This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages) The topic of this article may not meet Wikipedia's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted.Find sources: "Enterprise information security architecture" – news · newspapers · books · scholar · JSTOR (April 2015) (Learn how and when to remove this template message) Some of this article's listed sources may not be reliable. Please help improve this article by looking for better, more reliable sources. Unreliable citations may be challenged and removed. (April 2015) (Learn how and when to remove this template message) This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed.Find sources: "Enterprise information security architecture" – news · newspapers · books · scholar · JSTOR (August 2015) (Learn how and when to remove this template message) (Learn how and when to remove this template message)

Enterprise information security architecture is the practice of designing, constructing and maintaining information security strategies and policies in enterprise organisations. A subset of enterprise architecture, information security frameworks are often given their own dedicated resources in larger organisations and are therefore significantly more complex and robust than in small and medium-sized enterprises.

Overview

Enterprise information security architecture is becoming a common practice within financial institutions around the globe. The primary purpose of creating an enterprise information security architecture is to ensure that business strategy and IT security are aligned.[1] Enterprise Security involves processes, strategies, and techniques for securing IT assets and information against risks and unauthorized access that may violate and affect the integrity and confidentiality of these systems. It also encompasses the processes, technology, and people involved in sustaining a secure environment for protecting digital assets.

Enterprise information security architecture topics

Enterprise information security architecture was first formally positioned by Gartner in their whitepaper called “Incorporating Security into the Enterprise Architecture Process”.[2]

High-level security architecture framework

Huxham Security Framework

Whilst security architecture frameworks are often custom designed in enterprise organisations, several models are commonly used and adapted to the individual requirements of the organisation

Commonly used frameworks include:

See also

References

  1. ^ "21 principles of enterprise architecture for the financial sector". developer.ibm.com. Retrieved 2022-09-28.
  2. ^ "Incorporating Security Into the Enterprise Architecture Process". www.gartner.com. Archived from the original on June 6, 2010. Retrieved 30 August 2015.

Further reading

Categories