alternate text alternate text alternate text alternate text


People -- Process -- Business -- Technology
IFEAD is an independent research and information exchange organization working on the future state of Enterprise Architecture.

-About RSS Feeds


Information Exchange Area of the

Institute For Enterprise Architecture Developments


Critical Infrastructures under Attack!?

….about the Cyber Security Architecture of Modern Control Systems in Critical Infrastructures

Organizations within the critical infrastructure sectors provide the essentials of modern life and defend our national security; their services impact national economic security, national public health and safety. Many sector components influence or impact any combination of these critical national concerns.

Cyber security is an integral part of overall critical infrastructure sectors security and governments are addressing the risk as a sector-wide challenge, to minimize the potential impact to both public safety and the economy.
Because the sectors touch so many aspects of how we live our lives and how business is conducted throughout the world, technology, connectivity and information exchange are three of the greatest challenges and essential aspects of company operations and processes in the sectors.

However, the same technologies that make business operations and critical infrastructure processes more efficient can introduce new vulnerabilities. As the world faces increased threats, the critical infrastructure sectors needs to increase its capability to manage exposure to cyber security risk and protect against the threat of unauthorized access to information being used to facilitate or cause a physical attack or disruption in the supply chain.

Key in the critical infrastructure sectors is adoption of a standardized cyber security concepts & architecture, principles and guidelines. Here is an important role for Enterprise Architects as well as security architects familiar with industrial control systems environments.

US National Institute Standards & Technology - Framework for Improving Critical Infrastructure Cybersecurity, 2014

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. Cybersecurity threats exploit the increased complexity and connectivity of critical infrastructure systems, placing the Nation’s security, economy, and public safety and health at risk. Similar to financial and reputational risk, cybersecurity risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organization’s ability to innovate and to gain and maintain customers.

The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across critical infrastructure sectors, providing the detailed guidance for developing individual organizational Profiles. Through use of the Profiles, the Framework will help the organization align its cybersecurity activities with its business requirements, risk tolerances, and resources. The Tiers provide a mechanism for organizations to view and understand the characteristics of their approach to managing cybersecurity risk.

The Framework enables organizations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. The Framework provides organization and structure to today’s multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively in industry today. Moreover, because it references globally recognized standards for cybersecurity, the Framework can also be used by organizations located outside the United States and can serve as a model for international cooperation on strengthening critical infrastructure cybersecurity.

The Framework is not a one-size-fits-all approach to managing cybersecurity risk for critical infrastructure. Organizations will continue to have unique risks – different threats, different vulnerabilities, different risk tolerances – and how they implement the practices in the Framework will vary. Organizations can determine activities that are important to critical service delivery and can prioritize investments to maximize the impact of each dollar spent. Ultimately, the Framework is aimed at reducing and better managing cybersecurity risks.

The Framework is a living document and will continue to be updated and improved as industry provides feedback on implementation. As the Framework is put into practice, lessons learned will be integrated into future versions. This will ensure it is meeting the needs of critical infrastructure owners and operators in a dynamic and challenging environment of new threats, risks, and solutions.

Download the Framework for Improving Critical Infrastructure Cyber Security from the NIST website:

Important Message About our Books

Below you will find all direct links from our books to the Trafford Bookstore.

Enterprise Architecture Good Practices Guide

The Economic Benefits of Enterpise Architecture

How to Survive in the jungle of EA Frameworks

The IFEAD development & research team

Jaap Schekkerman

EA Good Practices Guide

Trafford Publishing, Canada

ISBN: 1-4251-5687-8

by Jaap Schekkerman

A 386 pages; quality trade paperback (softcover); catalogue #07-2553; ISBN 1-4251-5687-8; Price: US$73.12, C$73.12, EUR49.95, £37.75

This Enterprise Architecture Good Practices Guide is based on IFEAD's well known sets of EA guides that are published over the years and enhanced on feedback from users.

About the Book: Enterprise Architecture Good Practices Guide

The purpose of this guide is to provide guidance to organization's in initiating, developing, using, and maintaining their enterprise architecture (EA) practice. This guide offers a set of Enterprise Architecture Good Practices that have proven their benefits to organizations and that addresses an end-to-end process to initiate, implement, and sustain an EA program, and describes the necessary roles and associated responsibilities for a successful EA program.

Enterprise Architecture is a complete expression of the enterprise; a master plan which “acts as a collaboration force” between aspects of business planning such as goals, visions, strategies and governance principles; aspects of business operations such as business terms, organization structures, processes and data; aspects of automation such as information systems and databases; and the enabling technological infrastructure of the business such as computers, operating systems and networks.

While EA frameworks and models provide valuable guidance on the content of enterprise architectures, there is literally no guidance how to successfully manage the process of creating, changing, and using Enterprise Architecture.

This guidance is crucially important. Without it, it is highly unlikely that an organization can successfully produce a complete and enforceable EA for optimizing its business value and mission performance of its systems. For example, effective development of a complete EA needs a corporate commitment with senior management sponsorship. Enterprise Architecture development should be managed as a formal program by an Enterprise Architecture Department that is held accountable for success.

Since that EA facilitates change based upon the changing business environment of the organization, the enterprise architect is the organization’s primary change agent.

Effective implementation requires establishment of business and system compliance with the enterprise architecture, as well as continuous assessment and enforcement of compliance. Waiver of these requirements may occur only after careful, thorough, and documented business case analysis. Without these commitments, responsibilities, and tools, the risk is great that business changes or new systems will not meet organizations business needs, will be incompatible, will perform poorly, and will cost more to develop, integrate, and maintain than is warranted.

For more info about this go to the book webpage.

Download book index here: Book index

For ordering the book directly at the Publisher, go to:

Ordering this guide directly at the website of the Publisher is the easiest and fastest way of getting this guide.

How do you show your executives the value of EA?

The First Enterprise Architecture Book that addresses the issues of the Economic Benefits of Enterprise Architecture; Read more .....and Order Direct

'The Economic Benefits of Enterprise Architecture: How to Quantify and Manage the Economic Value of Enterprise Architecture'

ISBN 1-4120-6729-4

Trafford Publishing, Canada

by Jaap Schekkerman

First Edition;295 pages; Perfect bound; catalogue #05-1640; ISBN 1-4120-6729-4

This book is explaining, how to quantify and manage the economic value of enterprise architecture. Several methods, models and techniques are described to adopt an economic approach when dealing with Enterprise Architecture.

Go to Traffords website of this Book and order this book directly at the Publisher's website, the easiest and cheapest way to do.

Third Renewed and Updated Edition Now Available

Book is expended with an additional 40 pages including the European Interoperability Framework as well as new chapters about EA tool selection & support.

ISBN 1-4120-1607-X

Trafford Publishing, Canada

By Jaap Schekkerman

Book is also available via AMAZON.COM, Barnes &, All-Computer-, etc.

IFEAD in the News
More Information about IFEAD

For more information about 'The Institute For Enterprise Architecture Developments', or information about partnerships with the institute send an e-mail to the secretary:

E-mail: info[AT] [AT]=@

RSS Feed News

Latest Update 11/17/2015

IFEAD EA Boeken / Publicaties
Extended Enterprise Architecture Framework / E2AF & Extended Enterprise Architecture Maturity Model / E2AMM are Service Marks (SM) registered by IFEAD