An Enterprise Security Architecture - 2176 Words

It is the common experience of many corporate organisations that information security solutions are often designed, acquired and installed on a tactical basis. A requirement is identified, a specification is developed and a solution is sought to meet that situation. In this process there is no opportunity to consider the strategic dimension, and the result is that the organisation builds up a mixture of technical solutions on an ad hoc basis, each independently designed and specified and with no guarantee that they will be compatible and interoperable. There is often no analysis of the long-term costs, especially the operational costs which make up a large proportion of the total cost of ownership, and there is no strategy that can be†¦show more content†¦Furthermore, information systems security is only a small part of information security, information assurance or information risk management (these terms have a certain amount of inter-changeability), which in turn is but o ne part of a wider topic: business security. Business security embraces three major areas: information security; business continuity; physical and environmental security. Broader still is the view that business security is concerned with all aspects of operational risk management. Only through an integrated approach to these broad aspects of business security will it be possible for the enterprise to make the most cost-effective and beneficial decisions with regard to the management of operational risk. The enterprise security architecture and the security management process should therefore embrace all of these areas. Fundamental requirements The main goal of enterprise information security is to protect the valuable resources of an organization. Such as information, hardware and software. Through applying the appropriate safety measures, the enterprise security supports the organization in achieving its objectives by protecting the employees, financial resources, reputation, and other tangibles and intangibles. Security Model In order for an organization to develop a cohesive and coherent security model it is essential for the organization to have an