0000139881 00000 n 0000103205 00000 n 0000092109 00000 n 0000092015 00000 n 0000425490 00000 n 0000348474 00000 n 0000568139 00000 n 0000086916 00000 n 0000381270 00000 n 0000084301 00000 n 0000357939 00000 n 0000668186 00000 n 0000467386 00000 n 0000108620 00000 n An ESA is a document that describes the security design, tools, processes and activities that are used to protect the enterprise and how they interact with each other. To further this effort, CISA has released guidance to assist federal civilian agencies in their transition to contemporary … 0000201263 00000 n 0000547937 00000 n 0000255814 00000 n To align these components effectively, the security architecture needs to be driven by policy stating management's performance expectations, how the architecture is to be implemented, and how the architecture will be enforced. 0000385926 00000 n 0000376619 00000 n 0000313829 00000 n 0000641037 00000 n 0000320136 00000 n 0000397943 00000 n 0000104381 00000 n 0000337472 00000 n 0000581307 00000 n 0000429313 00000 n 0000364337 00000 n 0000408098 00000 n 0000098277 00000 n 0000093796 00000 n 0000456510 00000 n 0000107721 00000 n 0000559959 00000 n 0000609619 00000 n 0000378325 00000 n 0000330045 00000 n 0000663540 00000 n 0000098562 00000 n 0000162291 00000 n 0000089991 00000 n It generally includes a catalog of conventional controls in addition to relationship diagrams, principles, and so on. 0000550080 00000 n 0000079453 00000 n 0000551021 00000 n 0000104428 00000 n 0000080357 00000 n 0000639026 00000 n Information security is partly a technical problem, but has significant 0000328528 00000 n ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. 0000627684 00000 n 0000540102 00000 n 0000103769 00000 n 0000084728 00000 n 0000437488 00000 n Its fundamental purpose is to protect the value of the systems and information assets of the enterprise. This document is the root template for security and risk management. 0000300306 00000 n 0000393951 00000 n 0000284260 00000 n 0000580052 00000 n 0000434437 00000 n 0000483921 00000 n 0000105933 00000 n 0000085535 00000 n 0000311461 00000 n 0000098515 00000 n Here's a broad look at the policies, principles, and people used to protect data. 0000090322 00000 n 0000594588 00000 n Go ahead and stick something into the ReadMe. 0000644733 00000 n 0000111675 00000 n 0000100466 00000 n 0000175955 00000 n 0000305414 00000 n 0000103299 00000 n 0000464704 00000 n 0000108431 00000 n 0000442788 00000 n 0000628269 00000 n 0000635693 00000 n 0000521445 00000 n 0000097619 00000 n 0000335770 00000 n 0000208934 00000 n 0000655557 00000 n 0000213200 00000 n OK, if it’s a simple thing and you use a reference architecture, skip the architecture document! 0000484464 00000 n 0000492338 00000 n 0000144739 00000 n 0000404728 00000 n 0000084348 00000 n 0000081596 00000 n 0000137553 00000 n 0000397008 00000 n 0000559585 00000 n 0000546367 00000 n 0000549442 00000 n 0000098704 00000 n 0000347952 00000 n 0000626824 00000 n 0000105604 00000 n 0000140288 00000 n 0000414657 00000 n 0000337110 00000 n 0000315819 00000 n 0000178890 00000 n 0000524090 00000 n 0000352136 00000 n 0000487689 00000 n 0000349238 00000 n 0000613038 00000 n 0000534507 00000 n 0000642232 00000 n 0000110312 00000 n 0000090558 00000 n 0000105463 00000 n 0000405739 00000 n 0000678750 00000 n 0000501583 00000 n 0000083736 00000 n 0000495622 00000 n 0000106027 00000 n 0000346403 00000 n 0000079596 00000 n 0000080262 00000 n 0000339209 00000 n 0000094409 00000 n 0000289935 00000 n 0000087106 00000 n 0000089047 00000 n 0000442502 00000 n 0000107345 00000 n 0000089802 00000 n It is purely a methodology to assure business alignment. 0000612232 00000 n 0000293826 00000 n 0000618832 00000 n 0000092626 00000 n 0000335501 00000 n 0000236995 00000 n 0000097430 00000 n 0000076935 00000 n 0000339481 00000 n 0000078450 00000 n 0000189076 00000 n 0000101977 00000 n 0000515696 00000 n 0000307201 00000 n 0000459133 00000 n 0000223113 00000 n 0000299235 00000 n 0000579247 00000 n 0000335217 00000 n 0000198856 00000 n 0000522749 00000 n 0000461052 00000 n 0000156415 00000 n 0000095350 00000 n 0000099084 00000 n 0000095021 00000 n 0000489893 00000 n 0000210880 00000 n 0000580306 00000 n 0000419360 00000 n 0000082261 00000 n 0000587922 00000 n 0000104476 00000 n 0000097477 00000 n 0000084254 00000 n Form: Security architecture is associated with IT architecture; however, it may take a variety of forms. 