Enterprise information security architecture (ZBI) is a part of enterprise architecture focusing on information security throughout the enterprise. The name implies a difference that may not exist between small/medium-sized businesses and larger organizations.

Overview

Enterprise information security architecture is becoming a common practice within

financial institutions Financial institutions, sometimes called banking institutions, are business entities that provide services as intermediaries for different types of financial monetary transactions. Broadly speaking, there are three major types of financial insti ...

around the

globe A globe is a spherical model of Earth, of some other celestial body, or of the celestial sphere. Globes serve purposes similar to maps, but unlike maps, they do not distort the surface that they portray except to scale it down. A model globe ...

. The primary purpose of creating an enterprise information security architecture is to ensure that business strategy and IT security are aligned.

Enterprise information security architecture topics

Enterprise information security architecture was first formally positioned by

Gartner Gartner, Inc is a technological research and consulting firm based in Stamford, Connecticut that conducts research on technology and shares this research both through private consulting as well as executive programs and conferences. Its clients ...

in their

whitepaper A white paper is a report or guide that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem, or make a decision. A white pape ...

called “''Incorporating Security into the Enterprise Architecture Process''”.

High-level security architecture framework

Enterprise information security architecture frameworks are only a subset of enterprise architecture frameworks. If we had to simplify the

concept Concepts are defined as abstract ideas. They are understood to be the fundamental building blocks of the concept behind principles, thoughts and beliefs. They play an important role in all aspects of cognition. As such, concepts are studied by s ...

ual

abstraction Abstraction in its main sense is a conceptual process wherein general rules and concepts are derived from the usage and classification of specific examples, literal ("real" or "concrete") signifiers, first principles, or other methods. "An abstr ...

of enterprise information security architecture within a generic framework, the picture on the right would be acceptable as a high-level conceptual security architecture framework. Other open enterprise architecture frameworks are: * SABSA framework and methodology * The U.S. Department of Defense (DoD) Architecture Framework (DoDAF) *

Extended Enterprise Architecture Framework Jaap Schekkerman (born 1953) is a Dutch computer scientist and founder of the Institute For Enterprise Architecture Developments (IFEAD) in the Netherlands. He is particularly known for his 2003 book ''How to Survive in the Jungle of Enterprise Arc ...

(E2AF) from the

Institute For Enterprise Architecture Developments Jaap Schekkerman (born 1953) is a Dutch computer scientist and founder of the Institute For Enterprise Architecture Developments (IFEAD) in the Netherlands. He is particularly known for his 2003 book ''How to Survive in the Jungle of Enterprise Ar ...

. * Federal Enterprise Architecture of the United States Government (FEA) * The UK Ministry of Defence (MOD) Architecture Framework (MODAF) *

Service-Oriented Modeling Service-oriented modeling is the discipline of modeling business and software systems, for the purpose of designing and specifying service-oriented business systems within a variety of architectural styles and paradigms, such as application arch ...

Framework (SOMF) * The Open Group Architecture Framework (TOGAF) *

Zachman Framework The Zachman Framework is an enterprise ontology and is a fundamental structure for enterprise architecture which provides a formal and structured way of viewing and defining an enterprise. The ontology is a two dimensional classification sche ...

References

{{reflist

* Carbone, J. A. (2004). ''IT architecture toolkit.'' Enterprise computing series. Upper Saddle River, NJ, Prentice Hall PTR. * Cook, M. A. (1996). ''Building enterprise information architectures : reengineering information systems.'' Hewlett-Packard professional books. Upper Saddle River, NJ, Prentice Hall. * Fowler, M. (2003). ''Patterns of enterprise application architecture.'' The Addison-Wesley signature series. Boston, Addison-Wesley.
SABSA integration with TOGAF
* Groot, R., M. Smits and H. Kuipers (2005).
A Method to Redesign the IS Portfolios in Large Organisations
, ''Proceedings of the 38th Annual Hawaii International Conference on System Sciences'' (HICSS'05). Track 8, p. 223a.

IEEE The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical engineering (and associated disciplines) with its corporate office in New York City and its operation ...

. * Steven Spewak and S. C. Hill (1993). ''Enterprise architecture planning : developing a blueprint for data, applications, and technology.'' Boston, QED Pub. Group. *Woody, Aaron (2013)
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Birmingham, UK. Packt Publishing Ltd. Enterprise architecture Computer security

Overview

Enterprise information security architecture topics

High-level security architecture framework

See also

References

Further reading