Integration of TOGAF and SABSA on the Increased Effectiveness and Security of a Software Development Life Cycle, in the Context of a Spinoff Company

Abstract: Information security nowadays have shifted from the more traditional computer and network security, to software security and malware analysis. Especially with the cloud computing era and IaaS, PaaS and Saas offerings readily available more and more time and effort is put in the development and implementation of secure software applications and information systems. As a result more and more companies and organizations are realizing the importance and the benefits that come with adding security in their software and system development life cycle, in order to provide more secure deliverables to their clients, being either software or an information system. Relevant literature so far has shown that the majority of the existing IS security development approaches lack the required practicality, hands-on approach and easiness to understand and comprehend, and are difficult to integrate into IS development methods. This thesis aimed to contribute to this research, by introducing a new framework that would combine an Enterprise Architecture framework (TOGAF) and an Information Security framework (SABSA), in an effort to address the problems of current research, by containing the required comprehensiveness, easy accessibility to candidate researchers and making security an integral part of the SDLC and try to answer whether such a framework would have positive results in the security and efficiency in the SDLC of a spinoff company. The results were very promising and have clearly demonstrated that under specific conditions the effects from introducing this framework can be very beneficial both in terms of security and efficiency.