Scribd Logo
Upload

Welcome to Scribd!

  • 353 views

    Enterprise Information Security Architecture

    Uploaded by

    _user_
    Enterprise Information Security Architecture (EISA) ensures security at every point in an enterprise's architecture by aligning security strategies with business and information architectures. EISA considers business goals, information flows, and the complex technology architecture, including connections to outside networks. Developing an effective EISA requires understanding how all technologies interact to achieve business objectives in order to secure information passing through systems while allowing optimal business processes.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd

    Enterprise Information Security Architecture

    Uploaded by

    _user_
    353 views2 pages
    Enterprise Information Security Architecture (EISA) ensures security at every point in an enterprise's architecture by aligning security strategies with business and information architectures. EISA considers business goals, information flows, and the complex technology architecture, including connections to outside networks. Developing an effective EISA requires understanding how all technologies interact to achieve business objectives in order to secure information passing through systems while allowing optimal business processes.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Enterprise Information Security Architecture (EISA) ensures security at every point in an enterprise's architecture by aligning security strategies with business and information architectures. EISA considers business goals, information flows, and the complex technology architecture, including connections to outside networks. Developing an effective EISA requires understanding how all technologies interact to achieve business objectives in order to secure information passing through systems while allowing optimal business processes.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    353 views2 pages

    Enterprise Information Security Architecture

    Uploaded by

    _user_
    Enterprise Information Security Architecture (EISA) ensures security at every point in an enterprise's architecture by aligning security strategies with business and information architectures. EISA considers business goals, information flows, and the complex technology architecture, including connections to outside networks. Developing an effective EISA requires understanding how all technologies interact to achieve business objectives in order to secure information passing through systems while allowing optimal business processes.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 2

    Enterprise Information Security Architecture

    Definition: Enterprise Information Security Architecture (EISA) is the process of instituting a


    complete information security solution to the architecture of an enterprise, ensuring the
    security of business information at every point in the architecture.

    The security of commercial data has always been a primary concern in business. Both for
    ensuring the safety and integrity of customer data and protecting the competitive advantage
    that comes with superior business intelligence, information security is vital.

    While security has always been a concern, it has become even more so since the introduction
    of the Internet. Whereas in the past enterprises needed
    only to protect the flow of information within the business,
    today they must consider the threat from outside – from
    attacks on the security of the corporate Intranet, for
    instance, or electronic data interchange (EDI) between the
    enterprise, clients and suppliers.

    EISA is not, however, simply a matter of building a wall


    between the IT systems of an enterprise and the outside
    world. Instead, the security architecture must align with
    the strategies and objectives of the enterprise, taking into
    consideration the importance of the free flow of
    information within an enterprise - and with partners,
    customers and suppliers.

    Aspects of EISA

    The goal of the Information Security Architecture


    (developed by Gartner) is to align security strategies
    between three functional areas of an organization:

    Business Architecture

    Above all else, the security architecture must be aligned


    with the goals and objectives of the enterprise. Without proper alignment there will be an
    inevitable disconnect between business strategy and security.

    To enable this alignment it is vital to accurately outline the business architecture in place to
    achieve the objectives of the organization by asking several questions:

    What does the enterprise do?

    Who does it?

    What information do they use to achieve their goals?

    Where do they do it?

    By answering these questions it becomes possible for the security architecture framers to
    develop a comprehensive map of the strategies of the enterprise, along with a range of
    organizational charts and business process maps.

    Information Architecture

    Using these plans, security architecture framers can understand the optimal flow of
    information within the enterprise. What applications are used to achieve the objectives of the
    business? What data do these applications require in order to achieve those objectives, and
    what integration methods are in place to enable the sharing of that information?

    Only by understanding these technologies and processes can it be possible for the framers to
    develop a strategy for ensuring the security of this data while allowing vital business
    processes to progress unimpeded.

    Technology Architecture

    Finally, it is necessary to study the


    technology architecture in place to
    support these applications and
    processes. The technology
    architecture of most enterprises is
    highly complex, involving a range of
    different technologies running on
    different platforms, each relying on
    a range of heterogeneous legacy
    systems. Ensuring the security of
    these technologies while allowing
    business processes sufficient access
    to information can be a daunting
    task.

    In order to ensure the security of


    data within this architecture it is
    necessary to build a map of every
    piece of that architecture, and to
    understand how information moves between its components.

    Primarily, it is vital to understand the hardware that supports business processes – the
    location and purpose of servers, for instance, and the way in which computers access the
    information held on those servers.

    Perhaps most importantly in the modern day is the need to build an Internet connectivity
    diagram for the enterprise. Only by understanding the various connections between the
    information architecture and the outside world is it possible to protect those connections.

    In a Nutshell

    Clearly, the process of developing a functional information security architecture is more


    complex than it may seem. Not only must the framers of such an architecture be aware of
    every piece of technology that exists within the business architecture, but they must also
    understand how and why all of these technologies interact with each other to achieve the
    objectives of the enterprise. Only once they have this understanding can they set about the
    task of developing best practices to ensure the security of information passing along these
    connections while optimizing the passage of information to protect the interests of the
    enterprise.

    You might also like