TOGAF TOGAF Security and Risk Architecture

Question 1

How does TOGAF approach security architecture in the ADM?

Accepted Answer

Security concerns are integrated across all ADM phases as a pervasive concern affecting business, data, application, and technology domains

Answer

TOGAF treats security as a pervasive concern that must be addressed across all ADM phases and all four architecture domains (Business, Data, Application, Technology).

Question 2

What is 'Risk Management' in the context of TOGAF Architecture Development?

Accepted Answer

Identifying, classifying, and mitigating risks to the successful development and implementation of the target architecture

Answer

Risk Management in TOGAF involves identifying, classifying, and developing mitigation strategies for risks that could affect the development or implementation of the target architecture.

Question 3

In TOGAF, what is an 'Initial Risk Assessment' conducted during the ADM?

Accepted Answer

An assessment identifying risks to the architecture engagement conducted in Phase A before detailed architecture work begins

Answer

An Initial Risk Assessment in Phase A identifies risks to the architecture engagement, classifying them by impact and probability to determine mitigation approaches.

Question 4

What are 'Architecture Principles' related to security, and where do they come from in TOGAF?

Accepted Answer

Enduring guidelines derived from business principles that guide security architecture decisions throughout the ADM

Answer

Security-related Architecture Principles are enduring guidelines derived from business and IT strategy that constrain and guide security architecture decisions across all ADM phases.

Question 5

How does TOGAF recommend handling 'residual risk' after mitigation strategies are applied?

Accepted Answer

Residual risk is formally accepted and documented with approval from appropriate governance authorities

Answer

TOGAF recommends formally accepting residual risk (risk remaining after mitigation) with documented approval from appropriate governance authorities, creating an audit trail.

TOGAF - The Open Group Architecture Framework Practice Test

TOGAF - The Open Group Architecture Framework Practice Test

TOGAF TOGAF Security and Risk Architecture