TOGAF® 9.2 Level 2 Scenario Strategies Wonder Guide Volume 2 – 2023 Enhanced Edition: TOGAF® 9.2 Wonder Guide Series, #5

By Ramki

This Book, to be read after Volume 1 of Scenario Strategies Book, brings your focus unitedly into the Strategic Approach that you should take while preparing for the Level 2 Examination. The questions are incidental, but we want to emphasize that this is not yet another Question and Answer Book. This is a Book that takes you through techniques, strategies, approaches and so on; these are important.

 

Prepares you in facing the tough guy the easier way

 

Invaluable tips towards the way to scan through the question scenario, the focus points therein and through the four answer choices. How to speedily eliminate the not-so-accurate answers. There could be contention between the best and next best answer – how to deal with it. Finally leads your mindset to be set into a strategic approach even when a different question appears in the Exam.

 

Being an Open Book Exam, dilemma as to how to narrow down the chapter and area of the book to refer to during the very short duration of the Exam will arise. But not so after you go through various portions of this book. .

• Language: English
• Publisher: Ramki
• Release date: May 14, 2023
• ISBN: 9798223516729

Ramki

Author :   Ramakrishnan N  (Ramki)   Near 50 years of experience in Software Architecture, Enterprise Architecture Design (UML, others) and Patterns (GOF, Microservices and many more), SOA to Microservices to Cloud Native and few State-of-Art technologies.    Consultant and High-end Trainer to many prestigious International Enterprises   Certified in TOGAF 9 and TOGAF 10   Based at Bangalore, India.       Reachable through : mramkiz@gmail.com

Book preview

SQ 201 : Preliminary Phase

There is an understandable feeling among TOGAF® practitioners that while Business, Data & Application and Technology (Infrastructure) Architectures do find dedicated Phases of ADM, there is none of that nature for Security Architecture. TOGAF® considers Security to be a cross-segment and cross-domain area. You can expect Security related questions anywhere in TOGAF® and in any Phase, One such question follows.

The scenario narrative and answer choices, as appearing in a typical Level 2 Exam are :

A large, global company involved with wide eCommerce and a traditional Store-Commerce is now integrating all Supply Chain systems through a Cloud based ERP system offered by a prominent vendor. In this architectural initiative, a large number of discrete applications are to be integrated with the new ERP system and a few smaller and legacy ERP systems in various Stores in of the Enterprise are to be migrated to the new system.

The concerns as obtained from various Top rung management Executives pointed to a overall pain points of lesser degree of safeguard of data in the way it is witnessed with the existing systems. Due to this it is expected that the Request of Architecture Work mentions the special need to bring in adequate data privacy as demanded by different countries where the store and supply systems of the Enterprise exist and operate. Rest of security concerns will revolve around this.

When the Enterprise Architecture department interacted with the Sponsor of this initiative, who is the CIO, it was agreed during the Preliminary Phase work of ADM that the goal to be set in will include smoother coordination between the new ERP vendor, vendors of legacy ERP system to be migrated and the Business people involved with various stages of the Supply Chain. The checkpoint in this driver is to move towards such a goal and to produce architectural outputs all along the ADM in a way that the Architecture Governance Board is appraised of the milestones of work stages.

You are serving as the Chief Architect. You have been asked to recommend the approach to take in the Preliminary Phase to ensure that the concern is addressed and progress in that connection is periodically reported to the Architecture Governance Board.

Based on TOGAF® 9, which of the following will be the best answer ?

We will have to carry out a study and come out with an assessment regarding the requirements pertaining to regulatory and security policy. We can then update the security policy of the Enterprise based on the assessment and its recommendations. This will result in a dedicated security architecture team being established. Hereafter this team will have to carry out the rest of ADM tasks to arrive at ABBs and SBBs which address the security considerations including the data privacy issues. This specialist team will work with rest of the EA team while the integration solution is architectured.

We look into general concerns raised by the Board and focus on issues such as regulatory stipulations and their possible impact on the goals and objectives set. The subsequent releasing of the Statement of Architecture Work in this Phase will be based on these concerns. The statement issued will recommend for appointment of a dedicated Security Architect.

We look at the real intention behind the concerns. We recognize issues such as regulatory stipulations and their possible impact on the goals and objectives set. Hence we propose for the appointment of a dedicated Security Architect.

We look into general and security concerns raised by the Board and focus on issues such as regulatory stipulations and their possible impact on the goals and objectives set. We now get into the step of updating the existing security policy such that the concerns expressed are reflected through specific principles and supporting policies. We also allocate a Security Architect and a team around this role to ensure that security considerations are included in the architecture planning for all domain work that will follow in B D A T segments.

