Upload File

enterprise information security architecture

2
Enterprise Information Security Architecture Definition: Enterprise Information Security Architecture (EISA) is the process of instituting a complete information security solution to the architecture of an enterprise, ensuring the security of business information at every point in the architecture. The security of commercial data has always been a primary concern in business. Both for ensuring the safety and integrity of customer data and protecting the competitive advantage that comes with superior business intelligence, information security is vital. While security has always been a concern, it has become even more so since the introduction of the Internet. Whereas in the past enterprises needed only to protect the flow of information within the business, today they must consider the threat from outside – from attacks on the security of the corporate Intranet, for instance, or electronic data interchange (EDI) between the enterprise, clients and suppliers. EISA is not, however, simply a matter of building a wall between the IT systems of an enterprise and the outside world. Instead, the security architecture must align with the strategies and objectives of the enterprise, taking into consideration the importance of the free flow of information within an enterprise - and with partners, customers and suppliers. Aspects of EISA The goal of the Information Security Architecture (developed by Gartner) is to align security strategies between three functional areas of an organization: Business Architecture Above all else, the security architecture must be aligned with the goals and objectives of the enterprise. Without proper alignment there will be an inevitable disconnect between business strategy and security. To enable this alignment it is vital to accurately outline the business architecture in place to achieve the objectives of the organization by asking several questions: What does the enterprise do? Who does it? What information do they use to achieve their goals? Where do they do it? By answering these questions it becomes possible for the security architecture framers to develop a comprehensive map of the strategies of the enterprise, along with a range of organizational charts and business process maps. Information Architecture Using these plans, security architecture framers can understand the optimal flow of information within the enterprise. What applications are used to achieve the objectives of the

Upload: user

Post on 27-Nov-2014

61 views

Category:

Documents


3 download

Report

TRANSCRIPT

Page 1: Enterprise Information Security Architecture

Enterprise Information Security Architecture

Definition: Enterprise Information Security Architecture (EISA) is the process of instituting a

complete information security solution to the architecture of an enterprise, ensuring the

security of business information at every point in the architecture.

The security of commercial data has always been a primary concern in business. Both for

ensuring the safety and integrity of customer data and protecting the competitive advantage

that comes with superior business intelligence, information security is vital.

While security has always been a concern, it has become even more so since the introduction

of the Internet. Whereas in the past enterprises needed

only to protect the flow of information within the business,

today they must consider the threat from outside – from

attacks on the security of the corporate Intranet, for

instance, or electronic data interchange (EDI) between the

enterprise, clients and suppliers.

EISA is not, however, simply a matter of building a wall

between the IT systems of an enterprise and the outside

world. Instead, the security architecture must align with

the strategies and objectives of the enterprise, taking into

consideration the importance of the free flow of

information within an enterprise - and with partners,

customers and suppliers.

Aspects of EISA

The goal of the Information Security Architecture

(developed by Gartner) is to align security strategies

between three functional areas of an organization:

Business Architecture

Above all else, the security architecture must be aligned

with the goals and objectives of the enterprise. Without proper alignment there will be an

inevitable disconnect between business strategy and security.

To enable this alignment it is vital to accurately outline the business architecture in place to

achieve the objectives of the organization by asking several questions:

What does the enterprise do?

Who does it?

What information do they use to achieve their goals?

Where do they do it?

By answering these questions it becomes possible for the security architecture framers to

develop a comprehensive map of the strategies of the enterprise, along with a range of

organizational charts and business process maps.

Information Architecture

Using these plans, security architecture framers can understand the optimal flow of

information within the enterprise. What applications are used to achieve the objectives of the

Page 2: Enterprise Information Security Architecture

business? What data do these applications require in order to achieve those objectives, and

what integration methods are in place to enable the sharing of that information?

Only by understanding these technologies and processes can it be possible for the framers to

develop a strategy for ensuring the security of this data while allowing vital business

processes to progress unimpeded.

Technology Architecture

Finally, it is necessary to study the

technology architecture in place to

support these applications and

processes. The technology

architecture of most enterprises is

highly complex, involving a range of

different technologies running on

different platforms, each relying on

a range of heterogeneous legacy

systems. Ensuring the security of

these technologies while allowing

business processes sufficient access

to information can be a daunting

task.

In order to ensure the security of

data within this architecture it is

necessary to build a map of every

piece of that architecture, and to

understand how information moves between its components.

Primarily, it is vital to understand the hardware that supports business processes – the

location and purpose of servers, for instance, and the way in which computers access the

information held on those servers.

Perhaps most importantly in the modern day is the need to build an Internet connectivity

diagram for the enterprise. Only by understanding the various connections between the

information architecture and the outside world is it possible to protect those connections.

