InfoSec: Enterprise Architecture Building Codes

There are many types of criminals. These include thrill-seeking hackers, politically motivated hackers, organized criminals after financial gain, and state-sponsored groups after financial gain and intellectual property or both.  Any of these have the potential to break these capabilities through information loss, or denial of service. Business processes and their associated transactions need to look at information security as a key component of any architectural design we might create as Enterprise Architects.

Security architecture is dependent on the idea of “security.”  Security by some definitions is the trade-off of convenience for protection.  When I am unloading the car and have an armful of groceries, it's challenging to unlock the front door at the same time. Alternatively I could just leave the front door unlocked but that might invite guests I had not planned for. So I trade convenience for protection.

  • Security is often seen as in conflict with business users; however, security is a process that protects the business and allows it to effectively operate.
  • Security is in response to perceived business risks.
  • Security can be seen as a benefit and a business enabler and can aid organizations to achieve their business objectives.
Read more