Integrating Enterprise Architecture into Cybersecurity Risk Management in Higher Education

Abstract

Cybercriminals constantly seek new methods to infiltrate a company's defences, making cybersecurity investments essential. Enterprise architecture (EA) provides a systematic risk detection and mitigation process by emphasising the interdependencies between systems, data, processes, people, and other factors. This paper provides a comprehensive approach, also referred to as a process, based on EA to assist African universities in developing a comprehensive cybersecurity plan. The EA process comprises four pillars: business architecture, data architecture, application architecture, and technology architecture. African universities can develop a comprehensive cybersecurity strategy using an EA approach in cybersecurity to achieve institutional goals and objectives. The potential attack surface comprises isolated EA components and their interconnections.This article comprehensively examines various EA processes such as business, information, application, and technology architecture. These processes are carefully analysed to evaluate the organisational structures and uncover opportunities to enhance security protocols. Additionally, we delve deep into abstract security patterns, seeking to cultivate an environment of trustworthiness within complex systems. Our research findings underscore the significant potential within African higher education institutions. By embracing a model-based approach to risk analysis and mitigation, these institutions can fortify their cybersecurity defences to ensure uninterrupted business operations and enhance overall resilience in the face of evolving security challenges.When we combine EA and information security (ICS), we uncover many vulnerabilities malicious actors might exploit. By embracing a holistic EA-based methodology, institutions can craft and implement robust security protocols to safeguard their components and connections. Leveraging EA, our proposed integrated approach aims to forge a comprehensive cybersecurity risk management strategy tailored to the African higher education sector. This strategy seeks to facilitate the identification of critical elements and their intricate interrelationships, thus formulating an effective defence strategy against potential cyber threats. The synergy promises to elevate cybersecurity practices, ensure uninterrupted business operations, and fortify the continent's resilience.