Falkner, KatrinaSzabo, ClaudiaYarom, YuvalGraham, Michelle Rey2021-11-042021-11-042021https://hdl.handle.net/2440/132936Security is a complex issue for organisations, with its management now a fiduciary responsibility as well as a moral one. Organisational security, such as computer security, human security, access control, risk management etc.; is conducted in separate business units creating a silo effect. A cohesive and holistic approach is required to mitigate the risk of security breaches and parts of the business not monitored by any silo. Without a holistic robust structure, the assets of an organisation are at critical risk. Enterprise architecture (EA) is a strong and reliable structure that has been tested and used effectively for designing, building, and managing organisations globally for at least 30 years. Grouping security with EA promises to leverage the benefits of EA in the security domain. Through a review of existing security frameworks this work evaluates the extent to which they employ EA and determines there is a need for developing a comprehensive solution. This research designs, develops, evaluates and demonstrates a security EA framework for organisations regardless of their industry, budgetary constraints or size. The framework is developed from the Zachman framework 2013 Version 3.0 because it is the most complete, most referenced in our frameworks review, and historically the methodology that is chosen by others to base their frameworks on. The results support the need for a holistic security structure and indicate benefits including reduction of security gaps, improved security investment decisions, clear functional responsibilities and a complete security nomenclature and international security standard compliance among others. This research bridges the gap and changes the way we fundamentally view security in an organisation, from individual silo capabilities to a holistic security eco-system with highly interdependent primitive security models.enInformation systems security policyenterprise architecturedesign science researchgrounded methodbusiness process modellingThesis