Integrated architecture framework and security risk management for complex systems

The systems that are of interest in this paper are defence information systems that have links to networks that can be at the same or different levels of security to the system being designed or modified. This is what has the potential to give rise to major information security vulnerabilities. These systems require end-to-end Information Assurance (IA) solutions in their design, development, operation and throughlife support. As such we need to tackle the problems of design, assurance and implementation of these complex systems in a standards-based and coherent manner. This need has led us to a method of combining the MOD Architecture Framework (MODAF) with Information Assurance (IA) Architectural Patterns and the IA Risk Management information document set to provide a coherent structure that will allow risk to be understood holistically and therefore mitigated more effectively. This is achieved through linkage to the Information System Architecture (expressed in the MODAF set of architectural views). An integrated solution enables a parallel but linked security assessment and architectural design by means of a framework that captures common information in terms of assets and can through these assets directly influence the assessment and the design.