Telling stories is one of the best ways to get your ideas across, especially when your audience is not technical. Therefore, as an architect, you might want to communicate in a way that can be easily understood by others.
TOGAF, for example, encourages enterprise architects to develop Business Scenarios. But what if you want to represent your concepts visually? The solution might lie in using a modelling language that meets this requirement.
ArchiMate is an open standard for such a language that supports enterprise architects in the documenting and analysing of architecture. Full alignment with aforementioned TOGAF is an added bonus.
The ArchiMate mimics constructs of the English language i.e. it has a subject, an object and a verb that refer to active, passive and behavior (action) aspects respectively. It employs these constructs to model business architecture.
To illustrate this, let’s model a specific business process using ArchiMate. Similarly to the example described in one of the whitepapers, let’s consider a stock trader registering an order on the exchange as part of the overall Place Order process.
Thinking back to the English language parallel, what does this sentence tell us? In other words, who is doing what to what?
In this scenario, a Trader (subject) places (verb) the order (object).
The diagram below illustrates how this might look like when modelled in ArchiMate.
‘Trader’, being an active element is modelled as Business Role, ‘Place Order’ as a behavior (action) element is represented as Business Process and the passive ‘Order’ itself is modelled as Business Object.
The relationship between elements carry meaning in ArchiMate too. In our example, Assign relation is used to model the ‘Trader’ performing the ‘Place Order’ action. Contrary, the interaction between ‘Place Order’ and ‘Order’ is modelled using Access relation to illustrate that the the Business Process creates the Business Object.
To put all of this into practice, you can use the Archi modelling toolkit. It’s free, open-source and support multiple platforms.
In fact, I used it to illustrate the scenario above, but it can do much more. For example, I talk about modelling SABSA architecture using ArchiMate in my other blog.
Career paths for security professionals typically depend on the industry. For a consultancy company, for example, it might be the same progression across all the departments, but for an end-user organisation it usually follows the path, outlined in the figure below.
Certifications for security professionals
Certified Information Security Professional CISSP (www.isc2.org)
CISSP® certification is a globally recognized standard of achievement that confirms an individual’s knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments.
Certified Information Security Manager CISM (www.isaca.org)
The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security. It demonstrates your information security management expertise.
Certified Information Systems Auditor CISA (www.isaca.org)
The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to manage vulnerabilities, ensure compliance and institute controls within the enterprise.
There are also more specific certifications for penetration testing (e.g. Offensive Security, CEH), project management (PMP, PRINCE2), IT service management (ITIL) or architecture (TOGAF, ISSAP). Technical security skills can also be developed through SANS Institute