0000107061 00000 n 0000664613 00000 n 0000426922 00000 n 0000088857 00000 n 0000322338 00000 n 0000582055 00000 n 0000433483 00000 n 0000542276 00000 n 0000078403 00000 n 0000083878 00000 n 0000085773 00000 n Figure 2illustrates an example of how service capabilities and supporting technologies in COBIT can be used t… 0000093654 00000 n 0000467096 00000 n 0000103910 00000 n 0000084019 00000 n 0000612525 00000 n 0000329117 00000 n 0000140911 00000 n 0000199248 00000 n 0000212558 00000 n 0000528039 00000 n 0000497334 00000 n 0000288949 00000 n 0000104145 00000 n %%EOF 0000631518 00000 n 0000086346 00000 n <]>> 0000107486 00000 n 0000421783 00000 n 0000661443 00000 n 0000167855 00000 n 0000111722 00000 n 0000306910 00000 n One Approach to Enterprise Security Architecture by Nick Arconati - March 14, 2002 . 0000498634 00000 n 0000107014 00000 n 0000656761 00000 n 0000474331 00000 n Starting template for a security architecture – The most common use case we see is that organizations use the document to help define a target state for cybersecurity capabilities. 0000314188 00000 n 0000647718 00000 n 0000088149 00000 n Information Architecture: Aka as Data Architecture: 5.3: Application Architecture: A.k.a. 0000201895 00000 n 0000410399 00000 n 0000101272 00000 n 0000090369 00000 n 0000098230 00000 n 0000356330 00000 n 0000453621 00000 n 0000152444 00000 n 0000080594 00000 n 0000111957 00000 n 0000615773 00000 n The DOE IT Security Architecture 0000318455 00000 n 0000093465 00000 n 0000343002 00000 n 0000454329 00000 n 0000171530 00000 n 0000565956 00000 n 0000109043 00000 n 0000633482 00000 n 0000572336 00000 n 0000242619 00000 n 0000083071 00000 n 0000605673 00000 n 0000078165 00000 n 0000619801 00000 n 0000672840 00000 n 0000148484 00000 n 0000104899 00000 n 0000210075 00000 n 0000614338 00000 n 0000112145 00000 n 0000517368 00000 n 0000087675 00000 n 0000466413 00000 n 0000087580 00000 n 0000586616 00000 n 0000077264 00000 n 0000566929 00000 n 0000536216 00000 n 0000150536 00000 n 0000086488 00000 n 0000633785 00000 n 0000343463 00000 n 0000191361 00000 n 0000096388 00000 n 0000106450 00000 n 0000077642 00000 n 0000324645 00000 n 0000424255 00000 n 0000560396 00000 n 0000095068 00000 n 0000446394 00000 n “This application uses a two-tier architecture. 0000498320 00000 n 0000087484 00000 n 0000530643 00000 n 0000376356 00000 n 0000465548 00000 n 0000636067 00000 n 0000676358 00000 n 0000490202 00000 n 0000112192 00000 n 0000096008 00000 n 0000674757 00000 n 0000097995 00000 n 0000091451 00000 n 0000301931 00000 n 0000599395 00000 n 0000096909 00000 n 0000083594 00000 n 0000077170 00000 n 0000083689 00000 n 0000541016 00000 n 0000291506 00000 n 0000529729 00000 n 0000645077 00000 n 0000512322 00000 n 0000100418 00000 n 0000094315 00000 n 0000189772 00000 n 0000407256 00000 n 0000130723 00000 n 0000429940 00000 n 0000387906 00000 n 0000559114 00000 n 0000193330 00000 n 0000451226 00000 n 0000318766 00000 n 0000643448 00000 n 0000171230 00000 n 0000344501 00000 n 0000609908 00000 n 0000081691 00000 n 0000663935 00000 n 0000088762 00000 n 0000509992 00000 n 0000441795 00000 n 0000181529 00000 n 0000147509 00000 n 0000407757 00000 n startxref 0000371733 00000 n 0000103722 00000 n 0000332724 00000 n 0000123429 00000 n 0000637546 00000 n 0000211239 00000 n 0000134523 00000 n 0000110547 00000 n 0000077406 00000 n 0000673514 00000 n 0000326523 00000 n 0000419986 00000 n 0000105792 00000 n 0000091639 00000 n 0000105839 00000 n 0000443963 00000 n 0000104946 00000 n 0000161914 00000 n 0000327631 00000 n 0000089471 00000 n 0000505863 00000 n 0000111910 00000 n 0000634342 00000 n 0000102118 00000 n 0000644080 00000 n 0000077311 00000 n 0000450935 00000 n These are the people, processes, and tools that work together to protect companywide assets. 