In a Nutshell

Clearly, the process of developing a functional information security architecture is more

complex than it may seem. Not only must the framers of such an architecture be aware of

every piece of technology that exists within the business architecture, but they must also

understand how and why all of these technologies interact with each other to achieve the

objectives of the enterprise. Only once they have this understanding can they set about the

task of developing best practices to ensure the security of information passing along these

connections while optimizing the passage of information to protect the interests of the

enterprise.


QUICK GUIDE - Cloud Security Alliance · ©2011 Cloud Security Alliance | 7 Introduction ENTERPRISE ARCHITECTURE WHITEPAPER Overview of the Enterprise Architecture Out of common needs

A SECURITY ARCHITECTURE FOR NET-CENTRIC ENTERPRISE ...people.cs.vt.edu/.../WebServices/DISA-Security-Architecture.pdf · A SECURITY ARCHITECTURE FOR NET-CENTRIC ENTERPRISE SERVICES

Enterprise Security Architecture - WordPress.com...Enterprise security architecture framework We assist with your Security Architecture designs and optimization based on the Open-Enterprise

A Simple Enterprise Security Architecture (SESA): Towards ...€¦ · A Simple Enterprise Security Architecture (SESA): Towards a Pedagogic Architecture for Teaching Cyber Security

Enterprise Security Architecture for Cyber · PDF filereference model (mainly ISO 27001) ... Enterprise Security Architecture ... Customer and users Data Center User LAN Periphery

Practical Enterprise Security Architecture

Enterprise Security Architecture · PwC CONFIDENTIAL 4 Enterprise Security Architecture FAQs • Is the current architecture supporting and adding value to the security of the organization?

Security Architecture Enterprise · PDF fileSecurity Architecture ⊆ Enterprise Architecture Duncan Unwin Brisbane, 27th February 2013 An exploration of how Security Architecture

A SECURITY ARCHITECTURE FOR NET-CENTRIC ENTERPRISE SERVICES (NCES)

Architecture of Enterprise Applications 4 Security I

Enterprise Security Architecture

Enterprise Security Architecturerenjian/pubs/ESA-Final.pdf · Enterprise security architecture is becoming a critical component of the enterprise security so-lutions around the globe

Freelance Graphics - Security Introduction · Architecture -- Create a security framework /architecture for the enterprise. Deployment -- Install the security solutions (Technology,

Enterprise Cyber Security Architecture - Technical Approach

Security Architecture and Design from a …...Security Architecture and Design from a Business/Enterprise Driven Viewpoint Introduction to Enterprise Security Architecture using the

Homeland Security Enterprise Architecture

SABSA and TOGAF Enterprise Security Architecture at Eskom · SABSA and TOGAF – Enterprise Security Architecture ... •Enterprise Security Architecture at Eskom ... Partial Physical

DMV Enterprise Security Architecture Policy

SACON - Enterprise Security Architecture (Bikash Barai)

Enterprise Security Architecture - SABSA White Paper 2009

WINCHESTER HOUSE SECURITY: WHY AN ENTERPRISE SECURITY ARCHITECTURE MATTERS

Adaptive Enterprise Security Architecture

Enterprise Architecture and Information Security

An Introduction to Information Security Architecture mex38l_d2.pdf · Enterprise architecture development (and, ... • The security architecture framework should enable planning

Enterprise Architecture- Based Risk and Security Modelling

Enterprise Security Architecture - MITS Consultingmitsconsulting.com/images/SABSA_White_Paper_2009.pdf ·  · 2013-06-20Enterprise Security Architecture John Sherwood, Andrew Clark

Security Architecture Roadmap-v4 - Arctec Grouparctecgroup.net/pdf/ArctecSecurityArchitectureBlueprint.pdf · services into an overall enterprise security architecture blueprint

Security Architecture Methodology for the Electric Sector ... · security architecture methodology that augments, rather than replaces, current enterprise architecture methodologies

GAO-07-564 Homeland Security: DHS Enterprise Architecture ... · HOMELAND SECURITY DHS Enterprise Architecture Continues to Evolve but Improvements Needed Highlights of GAO-07-564,

Does Anyone Remember Enterprise Security Architecture?

Five Essential Enterprise Architecture Practices to Create the Security-Aware Enterprise

Enterprise Architecture and Security Integration

Securing Cloud and Mobile Pragmatic Enterprise Security Architecture

Enterprise Architecture Security Architecture Development

Insider Threat Security Reference Architecture · PDF fileThe Insider Threat Security Reference Architecture ... protection mechanisms secure the data architecture layer, ... Enterprise