Enterprise Information Security Architecture on:
[Wikipedia]
[Google]
[Amazon]
Enterprise information security architecture (ZBI) is a part of enterprise architecture focusing on information security throughout the enterprise. The name implies a difference that may not exist between small/medium-sized businesses and larger organizations.
Enterprise information security architecture frameworks are only a subset of enterprise architecture frameworks. If we had to simplify the
SABSA integration with TOGAF
* Groot, R., M. Smits and H. Kuipers (2005).
A Method to Redesign the IS Portfolios in Large Organisations
, ''Proceedings of the 38th Annual Hawaii International Conference on System Sciences'' (HICSS'05). Track 8, p. 223a.
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Birmingham, UK. Packt Publishing Ltd. Enterprise architecture Computer security
Overview
Enterprise information security architecture is becoming a common practice withinfinancial institutions
Financial institutions, sometimes called banking institutions, are business entities that provide services as intermediaries for different types of financial monetary transactions. Broadly speaking, there are three major types of financial inst ...
around the globe
A globe is a spherical model of Earth, of some other celestial body, or of the celestial sphere. Globes serve purposes similar to maps, but unlike maps, they do not distort the surface that they portray except to scale it down. A model glo ...
. The primary purpose of creating an enterprise information security architecture is to ensure that business strategy and IT security are aligned.
Enterprise information security architecture topics
Enterprise information security architecture was first formally positioned byGartner
Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...
in their whitepaper
A white paper is a report or guide that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem, or make a decision. A white pape ...
called “''Incorporating Security into the Enterprise Architecture Process''”.
High-level security architecture framework
Enterprise information security architecture frameworks are only a subset of enterprise architecture frameworks. If we had to simplify the concept
Concepts are defined as abstract ideas. They are understood to be the fundamental building blocks of the concept behind principles, thoughts and beliefs.
They play an important role in all aspects of cognition. As such, concepts are studied by s ...
ual abstraction
Abstraction in its main sense is a conceptual process wherein general rules and concepts are derived from the usage and classification of specific examples, literal ("real" or " concrete") signifiers, first principles, or other methods.
"An a ...
of enterprise information security architecture within a generic framework, the picture on the right would be acceptable as a high-level conceptual security architecture framework.
Other open enterprise architecture frameworks are:
* SABSA framework and methodology
* The U.S. Department of Defense (DoD) Architecture Framework (DoDAF)
* Extended Enterprise Architecture Framework (E2AF) from the Institute For Enterprise Architecture Developments.
* Federal Enterprise Architecture of the United States Government (FEA)
* The UK Ministry of Defence (MOD) Architecture Framework (MODAF)
* Service-Oriented Modeling
Service-oriented modeling is the discipline of modeling business and software systems, for the purpose of designing and specifying Service-orientation, service-oriented business systems within a variety of architectural styles and paradigms, such ...
Framework (SOMF)
* The Open Group Architecture Framework (TOGAF)
* Zachman Framework
The Zachman Framework is an enterprise ontology and is a fundamental structure for enterprise architecture which provides a formal and structured way of viewing and defining an enterprise. The ontology is a two dimensional classification schem ...
See also
* Enterprise architecture *Enterprise architecture planning
Enterprise architecture planning (EAP) in enterprise architecture is the planning process of defining architectures for the use of information in support of the business and the plan for implementing those architectures.The Chief Information Of ...
* Information security
Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthori ...
* Information assurance Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, ...
References
{{reflistFurther reading
* Carbone, J. A. (2004). ''IT architecture toolkit.'' Enterprise computing series. Upper Saddle River, NJ, Prentice Hall PTR. * Cook, M. A. (1996). ''Building enterprise information architectures : reengineering information systems.'' Hewlett-Packard professional books. Upper Saddle River, NJ, Prentice Hall. * Fowler, M. (2003). ''Patterns of enterprise application architecture.'' The Addison-Wesley signature series. Boston, Addison-Wesley.SABSA integration with TOGAF
* Groot, R., M. Smits and H. Kuipers (2005).
A Method to Redesign the IS Portfolios in Large Organisations
, ''Proceedings of the 38th Annual Hawaii International Conference on System Sciences'' (HICSS'05). Track 8, p. 223a.
IEEE
The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operati ...
.
* Steven Spewak
Steven Howard Spewak (1951 – March 26, 2004) was an American management consultant, author, and lecturer on enterprise architectures, known for the development of Enterprise Architecture Planning (EAP).
Biography
Born in Philadelphia, Spewak ...
and S. C. Hill (1993). ''Enterprise architecture planning : developing a blueprint for data, applications, and technology.'' Boston, QED Pub. Group.
*Woody, Aaron (2013)Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Birmingham, UK. Packt Publishing Ltd. Enterprise architecture Computer security