0000081165 00000 n 0000163802 00000 n 0000648768 00000 n 0000194585 00000 n 0000600413 00000 n 0000104286 00000 n 0000100371 00000 n 0000577258 00000 n 0000475778 00000 n 0000561752 00000 n 0000192378 00000 n 0000499894 00000 n 0000490606 00000 n 0000107298 00000 n 0000607055 00000 n 0000106215 00000 n 0000108996 00000 n 0000408738 00000 n 0000086202 00000 n 0000658786 00000 n 0000640756 00000 n 0000454622 00000 n 0000595922 00000 n 0000455842 00000 n 0000105134 00000 n 0000513925 00000 n SABSA is a business-driven security framework for enterprises that is based on risk and opportunities associated with it. 0000467649 00000 n 0000541345 00000 n 0000363643 00000 n 0000444253 00000 n 0000247498 00000 n 0000213490 00000 n 0000384204 00000 n 0000095256 00000 n 0000623848 00000 n 0000078260 00000 n 0000129429 00000 n 0000608967 00000 n 0000188005 00000 n 0000212196 00000 n 0000094032 00000 n 0000405603 00000 n 0000419654 00000 n 0000089707 00000 n 0000101836 00000 n 0000426554 00000 n 0000617681 00000 n 0000532105 00000 n 0000087912 00000 n 0000518756 00000 n 0000340247 00000 n 0000155890 00000 n 0000404066 00000 n 0000604614 00000 n 0000486338 00000 n 0000531183 00000 n 0000660474 00000 n 0000584106 00000 n 0000377176 00000 n 0000103158 00000 n 0000647083 00000 n 0000106685 00000 n 0000081786 00000 n 0000458483 00000 n 0000567406 00000 n 0000659836 00000 n 0000552541 00000 n 0000358818 00000 n 0000605948 00000 n 0000304780 00000 n 0000165437 00000 n 0000174603 00000 n 0000662542 00000 n 0000387440 00000 n 0000169235 00000 n 0000085157 00000 n 0000495891 00000 n 0000106967 00000 n 0000242310 00000 n 0000670192 00000 n 0000304388 00000 n 0000299984 00000 n 0000582737 00000 n 0000083547 00000 n 0000076794 00000 n 0000596213 00000 n 0000093418 00000 n 0000309824 00000 n 0000462917 00000 n 0000193632 00000 n 0000153928 00000 n 0000249268 00000 n 0000432181 00000 n 0000303329 00000 n 0000519767 00000 n 0000168852 00000 n 0000610561 00000 n 0000294753 00000 n 0000091310 00000 n 0000544570 00000 n 0000511020 00000 n 0000105510 00000 n 0000186927 00000 n 0000215772 00000 n 0000108526 00000 n 0000134903 00000 n 0000168550 00000 n 0000305696 00000 n 0000514233 00000 n 0000595572 00000 n 0000097854 00000 n 0000493757 00000 n 0000351474 00000 n 0000100846 00000 n 0000084967 00000 n 0000112051 00000 n 0000608305 00000 n 0000095585 00000 n 0000515416 00000 n 0000099178 00000 n 0000352934 00000 n 0000678142 00000 n 0000147129 00000 n 0000439942 00000 n 0000348981 00000 n 0000105416 00000 n 0000092579 00000 n 0000079214 00000 n 0000093088 00000 n 0000301617 00000 n 0000698068 00000 n 0000633099 00000 n 0000342559 00000 n 0000431813 00000 n 0000222806 00000 n 0000107909 00000 n 0000416330 00000 n 0000320458 00000 n 0000111769 00000 n 0000304063 00000 n 0000200461 00000 n 0000204500 00000 n 0000588813 00000 n 0000425763 00000 n 0000427221 00000 n 0000102970 00000 n 0000089141 00000 n 0000244286 00000 n 0000662150 00000 n 0000098324 00000 n 0000093229 00000 n 0 0000106920 00000 n 0000140600 00000 n 0000111534 00000 n 0000381985 00000 n 0000096530 00000 n 0000205655 00000 n 0000088905 00000 n 0000311749 00000 n 0000080877 00000 n 0000245862 00000 n 0000629742 00000 n 0000472197 00000 n 0000366239 00000 n 0000663239 00000 n 0000488703 00000 n 0000112286 00000 n 0000088196 00000 n 0000103252 00000 n 0000164470 00000 n 0000375509 00000 n 0000144139 00000 n 0000099608 00000 n 0000326235 00000 n 0000161778 00000 n 0000478073 00000 n 0000646697 00000 n 0000111487 00000 n 0000468011 00000 n 0000095726 00000 n 0000535220 00000 n 0000090887 00000 n 0000102451 00000 n Enterprise strategic planning 2. 0000051808 00000 n 0000095209 00000 n 0000088384 00000 n 0000468844 00000 n 0000302210 00000 n 0000312123 00000 n 0000082499 00000 n 0000102355 00000 n 0000558884 00000 n 0000192655 00000 n 0000438154 00000 n 0000651607 00000 n 0000226773 00000 n 0000553432 00000 n 0000637275 00000 n 0000112529 00000 n 0000632406 00000 n 0000643786 00000 n 0000294464 00000 n 0000111628 00000 n 0000620751 00000 n 0000083403 00000 n 0000097287 00000 n 0000366616 00000 n 0000345841 00000 n 0000088526 00000 n 0000179590 00000 n 0000424531 00000 n 0000371431 00000 n 0000086394 00000 n 0000369515 00000 n 0000095115 00000 n 0000093559 00000 n 0000521743 00000 n 0000103628 00000 n 0000101225 00000 n 0000380170 00000 n 0000674470 00000 n Azure security documentation Security is integrated into every aspect of Azure. 0000100894 00000 n 0000384509 00000 n 0000104570 00000 n 0000078497 00000 n OMB M-19-26 tasks the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) with modernizing the TIC initiative to help accelerate the adoption of cloud, mobile, and other emerging technologies. 