0      0

(ISC)2 Security Congress 2022

SC2255 - Modeling Security Architectures with ArchiMate 3.1

Oct 11, 2022 11:45am ‐ Oct 11, 2022 12:45pm


This presentation introduces the concept of modeling security architectures using ArchiMate 3.1. ArchiMate is the only modeling language designed to describe enterprise architectures. It can be extended to specific model security concepts, such as vulnerabilities, threats, threat vectors, risk and risk mitigations, and other concepts that describe the security of an organization. ArchiMate can be use to model the business architecture as well as the technical architecture. The, risks, threats, vulnerabilities, controls, etc., may be added to the models to formally capture how security will be layered onto the business to protect the organization's business-critical assets.

Learning Objectives:
  • Demonstrate how to model their security threats, vulnerabilities and mitigating controls using the ArchiMate modeling language.
  • Demonstrate how their security measures and controls will reduce the attack surfaces of their IT systems.
  • Leverage ArchiMate to create a reusable repository of security architecture patterns for use in updating existing and designing new IT systems.


  • Mr. Les Hardin, MBA, CISSP-ISSAP, CCSP, ArchiMate® 3 Practitioner, Director, Technology Advancement, Gentiva Health Services (formerly, Humana's Hospice Division)

You must be logged in and own this session in order to post comments.