ABSTRACT

When a security architect interacts with an enterprise architecture, the work is at a very strategic level. The ATASM process only loosely applies. There isn’t sufficient specificity in an enterprise architecture to develop a threat model. Once the architecture begins to be factored into components, it becomes an alternate, logical, and/or component view. Furthermore, even given a component view of the enterprise, we cannot deal with components at a sufficiently granular level to be able to discover actual, technical attack surfaces, or to specify implementable security controls.