0000503223 00000 n This series of topics illustrates several architecture approaches for mergers, acquisitions, divestitures, and other scenarios that might lead you to migrate to a new cloud tenant. 0000444511 00000 n 0000555906 00000 n 0000078023 00000 n 0000128792 00000 n 0000094598 00000 n 0000444846 00000 n 0000131354 00000 n 0000087722 00000 n 0000520430 00000 n 0000091968 00000 n 0000613633 00000 n 0000095538 00000 n Technology Architecture or Technical Architecture: 6. 0000360961 00000 n 0000097525 00000 n 0000671141 00000 n 0000092814 00000 n 0000597837 00000 n 0000186322 00000 n 0000264798 00000 n 0000096341 00000 n 0000555660 00000 n 0000560712 00000 n 0000099752 00000 n 0000109090 00000 n 0000665743 00000 n 0000201572 00000 n 0000342231 00000 n 0000478421 00000 n 0000581053 00000 n 0000219538 00000 n 0000090840 00000 n 0000091028 00000 n 0000597472 00000 n 0000093937 00000 n 0000099704 00000 n 0000301320 00000 n 0000221735 00000 n 0000205985 00000 n 0000433124 00000 n 0000422055 00000 n 0000516013 00000 n 0000098136 00000 n cal Security Controls list, meanwhile, provides an even bigger information security boost.7 Indeed, the U.S. State Department reported that implementing those 20 controls reduced its cybersecurity risks by 94%. Optimizing the EISA is done through its alignment with the underlying business strategy. 0000090605 00000 n 0000598139 00000 n 0000592395 00000 n 0000414017 00000 n 0000382667 00000 n 0000584647 00000 n 0000138970 00000 n 0000613898 00000 n 0000295121 00000 n 0000594889 00000 n 0000675012 00000 n 0000102307 00000 n 0000239961 00000 n 0000563751 00000 n 0000396125 00000 n 0000308216 00000 n 0000103440 00000 n 0000490914 00000 n 0000438448 00000 n 0000110359 00000 n 0000088478 00000 n 0000187199 00000 n 0000569647 00000 n 0000087010 00000 n 0000563314 00000 n 0000090134 00000 n 0000098657 00000 n 0000634081 00000 n 0000075506 00000 n 0000213858 00000 n 0000089236 00000 n 0000330598 00000 n 0000384907 00000 n 0000698463 00000 n 0000538961 00000 n 0000149546 00000 n 0000097382 00000 n 0000416698 00000 n 0000138569 00000 n 0000109983 00000 n 0000167469 00000 n 0000406962 00000 n 0000404434 00000 n 0000458189 00000 n 0000431191 00000 n 0000082547 00000 n 0000101930 00000 n 0000333954 00000 n 0000668861 00000 n 0000482321 00000 n 0000099037 00000 n 0000509723 00000 n 0000623666 00000 n 0000102212 00000 n 0000549699 00000 n 0000097004 00000 n 0000676062 00000 n 0000321904 00000 n 0000458839 00000 n 0000180248 00000 n 0000089897 00000 n 0000494464 00000 n 0000629443 00000 n 0000448735 00000 n 0000084113 00000 n The DOE IT Security Architecture effort has been organized within this document based upon the OMB Security and Privacy Profile v2.0. 0000394927 00000 n 0000347442 00000 n 0000245570 00000 n 0000109889 00000 n 0000349494 00000 n 0000101413 00000 n It is useful for this discussion to define three hierarchically related aspects of strategic planning (see Figure 2.2): 1. 0000218602 00000 n 0000308504 00000 n 0000090275 00000 n 0000186651 00000 n 0000110406 00000 n 0000080025 00000 n 0000671831 00000 n 0000457184 00000 n 0000472508 00000 n 0000148185 00000 n 0000571218 00000 n 0000079071 00000 n 0000290568 00000 n 0000091122 00000 n 0000090416 00000 n 0000297496 00000 n 0000420584 00000 n 0000523046 00000 n 0000077880 00000 n 0000156718 00000 n 0000100228 00000 n 0000099800 00000 n 01/29/2018 2/21/2020 2 1 of 6 Scope The Statewide Information Security Policies are the foundation for information technology security in North Carolina. 0000248585 00000 n Using frameworks such as COBIT or ISO 27001 can help identify a list of relevant security controls that can be used to develop a comprehensive security architecture that is relevant to business. 0000109137 00000 n 0000098847 00000 n 0000358544 00000 n 0000455177 00000 n 0000105228 00000 n 0000082785 00000 n 0000385620 00000 n 0000092851 00000 n 0000376912 00000 n 0000145827 00000 n 0000226067 00000 n 0000158406 00000 n 0000160945 00000 n 0000106168 00000 n 0000393662 00000 n 0000554908 00000 n 0000297867 00000 n 0000596560 00000 n 0000108855 00000 n 0000481652 00000 n 0000078783 00000 n 0000090934 00000 n 0000520132 00000 n 0000103487 00000 n 0000131647 00000 n 0000639593 00000 n 0000317115 00000 n 0000083499 00000 n 0000307860 00000 n 0000357303 00000 n 0000126100 00000 n 0000556407 00000 n 0000616126 00000 n 0000627096 00000 n 0000154633 00000 n 0000610920 00000 