Vulniverse

In this post I will be using Archimate to model some fundamental information security concepts. If you're a solution or enterprise architect and you need to get an understanding of information security and how security concerns can be modelled, I hope you'll find this to be a useful starting point. So let's get straight to it and start modelling some basic information security concepts, starting with threat agents. Unlike some areas, there is a straightforward mapping for us in Archimate with the  Business Actor  entity. A business actor is an active entity defined in Archimate as an "organizational entity that is capable of performing behavior" and may exist outside of our own organisation. Whereas in our normal business layer models we are typically concerned with actors such as customers, sales and back-office staff, in security we need to think in terms of the malicious entities that wish to cause harm to our organisation and its systems. Unlike normal actors