Proceeding to tackle the question and getting full five marks:

As you read the question, note the following points :

Issues in focus : It is a strategic plan. Hence involves Preliminary Phase, which looks at long term goals. Lack of integration between central unit and business units; Going for single ERP solution to consolidate all the information.

Concern : That the new ERP system must be able to manage and safeguard customer information in a manner that meets or exceeds the legal requirements of the countries in which the company operates. Cross-functional Architecture Review Board (Governance body) is formed.

Aim : Approach seps to addressing the concerns. Study the alternative approaches to take in the Preliminary Phase to ensure that the concern is addressed.

To do : Selecting best approach : Here it is towards preparing the organization, as clearly seen in the Scenario narrative.

How should we approach this Scenario based question ?

We need to identify the portion of TOGAF® documentation (available online during Level 2 Exam) so that we can quickly go to that portion and focus only on that. Not more than half a minute to be spent on this search.

Points seen above are sufficient to guess that this question is on the Preliminary Phase of ADM.

Do open the following chapter during Exam preparation, without spending too much time speculating the same.

Points in Green (regular bold) are positive and ones in Red (italics bold) are negative, in the following detailing.

Stack of books in black and white Looking at answer choice A:

We will have to carry out a study and come out with an assessment regarding the requirements pertaining to regulatory and security policy. Goes with the step : 5.3.1 Scope the Enterprise Organizations Impacted. Here the term ‘organization’  means the departments behind the applications involved - a large number of discrete applications are to be integrated with the new ERP system. The term ‘impacted’ can mean affected positively or negatively by the initiative integrating with the new ERP system.

We can then update the security policy of the Enterprise based on the assessment and its recommendations. Goes with the step : Identify and establish Architecture Principles.

This will result in a dedicated security architecture team being established. Hereafter this team will have to carry out the rest of ADM tasks to arrive at ABBs and SBBs which address the security considerations including the data privacy issues. This specialist team will work with rest of the EA team while the integration solution is architectured. Goes with the step : Define and establish Enterprise Architecture team and organization.

Classroom kid is coloring Looking at answer choice B:

We look into general concerns raised by the Board and focus on issues such as regulatory stipulations and their possible impact on the goals and objectives set. What about the Security related concern which is the mainstay of this scenario ?

The subsequent releasing of the Statement of Architecture Work in this Phase will be based on these concerns. Statement of Architecture Work is issued in Phase A while this scenario clearly states that it is regarding Preliminary Phase.

The statement issued will recommend for appointment of a dedicated Security Architect. This recommendation is the single point in this answer choice that is somewhat meaningful to the scenario that needs to be addressed.

When we start addressing the concerns, points seen in Preliminary Phase as given below are important. These are not seen in this answer choice :

Identify core enterprise (units) ; Identify communities involved (enterprises) — those stakeholders who will be affected and who are in groups of communities - is stated to mean  the departments behind the applications involved - a large number of discrete applications are to be integrated with the new ERP system.

Smiling girl with backpack Looking at answer choice C:

We look at the real intention behind the concerns. We recognize issues such as regulatory stipulations and their possible impact on the goals and objectives set. – These are obvious points and not great points aiming at the addressal of the concern. Further the security concern is not mentioned at all.

Hence we propose for the appointment of a dedicated Security Architect. This proposal is the single point in this answer choice that is somewhat meaningful to the scenario that needs to be addressed.

Cartoon schoolboy Looking at answer choice D:

We look into general and security concerns raised by the Board and focus on issues such as regulatory stipulations and their possible impact on the goals and objectives set. Security concerns are focused on this step.

We now get into the step of updating the existing security policy such that the concerns expressed are reflected through specific principles and supporting policies. – A step that reflects the Architecture Principle definition, which is most important in Preliminary Phase.

We also allocate a Security Architect and a team around this role to ensure that security considerations are included in the architecture planning for all domain work that will follow in B D A T segments. Goes with the step : Define and establish Enterprise Architecture team and organization.

Still, the step : 5.3.1 Scope the Enterprise Organizations Impacted is not truly covered in this answer choice. The need is to make an assessment but the same is not appearing in the answer here.

If we refer to TOGAF® documentation, we can see points herein as :

Identify core enterprise (units) — those who are most affected

Identify soft enterprise (units) — those who will see change to their capability and work with core units

Identify extended enterprise (units) — those units outside the scoped enterprise who will be affected in their own Enterprise Architecture

Identify communities involved (enterprises) — those stakeholders who will be affected and who are in groups of communities

Conclusion and Answer:

Best answer : A

This is the best answer. Look at the positive points (appearing in Green - regular bold) and discussion thereon.

Second best answer : D : Some valid points. Also security concern is mentioned. But more precise step of Preliminary Phase, regarding scope