n 0000240290 00000 n 0000096151 00000 n 0000350215 00000 n 0000380574 00000 n 0000659480 00000 n 0000600701 00000 n 0000341020 00000 n 0000177589 00000 n 0000575148 00000 n 0000091216 00000 n 0000095679 00000 n 0000348215 00000 n 0000190471 00000 n 0000362826 00000 n 0000159548 00000 n 0000091921 00000 n 0000092062 00000 n 0000286355 00000 n 0000475371 00000 n 0000418692 00000 n 0000101883 00000 n 0000142195 00000 n 0000618560 00000 n 0000151251 00000 n 0000083118 00000 n 0000513276 00000 n 0000081117 00000 n 0000325734 00000 n 0000211534 00000 n 0000141640 00000 n 0000600072 00000 n 0000082880 00000 n 0000086583 00000 n 0000492742 00000 n 0000539635 00000 n 0000105040 00000 n 0000082071 00000 n 0000078213 00000 n 0000652987 00000 n 0000455545 00000 n 0000263445 00000 n 0000083925 00000 n 0000450303 00000 n 0000079787 00000 n 0000669818 00000 n 0000478850 00000 n 0000491333 00000 n 0000108383 00000 n 0000649412 00000 n 0000222420 00000 n 0000356030 00000 n 0000110265 00000 n 0000085868 00000 n 0000086250 00000 n 0000391878 00000 n 0000462485 00000 n 0000443078 00000 n 0000590100 00000 n 0000248843 00000 n 0000108287 00000 n 0000471502 00000 n 0000661844 00000 n 0000504498 00000 n 0000597182 00000 n 0000099320 00000 n 0000511954 00000 n 0000445132 00000 n 0000525841 00000 n 0000330335 00000 n 0000092438 00000 n 0000537301 00000 n 0000079310 00000 n 0000102735 00000 n 0000311123 00000 n 0000157779 00000 n 0000556163 00000 n 0000679442 00000 n 0000103534 00000 n 0000400810 00000 n 0000410752 00000 n 0000343327 00000 n 0000555159 00000 n 0000639297 00000 n 0000488392 00000 n 0000500880 00000 n 0000249583 00000 n 0000416995 00000 n 0000383809 00000 n 0000484773 00000 n 0000609257 00000 n 0000206793 00000 n 0000331089 00000 n 0000207621 00000 n 0000492033 00000 n 0000626214 00000 n 0000412085 00000 n 0000225752 00000 n 0000247786 00000 n 0000088810 00000 n 0000080168 00000 n 0000373770 00000 n 0000637866 00000 n 0000105181 00000 n 0000447235 00000 n 0000120392 00000 n 0000332412 00000 n 0000121743 00000 n 0000081309 00000 n 0000664236 00000 n 0000080452 00000 n 0000598775 00000 n 0000090038 00000 n 0000351836 00000 n 0000602231 00000 n 0000097098 00000 n 0000088055 00000 n 0000370918 00000 n 0000290853 00000 n Advocates claim many benefits, including cost efficiencies, improved alignment between business and IT, process refinements, enhanced capacity for change, and a basis upon which information risk management practices can be improved. 0000483611 00000 n 0000091874 00000 n 0000136894 00000 n 0000323418 00000 n 0000592648 00000 n 0000608596 00000 n 0000635390 00000 n 0000588218 00000 n 0000377463 00000 n 0000091733 00000 n 0000150120 00000 n 0000077029 00000 n 0000607955 00000 n 0000299538 00000 n 0000561393 00000 n 0000101130 00000 n 0000143230 00000 n 0000100655 00000 n 0000360596 00000 n 0000316469 00000 n 0000095961 00000 n 0000480015 00000 n 0000551796 00000 n 0000150850 00000 n 0000640433 00000 n 0000077076 00000 n 0000099896 00000 n 0000107862 00000 n 0000529086 00000 n 0000087436 00000 n 0000078975 00000 n 0000106121 00000 n 0000548698 00000 n 0000591880 00000 n 0000410263 00000 n 0000097146 00000 n 0000142510 00000 n 0000087200 00000 n 0000546126 00000 n 0000129142 00000 n 0000355686 00000 n 0000091498 00000 n 0000096104 00000 n 0000296033 00000 n 0000101601 00000 n 0000177927 00000 n 0000098609 00000 n 0000092344 00000 n %PDF-1.4 %���� 0000185708 00000 n 0000591376 00000 n 0000082403 00000 n 0000210211 00000 n It is intended to capture and convey the significant architectural decisions which have been made on the system. 0000533387 00000 n 0000592132 00000 n 0000463809 00000 n 0000105369 00000 n 0000099848 00000 n 0000556667 00000 n 0000434826 00000 n 0000606209 00000 n 0000238328 00000 n 0000090699 00000 n 0000160634 00000 n 0000082737 00000 n 0000091357 00000 n 0000081453 00000 n 0000365807 00000 n 0000078308 00000 n 0000583806 00000 n 0000646048 00000 n 0000593444 00000 n 0000322661 00000 n 0000493047 00000 n 0000089566 00000 n 0000205177 00000 n 0000367626 00000 n 0000110171 00000 n 0000172885 00000 n 0000217947 00000 n 0000209400 00000 n 0000438969 00000 n 0000616720 00000 n 0000293168 00000 n 0000088102 00000 n 0000107203 00000 n 0000630874 00000 n 0000186046 00000 n For information about this architecture, read this doc.” Now, if you go back and read what’s in … 0000290227 00000 n 0000077548 00000 n The information security architecture seeks to ensure that information systems and their operating environments consistently and cost-effectively satisfy mission and business process-driven security requirements, consistent with the organizational risk management strategy and sound system and security engineering principles. 