Tool Support for Enterprise Architecture Analysis with application in cyber security

Abstract: In today’s companies, business processes and information technology areinterwoven. Old and new systems as well as off-the-shelf products and tailoredsolutions are used. This results in heterogeneous, often complex ITlandscapes. The impact of changes and the affected systems are difficult toidentify. However, volatile business environments and changing customer requestsrequire organizations to adapt quickly and to frequently make decisionsabout the modifications of their information technology.IT management aims at generating value from the usage of informationtechnology. One frequently used IT management approach is Enterprise Architecture.Company-wide models are used to obtain a holistic picture. Thesemodels are usually created using Enterprise Architecture modeling tools.These tools frequently have strong documentation capabilities. However, theyoften lack advanced analysis functionality. Specifically, such tools do not offersufficient support for the analysis of system properties, such as cyber security,availability or interoperability. The ability to analyze a set of possible scenariosand predict the properties of the modeled systems would be valuablefor decision-making. Changes or extensions could be evaluated before theirimplementation. In other domains, for example, in architecture in its classicalmeaning or in the development of machines, the analysis of models is a commonpractice. Typically, CAD tools are used to perform analysis and supportdecision-making. It is thereby possible to investigate the stability of buildingsor the performance of engines without the need for empirical testing.The contribution of the research work documented in this thesis is a softwaretool with a particular focus on the analysis of Enterprise Architecturemodels and thereby support for decision-making. This tool combines stateof-the-art Enterprise Architecture tooling with advanced analysis capabilitiesthat, until now, were only offered by modeling tools for other domains. Thepresented tool possesses two components. One component allows the creationof a metamodel capturing Enterprise Architecture analysis theory, for example,relevant concepts in the context of cyber security and how they relateto each other. The other component supports the instantiation of the metamodelinto an Enterprise Architecture model. Once a model is in place, itcan be analyzed with regards to the previously specified theory so that, forinstance, a cyber security evaluation can be conducted.The analysis tool was partly developed within the context of a larger researchproject on cyber security analysis. However, the tool is not restrictedto applications within this field. It can be used for the evaluation of numeroussystem properties. Several authors contributed to the tool both on an implementationlevel and in the development and design of the tool’s features. Theperformed research followed the Design Science methodology. First, the objectivesof a tool for Enterprise Architecture analysis were defined. Next, anartifact was designed and developed in terms of a software tool. This tool wasthen demonstrated and evaluated against the objectives. Lastly, the resultswere communicated to both academic and non-academic audiences.