A Practical Approach to Integrating Information Security into Federal Enterprise Architecture
Abstract
Security is a critically important consideration in government today. Managers are faced with a variety of security concerns driven by various laws, statutes, and regulations; agency policy; increased threat of terrorism; increased reliance on information technology; and issues of public trust. Security threats are cross-cutting, affecting IT planning, capital investment, systems design, operations, and IT governance. Failure to address security threats can interfere with a government organization's ability to carry out its mission. Simply implementing a variety of security mechanisms-the approach taken by most organizations-is not enough. Rather, security must be fully integrated into the organization's enterprise architecture. This report presents a methodology for doing that. The methodology is framework independent because it is based on the identification and description of business objects, which are common to all frameworks. The report also defines several concepts necessary for understanding the methodology and describes the benefits a federal agency will derive. By integrating security into its FA, an organization can ensure proper alignment of security initiatives with enterprise drivers and can readily identify and address security threats.
Document Details
- Document Type
- Technical Report
- Publication Date
- Oct 01, 2002
- Accession Number
- ADA408768
Entities
People
- Christopher Louden
- Debra Dennie
- John Diduro
- Paul Jung
- Robert Crosslin
Organizations
- LMI