Scenario: AGEX Inc.
Please read this scenario prior to answering the question
AGEX is a large, global commodities trading company which has been growing rapidly through a series of
acquisitions.
Each new business is performing well in its markets. However, the lack of integration between headquarters
and the business units has increasingly caused problems in the handling of customer and financial information.
The inability to share information across businesses has resulted in lost opportunities to “leverage the
synergies” that had been intended when the businesses were acquired. At present, each business unit
maintains its own applications. Despite an earlier initiative to install a common application to manage customer,
products, supplier, and inventory information, each business unit has different ways of defining each of these
core elements and has customized the common application to the point where the ability to exchange
information is difficult, costly, and error-prone.
As a result, AGEX has begun implementing a single Enterprise Resource Planning (ERP) system to
consolidate information from several applications that exist across the lines of business. The Corporate Board
is concerned that the new ERP system must be able to manage and safeguard customer information in a
manner that meets or exceeds the legal requirements of the countries in which the company operates. This will
be an increasingly important capability as the company expands its online services offered to clients and trading
partners.
The CIO has formed an Enterprise Architecture department, and one of the primary goals in its charter is to
coordinate efforts between the ERP implementation team and the business unit personnel who will be involved
in the migration process. The CIO has also formed a cross-functional Architecture Review Board to oversee
and govern the architecture.
After reviewing the available alternatives, and based on recommendations from the ERP vendor, AGEX has
selected TOGAF 9 as the basis for its Enterprise Architecture program.
The CIO has endorsed this choice with the full support of top management.
Refer to the AGEX Inc. Scenario
You are serving as the Chief Architect.
You have been asked to recommend the approach to take in the Preliminary Phase to ensure that the
Corporate Board’s concern is addressed.
Based en TOGAF 9, which of the following is the best answer?
A.
You evaluate the implications of the Board’s concern in terms of regulatory and security policy requirements.
You then update the AGEX security policy to reflect the concern, ensuring that this policy is communicated
across the organization.
You allocate a security architecture team to ensure that security considerations are included in ongoing
architecture planning. You then assess the security implications and agreements within the AGEX
businesses and their suppliers.
B.
You evaluate the implications of the Board’s concern in terms of regulatory requirements and their impact
on business goals and objectives. Based on this understanding, you then issue a Request for Architecture
Work to commence an architecture development project to develop a solution that will address the Board’s
concern.
You allocate a security architect to oversee the implementation of the solution in the ERP system that is
being developed.
C.
You start by clarifying the intent that the Board has for raising this concern. This enables you to understand
the implications of the concern in terms of regulatory requirements and the potential impact on current
business goals and objectives.
You propose that a security architect or security architecture team be allocated to develop comprehensive
security architecture.
D.
You evaluate the implications of the Board’s concern by examining the potential impacts on business goals
and objectives. Based on your understanding, you then update the current AGEX security policy to include
an emphasis on the Board’s concern.
In addition, you allocate a security architect to ensure that security considerations are included in the
architecture planning for all domains.