Scenario: Raxlon Inc.
Case Study Title (Case Study):
Raxlon Inc. is a Fortune 500 Company dealing in high value drugs and pharma products. Its annual turnover is
over 120 billion $. It has more than 100,000 employees all over the globe in its R&D, Manufacturing and
Marketing Units.
Raxlon’s CEO, Dr Peter Fowles, is a pharmacology expert and has over 72 patents on various types of drugs
mainly used for treating patients with genetic disorders. Raxlon is now moving into a suite of high end critical
drug products used for Genetic Repair of congenital Diseases like Alzhmeir’s disease and Epilepsy. Rexlon has
a well developed EA practice and in 2009 the EA practice has adopted TOGAF 9 as the primary Framework for
Enterprise Architectural Change Agent.
Dr Fowles’ main concerns are:
Security of the critical data which they have gained over the years after painstaking research. Although Rexlon
had an adequate security system Dr Fowles feels it may not be adequate to deal with the new order of things,
especially with data which is highly confidential and if leaked would have major financial impact on the
Company.
Dr Fowles calls his CIO and explains his position to him and entrusts whim with the responsibly of evaluating
the current security system, operation and governance and determine which are the gaps which need to be
addressed during the fresh architectural work. Assume that a new Security Framework would be used in the
ADM life cycle. To protect Rexlon’s valuable IP.
The CIO apprises the Lead Architect of the sensitive nature of the work he has to complete within the next 2months.
Identify which of the following processes would be most appropriate for the Lead Architect to adopt in this
situation.

A.
Identify the sources of threat, review the relevant security statutes, see how disaster recovery can be
achieved, find who are the actors vis vis the system and design suitable access control mechanisms,
identify critical data and applications and ensure that they are given the highest level of security

B.
First revisit the Preliminary Phase to determine the tailoring of ADM vis a vis Security. Identify any change in
the Principles or additions to be carried out. Engage with all Stakeholders to finalize the Vision. Then in
Business, Information systems and Technology Architectures ensure the Security Frame work adopted to
the ADM addresses all critical security issues. Finally conduct an overall review to assess how effective the
security ecosystem designed is and whether it meets the security level desired

C.
Invoke Preliminary Phase and Vision Phase Identify Sources of threat, review and determine revised
regulatory, security and assumptions, document them get management buy in , develop business continuity
plans especially for critical data operations, assure data, application and technological component security.

D.
Determine who are the people who are hacking into similar organizations, ensure that highly secure
measures are taken when external people enter the R&D and manufacturing locations, ensure that there is
a very strong firewall so that people cannot get illicit entry into the system, periodically check the
effectiveness of the security measures