Enterprise Security Architecture: Mythology or Methodology?