Integrating Enterprise Architecture into Cybersecurity Risk Management in Higher Education




Enterprise architecture, Cybersecurity risk management, Higher education, Integration, Framework


Cybercriminals constantly seek new methods to infiltrate a company's defences, making cybersecurity investments essential. Enterprise architecture (EA) provides a systematic risk detection and mitigation process by emphasising the interdependencies between systems, data, processes, people, and other factors. This paper provides a comprehensive approach, also referred to as a process, based on EA to assist African universities in developing a comprehensive cybersecurity plan. The EA process comprises four pillars: business architecture, data architecture, application architecture, and technology architecture. African universities can develop a comprehensive cybersecurity strategy using an EA approach in cybersecurity to achieve institutional goals and objectives. The potential attack surface comprises isolated EA components and their interconnections.This article comprehensively examines various EA processes such as business, information, application, and technology architecture. These processes are carefully analysed to evaluate the organisational structures and uncover opportunities to enhance security protocols. Additionally, we delve deep into abstract security patterns, seeking to cultivate an environment of trustworthiness within complex systems. Our research findings underscore the significant potential within African higher education institutions. By embracing a model-based approach to risk analysis and mitigation, these institutions can fortify their cybersecurity defences to ensure uninterrupted business operations and enhance overall resilience in the face of evolving security challenges.When we combine EA and information security (ICS), we uncover many vulnerabilities malicious actors might exploit. By embracing a holistic EA-based methodology, institutions can craft and implement robust security protocols to safeguard their components and connections. Leveraging EA, our proposed integrated approach aims to forge a comprehensive cybersecurity risk management strategy tailored to the African higher education sector. This strategy seeks to facilitate the identification of critical elements and their intricate interrelationships, thus formulating an effective defence strategy against potential cyber threats. The synergy promises to elevate cybersecurity practices, ensure uninterrupted business operations, and fortify the continent's resilience.

Author Biographies

Mafika Nkambule, Tshwane University of Technology

Mafika William Nkambule (Mr) is a Ph.D. candidate at Tshwane University of Technology, focusing on Cybersecurity research. Under the guidance of Prof Joey Jansen van Vuuren (PhD), who leads the research at the Computer Science Department, Mafika's work delves into various aspects of cybersecurity, with a particular interest in enterprise architecture.

Prior to pursuing his Ph.D., Mafika has accumulated valuable experience in managing IT departments within Tshwane University of Technology, Unisa, and Telkom SA. His professional background has equipped him with practical insights into cybersecurity challenges across different sectors. Driven by a passion for advancing the field of cybersecurity, Mafika is committed to contributing significantly to both academia and industry through his research endeavors.

Joey Jansen van Vuuren , Tshwane University of Technology

Prof Joey Jansen van Vuuren (PhD) heads the research at the Computer Science Department at Tshwane University of Technology and is the Vice Chair of IFIP (Federation for Information Processing) Working Group 9.10. She is also one of the coordinators of SA for the BRICS Integrated Thematic Group Computer Science and Information Security (ITG-CSIS). Her research focus on cybersecurity, education, government, policy and culture. She was the coordinator of the South African Cybersecurity Centre of Innovation for the Council for Scientific and Industrial Research (CSIR) that initiated several cybersecurity government initiatives in South Africa. The centre also focused on the promotion of research collaboration, cybersecurity education and the exchange of cyber threats. She was also involved in the development of cybercrime strategies for the South African Police Services. Previously as the Research Group Leader for Cyber Defence at CSIR, she gave the strategic research direction for the research conducted for the South African National Defence Force and Government sectors on Cyber Defence. She has spent over 30 years in academia and research, and she has published various journal papers, conference papers, and book chapters on cyber security governance. She has presented on numerous forums, such as national conferences, and also international conferences, some of which she has been invited to as the key note speaker.