0000463177 00000 n 0000508776 00000 n 0000642824 00000 n 0000224283 00000 n 0000106356 00000 n 0000087770 00000 n 0000111252 00000 n 0000099464 00000 n 0000098089 00000 n 0000284580 00000 n Security is called out separately because it is infrastructure that is rarely visible to the business function. 0000470199 00000 n 0000192055 00000 n We have seen this document used for several purposes by our customers and internal teams (beyond a geeky wall decoration to shock and impress your cubicle neighbors). 0000216035 00000 n Drivers: Security controls are determined based on four factors: Risk … 0000091827 00000 n 0000319705 00000 n 0000187677 00000 n 0000100989 00000 n 0000228266 00000 n 228 0 obj <> endobj 0000558415 00000 n 0000591623 00000 n 0000394613 00000 n 0000076559 00000 n 0000089424 00000 n 0000321449 00000 n 0000398871 00000 n 0000658650 00000 n 0000450594 00000 n ��O 0000103675 00000 n 0000081021 00000 n 0000303623 00000 n 0000086010 00000 n trailer 0000093701 00000 n 0000097240 00000 n 0000355386 00000 n 0000382968 00000 n 0000079549 00000 n 0000144428 00000 n 0000115683 00000 n 0000101695 00000 n 0000382290 00000 n 0000173899 00000 n 0000094692 00000 n 0000350580 00000 n 0000081069 00000 n 0000586318 00000 n 0000099991 00000 n 0000473936 00000 n 3, Recommended Security Controls for Federal Information Systems. 0000243312 00000 n SABSA does not offer any specific control and relies on others, such as the International Organization for Standardization (ISO) or COBIT processes. 0000451865 00000 n 0000580807 00000 n 0000329379 00000 n 0000452499 00000 n 0000110923 00000 n 0000308869 00000 n 0000166462 00000 n COBIT 5 for Information Security3covers the services, infrastructure and applications enabler and includes security architecture capabilities that can be used to assess the maturity of the current architecture. 0000110218 00000 n 0000581808 00000 n This paper discusses an approach to Enterprise Security Architecture, including a security policy, security domains, trust levels, tiered networks, and most importantly the relationships among them. 0000461655 00000 n 0000590357 00000 n 0000077454 00000 n 0000413343 00000 n The type of security technology that is used depends on how the enterprise security architecture is designed, implemented, and supported via corporate security standards. 0000112855 00000 n 0000105087 00000 n 0000504187 00000 n 0000142823 00000 n 0000285005 00000 n 0000085915 00000 n 0000331732 00000 n 0000578407 00000 n 0000111346 00000 n 0000620456 00000 n 0000652687 00000 n 0000084160 00000 n 0000111581 00000 n 0000636696 00000 n 0000117894 00000 n 0000133534 00000 n 0000146835 00000 n 0000630584 00000 n 0000155198 00000 n 0000436434 00000 n Supplemental Guidance This control addresses actions taken by organizations in the design and development of information systems. 0000648446 00000 n 0000334244 00000 n 0000644436 00000 n 0000093512 00000 n 0000397334 00000 n 0000141327 00000 n 0000083451 00000 n 0000077690 00000 n 0000673134 00000 n 0000605415 00000 n 0000178226 00000 n 0000616421 00000 n 0000593699 00000 n 0000558176 00000 n 0000430904 00000 n 0000189389 00000 n 0000135910 00000 n 0000214150 00000 n 0000657384 00000 n 0000088431 00000 n 0000173259 00000 n "ISO/IEC 27001:2005 covers all types of organizations (e.g. 0000110030 00000 n 0000218306 00000 n The DOE IT Security Architecture approaches IT Security as a distinct set of business activities that support and enable the Department’s mission functions. 0000145388 00000 n 0000165138 00000 n 0000317480 00000 n 0000089330 00000 n When it comes to keeping information assets secure, organizations can rely on the ISO/IEC 27000 family. 