The EA facilitates and support the understanding of the needs of the company, and helps the management formulate the recommend that meet the needs of the organization and the development of an appropriate plan of actions grounded or guided by the full spectrum of planning disciplines security planning. EA defined how enterprise analyses, designs, plans, as well as implement the security measures are conducted (Bernard, 2012). The EA security plan is designed to support the EA by outlining then requirement and the standards and procedures that must be used in planning and implementing the EA components and the artifacts. It takes into consideration all threats and proposes countermeasures that must be implemented. Apart from the Standard Operating Procedures (SOPs) for security, it also delineates those who will be responsible for overseeing each countermeasure.
Discuss some of the threats that EA systems face
There are several threats that the EA systems face. These threats include fires, floods, accidents, terrorisms, hijackers and disloyal employees as well as mistakes that are not intentional. The threats can emanate from within or outside the organization. therefore, the entries must be aware of these threats have a high probability of occurring. Other threats include unauthorized access, denial of service attacks, malware insertion attempts, spoofing, phishing, and virus attacks, and code manipulation attempts.
What countermeasures we can use e.g., what types of controls would be applicable for an EA in an organization
The company can implement controls that will provide it with an integrated risk-adjusted solution designed to address the physical person as well as operational threats that can comprise or prevent the enterprise's architecture functionality. The company needs integrated security and privacy controls (Burkett, 2012). The security and privacy controls should be taken into consideration from planning, to design, implementation and operations of the EA component and artifacts. IT security and data privacy must be integrated at the design and stage
In the business process reengineering and improvement, the company must also consider security and privacy controls when selecting and acquiring systems, hardware, software's as well as the support services.
The company mist protects the information from unintentional alteration by outside unauthored personal. Comprised data quality can affect the enterprises' ability to deliver on its goals as such, the company must control access to this information. Other controls include configuration management and version control.
Authentication refers to the veracity of the information source. The company must control the people who create or manipulate information. The company should, therefore, have a clear log of all who manipulated data and the changes they made.
Access control must be integrated into the security plans. every person should only access information based on their clearance levels. Access control will determine 3ho has the right to access some records and the level of clearance they must manipulate the data.
Questions and Exercises
What is an EA repository and how does it support the EA implementation methodology?
An enterprise architecture repository is a database and file directory for archiving documents. It also refers to a collection of various artifacts defining the company existing and targeted information technology landscape. The EA repository is used store and reflects the company technology inventory including data, application, a business artifact as well as illustrate the relationship between various components of EA using the amazon webs services for config, tagging, and resource groups (Sumarni, Mahrin, Maarop & Azaliah, 2019). The EA repository provides the company with a centralized place for the storage and retrieval of the solution architecture artifacts. It is through the repository that the company can organize, integrate and analyze information that describes the key elements of the company's architectures. The EA repository supports the EA implementation methodology by way of planning new IT systems or modifying any of the existing systems. The repository will host components that are used to implement and document the EA architecture. It also defined how files will be developed, archived as well as used to select a framework for modeling tools and online repository. The repository helps in determining the documentation framework, the scope of the architecture as well as guide the techniques to be followed to model the view and future sceneries. Finally, the EA repository stores file that support security planning and decision making. The artifacts stored in the repository are used as reference information for executive, management and staff activities in a timely manner while also reducing the level of interpretation errors.
How does the IT Security column of the EA repository relate to the EA3 Cube Framework?
The IT security solution column of the EA repository relates to the EA3 cue approach by defining and analyzing the key areas where common activities between and within an enterprise are carried out. The EA security column ins one of the main columns that define the relationship between different parts and the model of the organization including the stakeholder model, the, organize model and human resources model. The security solution column of the repository is comprised of the following cells and each cell is related to the EA3 Cube.
The Policy and Procedures Cell present the enterprises IT security policies. The cell links to the EA3 cubes standard operating process for handling IT acuity activities and how to respond to security incidences that threaten the company's strategy, business and information technology.
The data privacy cells presented the enterprise's policy on information privacy including the procedures to be followed to collect information and data, archive them and disseminate the information that is relevant for the business process label and the company's information flow level of the EA3 framework.
The IT inventory cell is where the IT resources are maintained. The inventory promotes IT security and enables the EA planners to access information on the status of the business and technology operating environment.
Each component of the EA framework is designed to represent specific functional areas of the company whether used from top to bottom, bottom to top or single component approach. The company will defined the strategic level of the framework based on the goals or initiatives, the objectives of the enterprises in using the EA, the existing objectives and resources owned by the company in which the EA will be integrated as well as the outcome measures or metrics that will be used to evaluate the EA success or failure.
Bernard, S. (2012). An Introduction to Enterprise Architecture (3rd ed.). Bloomington, Indiana, United States: AuthorHouse.
Burkett, J. (2012). Business Security Architecture: Weaving Information Security into Your Organization's Enterprise Architecture through SABSA. Information Security Journal: A Global Perspective, 21(1), 47-54. doi: 10.1080/19393555.2011.629341
Sumarni Hussein, S., Naz'ri Mahrin, M., Maarop, N., & Azaliah Abu Bakar, N. (2019). Content Validation of an Enterprise Architecture (EA) Readiness Assessment Instrument. Journal Of Physics: Conference Series, 1196(21), 012047. doi: 10.1088/1742-6596/1196/1/012047
Cite this page
Paper Example on Creating an Effective Security Plan Using an Enterprise Architecture. (2023, Jan 16). Retrieved from https://proessays.net/essays/paper-example-on-creating-an-effective-security-plan-using-an-enterprise-architecture
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Case Study on Domtar
- The SodaStream Company Essay
- Comparison and Contrast of Characters in Hedda Gabler Essay
- Prosecutor's Information Management System - Research Paper
- Dancing For Freedom: Expressing Oneself Through Dance - Essay Sample
- Essay Example on Neurotic Society: Anxiety, Mental Illness & Personality Impairment
- Disruptive Business Models: Engineering to Maximize Opportunities - Essay Sample