Operations, SOC supplier management and the deployed product used by Security Operations. At a further level of detail the three ontologies are able to show the interfaces between the three distinct business units (Service Management, Security Operations and Enterprise Architecture) thus providing an operating pattern for their interaction, collaboration and in particular the incident and change management processes necessary for in-life support.

Cyber SKOS

ITIL Ontology

Enterprise Architecture Ontology

Srvice Technology Model

Security Framework Ontology

Cyber Defence Ontology Model

Building up evidence


The likelihood of delivering value through enterprise architecture, in my mind, is based on the evidence behind the arguments supporting the decisions made in any architectural change. So what are the ways in which evidence based methods and practices can be developed to work with the task of managing Enterprise Architecture as a function within an organisation.

I will use this blog to explore the various ways to build up appropriate tools and techniques to support evidence based enterprise architecture but first i want to describe a view of the future. A future where an organisation is is using this approach to shape the design and development of their enterprise architecture.

This future organisation already has very mature enterprise content management, metadata management and master data management policies and practices in place. With these foundations in operation the Enterprise Achitecture team are now exploring the potential of semantic technologies to make more use of their knowledge, information and data repositories. By this i mean they are going to use an inferencing engine to drive answers from an EA knowledge base. The asserted model will then be used to create evidence to support multiple decisions in a architectural strategy.

To be able to create specific data or content assertions the inference engine would have to be supported by a detailed federated ontological environment and secondary knowledge bases. An arrangement for this type of environment could include upper ontologies such as Cyc or WolfrumAlpha then specific ontologies such as an enterprise ontology (covering organisation domains) working with an enterprise architecture ontology which would be supported by extension ontologies including an ITIL ontology, SOA ontology, OMG BPMN ontology and OMG Business Motivation Model ontology.

I accept that the above suggestion would be quite a piece of work to do and i am not aware of any organisations attempting such a thing. Leading academic institutions have over the years put out papers covering projects that built an enterprise ontology and i have only come across a few organisations that have attempted it but i am sure this will change over the next few years. The biggest challenge to this is the cost and effort required to build and maintain the knowledge and evidence through knowledge bases and ontologies. Yet, this cost would be nothing compared to the cost of failed strategies.

Knowledge, Evidence and Architecture


I have been looking at the requirements for knowledge building and sharing to advise a major programme. By now i would have thought that there should be enough guidelines for how teams should be doing this but still there seems to be obstacles.

What does a reader want when they are looking for something to help them support or perform the task they are doing? They want assurances that the information they find is going to add value to their task.

My advice to them was to consider preparing a knowledge charter for all participants at all levels of management. In this charter it should set out the rules, roles and responsibilities of how knowledge is created and distributed to all team members. More importantly it should set out clear evidence and references to underpin the facts and figures they use.

Every team member, at some point of their participation, will create information to support a project deliverable. That could be either a word document from a template, a visio model or diagram,  a spreadsheet or powerpoint presentation. The charter must set out ways to use reviews, opinions and feedback to distinguish particular pieces of information that can be defined as project knowledge.

These distinguishing features should be outlined through the document’s metadata and summaries. A reader coming to the document through a search should be able to determine what the document addresses and how useful that document will be to them. A reader will be coming to that document looking for answers to problems, challenges, solutions or advice as well as evidence that the knowledge within the document will be reusable to contribute to the the task they are involved in.

I was asked how this charter could advise on content structure and my first response was to keep document terms to well defined and understood business methodologies to help remove ambiguity. Secondly, to help the reader and their investigations by providing good, old fashioned references to quality sources of information.

All things created should be useful to someone or a group of people at some point in time. The value of that thing (document) as knowledge may be very specific to a particular task or a limited audience at a point in time however, there will be a percentage of that content that will have a lasting value to others. Determining  that value is greatly enhanced if it pertains to frameworks, standards and evidence. Standards and Frameworks such as  ITIL, MSP or TOGAF have a clear structure, terminology and application and are widely recognised and accepted.

Providing supporting evidence may provide the greatest value but it is important to determine the quality of that evidence before making any decision on value. Through this blog i am going to explore the different ways of building up appropriate evidence to support architectural decision making and scenario planning through the structure of a framework and associated systems and standards.