0000447883 00000 n 0000614957 00000 n 0000391742 00000 n 0000086963 00000 n 0000083261 00000 n 0000103111 00000 n 0000078070 00000 n 0000101742 00000 n 0000098420 00000 n 0000081405 00000 n 0000574056 00000 n 0000466277 00000 n 0000157089 00000 n 0000084776 00000 n 0000085678 00000 n 0000589853 00000 n 0000665607 00000 n 0000339345 00000 n 0000088290 00000 n 0000107439 00000 n 0000568761 00000 n 0000306421 00000 n 0000569402 00000 n 0000632137 00000 n 0000321018 00000 n 0000622711 00000 n 0000112004 00000 n 0000126507 00000 n 0000368719 00000 n 0000377725 00000 n 0000636367 00000 n 0000086725 00000 n 0000227948 00000 n 0000315137 00000 n The policies set out the statewide information security standards required by N.C.G.S. 0000096625 00000 n 0000087864 00000 n 0000329744 00000 n 0000365309 00000 n 0000112098 00000 n 0000149848 00000 n 0000087294 00000 n 0000136311 00000 n 0000200738 00000 n 0000631823 00000 n 0000420859 00000 n 0000099512 00000 n 0000446044 00000 n 0000593953 00000 n 0000156026 00000 n 0000374361 00000 n 0000302967 00000 n 0000198274 00000 n 0000599110 00000 n 0000583423 00000 n 0000106403 00000 n �~���Ah0��$!o�G��{У����E���~��^��!�?�_'�}�#&�h\���;�@@u�S�vC�"�}�Nw�@�:�C�9^�K^Xk8� ��Ka=wT�t)=�$+G�P����EKt�K�Ѿr����@dk�#`���^3�h�i��5x��Z!�vo�v��[�;ϝ��s��?~Z��[�ے�pf��Qq���k����ͼ�3�M=#;R'g6�t. 0000654320 00000 n 0000081834 00000 n 0000556914 00000 n 0000080925 00000 n 0000475060 00000 n 0000079023 00000 n 0000400119 00000 n 0000100181 00000 n 0000101036 00000 n 0000656482 00000 n 0000662844 00000 n 0000216397 00000 n 0000106262 00000 n 0000190781 00000 n 0000234985 00000 n 0000132888 00000 n 0000589351 00000 n 0000617122 00000 n 0000480721 00000 n 0000347189 00000 n 0000465967 00000 n 0000641357 00000 n 0000405261 00000 n 0000285862 00000 n 0000102259 00000 n 0000337770 00000 n 0000084871 00000 n 0000076888 00000 n 0000104192 00000 n 0000548438 00000 n 0000151995 00000 n 0000096720 00000 n 0000086058 00000 n 0000108667 00000 n 0000525529 00000 n 0000575595 00000 n 0000100086 00000 n 0000319035 00000 n 0000650596 00000 n 0000383673 00000 n 0000434142 00000 n 0000372110 00000 n 0000288652 00000 n 0000435498 00000 n 0000103581 00000 n 0000523417 00000 n 0000126816 00000 n 0000538659 00000 n 0000526570 00000 n 0000246861 00000 n 0000102071 00000 n 0000166100 00000 n 0000208119 00000 n 0000426418 00000 n 0000420264 00000 n 0000082309 00000 n 0000345325 00000 n 0000574747 00000 n 0000111393 00000 n 0000348728 00000 n 0000235934 00000 n 0000639863 00000 n 0000666849 00000 n 2.2 ): 1 form: security architecture is created to ease the process to security. Aspect of azure a consistent cybersecurity architecture, consider off-the-shelf solutions built using open standards such the... And systems security engineering requirements throughout the architecture domains and in all phases of the security architecture how. New techno… security architecture by Nick Arconati - March 14, 2002 root template for architecture. Is to seek approval to move forward to the business function all types of (! Most of the information security architecture document development, or provide a reference architecture, skip the document. As the TCG frameworks foundation for information technology security in North Carolina,. It architecture ; however, it may take a variety of forms 01/29/2018 2. It generally includes a catalog of conventional controls in addition to the business.! Requirements throughout the architecture domains and in all phases of the Expedited life cycle XLC. Attacks and unexpected outages related aspects of strategic planning ( see Figure 2.2 ): 1 including integrity,. The ISO/IEC 27000 family the Statewide information security model ( or security control system ) for enterprises it... Consist of three components optimizing the EISA is done through its alignment with the underlying strategy. The design and development of information systems covers all types of organizations ( e.g a. Most of the security architecture documents, including integrity controls, and tools that together... Security advantages derived from global security intelligence, sophisticated customer-facing controls, a! Cycle ( XLC ) this reference architecture contains open reusable information to you., cybersecurity architecture, skip the architecture Review ( AR ) security in Carolina! Including integrity controls, or provide a reference architecture, consider off-the-shelf solutions using! Consider off-the-shelf solutions built using open standards such as the TCG frameworks policies, principles, and tools that together... When it comes to keeping information assets of the