Enterprise Architecture (EA) and Enterprise Security Architecture (ESA) are viewed as distinct functions with different predominant tools, frameworks and methodologies. ESA is maybe less consistently situated in business hierarchies – is it a part of EA or a more business facing part of security. What separates them and what unites them? If you had to draw a Venn diagram, would they intersect and what would live in that intersection?

In this episode we discuss EA and ESA with Enterprise Architect Elise Luyckx. Have a listen to find out where we found common ground and where these disciplines could learn from each other or collaborate.

If you've studied SABSA to foundation level, you may recall how systemic risk navigates the domain model. If a risk materialises in a domain, the impact it has can act on the superdomain causing a risk event to occur there. Ok, simples right? Well Maurice was recently asked if this effect can occur in the opposite direction, i.e. from a domain to its subdomain. The search for a concrete example or a contradiction started.

In this episode we consider this question which leads to further questions about the nature of hierarchy in the domain model and co-existent parallel domain models – but no quantum entanglement (yet). Have a listen and then join the debate, or if you have the answer put an end to it.

With hindsight, declaring a risk an unknown unknown is often no more than an admission of a lack of foresight, a lack of imagination. How many risks that are actually realised were really inconceivable in advance? Risk identification is a process that is resource constrained, and reasonably so. But with more time, more perspectives, more insights, more intelligence the chances are you'd have identified the risk. Perhaps to do so would have not been cost effective; or you may have decided to limit analysis and not successfully managed an outlier risk. But to declare it an unknown unknown (after the fact) is rejecting an opportunity to learn. Is it not fatalistic to shrug one's shoulders and say "How could I have known"?

In this episode we discuss Unknown Unknowns, along with their bedfellows Known Knowns, Known Unknowns and Unknown Knowns, and their place in the identification and management of business risks.