Enterprise Information Security Architecture
I always have been interested in Enterprise Architecture. Enterprise Architecture is one of those terms that security professionals hear about but do not always know how it can benefit what they do. Recently a client asked Forrester to review their information security enterprise architecture. I was both excited and pleased to do so. One of my accomplishments is I hold a patent in software engineering for the traceability in software systems, supporting business and IT alignment. Several colleagues and I developed an approach to use different types of models, both business and technical, to model the enterprise. The Object Management Group at about the same time championed the notion of "Model Driven Architecture." The premise of theses ideas is that the enterprise can be modeled and the relationships between business processes and underlying systems identifed.
Information security, focused at people, process and technology can leverage many of the techniques of the enterprise architect to evolve the security posture of the organization from its current state to a more optimized state over time. This presents interesting opportunities for security professionals to look at their security processes and tools to determine if they are really meeting the needs of their organization.
Add to the discussion. I would like to know your thoughts on this topic. I will be posting more over the next several weeks.
Join me at: Forrester's IT Forum 2011
Accelerate At The Intersection Of Business And Technology
North America: May 25-27, Las Vegas
EMEA: June 8-10, Barcelona