• secure information system;
  • enterprise security architecture;
  • security pattern;
  • enterprise security pattern;
  • threat modeling


In recent years, most organizations have suffered attacks against their information systems. For this reason, organizations should seek support from enterprise security architectures (ESAs) in order to secure their information assets. Security patterns can help when building complex ESAs, but they have some limitations that reduce their usability. In this paper, we define the metapattern of a new type of security pattern called Enterprise Security Pattern. This new metapattern provides a model-driven environment and combines all elements that must be considered when designing and building ESAs. We present here a precise meta-model and four diagrams to describe the metapattern of the enterprise security patterns. When avoiding a security problem, organizations could use enterprise security patterns to provide their designers with an optimal and proven security guideline and so standardize the design and building of the ESA for that problem. Enterprise security patterns could also facilitate the selection and tailoring of security policies, patterns, mechanisms, and technologies when a designer is building ESAs. To illustrate our ideas, we present an instance of this new type of pattern, showing how it can be used. Copyright © 2014 John Wiley & Sons, Ltd.