IT Security
IT security is simply an informational security applied to computers, computerized systems and computer networks. It covers the protection of computerized systems, services and information from an unauthorized or unintended access. What is more, such security includes protection from disasters of natural as well as unnatural character. That’s in general. And what does an IT security mean for enterprise architecture?
Enterprise information security architecture (EISA) is the comprehensive tool for optimization of all possible organization’s processes in a specific period of time (present or future), its computerized resources and personnel as well as organizational subordinate units, so that they correspond to the organization's main goals and strategic decisions. Although EISA is often considered to deal strictly with information security, it is a broader system to support the business optimization addressing business and process security architecture as well as performance management.
- creation of alignment between IT security and business processes;
- being coherent with business strategy of the enterprise;
- make the IT security transparent for the enterprise;
- EISA must be a result of enterprise goals and strategy;
- protection of enterprise interests as well as information.
EISA won’t work without principles:
- it is integral to enterprise strategy;
- it has influence on all the enterprise;
- risk management creates requirements for information security;
- it considers interests of internal as well as external stakeholders;
- it requires continual development;
- it requires commitment (meaning time and money);
- its mechanisms must be understandable for the enterprise.
EISA becomes more and more popular in all business spheres. However, it is inseparable from the IT enterprises that operate strictly with computerized systems and networks.
References:
Open Security Architecture. (n.d.). Retrieved from http://www.opensecurityarchitecture.org/cms/index.php
