Phase D, Technology ArchitectureDerived from TOGAFDeep · 1 hour

Risk and Control Catalogue

Log architecture risks, map them to controls, and visualise the residual risk landscape so governance boards can see what is and is not mitigated.

All tools

When to use

In Phase D when integrating security and risk into the technology architecture, or during Phase G compliance reviews.

You'll need

  • Identified risks from architecture work
  • Existing controls and policies

You'll get

  • A risk register with control mappings, residual risk scores, and a risk heatmap

Taught in

Loading tool...

Derived from

  • Derived from TOGAF Standard, 10th Edition, {S4} Security Architecture. View source

Full citation: Derived from TOGAF Standard, 10th Edition, {S4} Security Architecture