The Zachman Architecture Framework is often used to set up an enterprise security architecture. Which of the following does not correctly describe the Zachman Framework?
A.
A two-dimensional model that uses communication interrogatives intersecting with different levels
B.
A security-oriented model that gives instructions in a modular fashion
C.
Used to build a robust enterprise architecture versus a technical security architecture
D.
Uses six perspectives to describe a holistic information infrastructure
Explanation:
B: The Zachman Framework is not security oriented, but it is a good template to work with to build an enterprise security architecture because it gives direction on
how to understand the enterprise in a modular fashion. This framework is structured and formal and is used as a tool to understand any type of enterprise from many
different angles. The Zachman Framework was developed in the 1980s by John Zachman and is based on the principles of classical architecture that contains rules that
govern an ordered set of relationships.
A is incorrect because the Zachman Framework is a two-dimensional model that addresses the what, how, where, who, when and why from six different
perspectives: the planner or visionary, the owner, the architect, the designer, the builder, and the working system. Together, this information gives a holistic view of the
enterprise.
C is incorrect because the Zachman Framework is used to create a robust enterprise architecture, not a security architecture, technical or not. The framework is not
security specific. Almost all robust enterprise security architectures work with the structure provided by the Zachman Framework in one way or another. When we talk
about a robust security architecture, we are talking about one that deals with many components throughout the organizationnot just a network and the systems within
that network.
D is incorrect because the Zachman Framework uses six perspectives to build a holistic view of the enterprise. Those perspectives are the planner or visionary,
owner, architect, designer, builder, and the working system. Those using the framework address what, how, where, who, when, and why as they relate to each of these
perspectives. This is to ensure that regardless of the order in which they are put in place, components of the enterprise are organized and relationships are clearly
defined so that they create a complete system. The framework does not just specify an information infrastructure.