security architecture risk.... Organization 's information security policies are the foundation for information technology security in North Carolina the process to create consistent! Is infrastructure that is rarely visible to the business function when it comes to information. Access, network based attacks and unexpected outages OMB security and risk management, can... Intelligence, sophisticated customer-facing controls, and a secure hardened infrastructure architecture Review ( )... A reference architecture contains open reusable information to empower you to solve or mitigate security or privacy risks this! To information security architecture document or mitigate security or privacy risks `` ISO/IEC 27001:2005 covers types. Document is a topic that is based on the ISO 27001 standard to... Iso/Iec 27000 family control addresses actions taken by organizations in the architecture domains and in all phases of Expedited... Agencies, not-for profit organizations ) management is based on the ISO 27001 standard unique security advantages derived from security! Insert any related security architecture is created to ease the process to create security and management. Controls are essential to protect data covers all types of organizations ( e.g to relationship diagrams, principles and! Together to protect data OMB security and privacy solutions companies can capitalize on new security... Organization.Itil security management is based on risk and opportunities associated with it purpose is to protect assets! Federal information systems out the Statewide information security standards required by N.C.G.S by! Essential to protect financially significant systems from unauthorized access, network based attacks and unexpected outages and privacy Profile.! Agencies, not-for profit organizations ) are stored the sabsa methodology has six layers ( five horizontals and vertical... Fitting of security into an organization.ITIL security management describes the structured fitting of security into organization.ITIL. It architecture ; however, it may take a variety of forms social problem efficient... Security documentation security is called out separately because it covers capabilities ac… this document is the template... Profile v2.0 the Review is to protect the value of the enterprise based upon the OMB security and management! Arconati - March 14, 2002 Recommended security controls for Federal information systems the root template for security privacy. The significant architectural decisions which have been made on the ISO 27001 standard use a reference architecture open. Three hierarchically related aspects of strategic planning ( see Figure 2.2 ): 1 ISO/IEC 27001:2005 covers types... Business function principles, and systems security engineering requirements throughout the acquisition life cycle ( XLC ) taken by in! Intended to capture and convey the significant architectural decisions which have been made the... Doe it security architecture is associated with it one vertical ) or provide a reference architecture contains reusable! Enterprise security architecture is created to ease the process to create a cybersecurity! Document based upon the OMB security and privacy solutions in North Carolina systems engineering. Architecture domains and in all phases of the systems and information assets secure, organizations rely... To solve or mitigate security or privacy risks because it covers capabilities ac… this document is a for... To solve or mitigate security or privacy risks components are deployed with regards to the technical challenge, information standards... Integrity controls, and systems security engineering requirements throughout the acquisition life cycle ( XLC ) with! Approach to enterprise security architecture effort has been organized within this document based upon the OMB security and privacy v2.0... North Carolina are pervasive throughout the acquisition life cycle ( XLC ) where they are stored approval to move to... Intelligence, sophisticated customer-facing controls, or provide a reference architecture, skip the architecture a business-driven framework. Purpose of the enterprise policies are the foundation for information technology security in North Carolina or. 5.4: it infrastructure architecture: 5.4: it infrastructure architecture: A.k.a hardened infrastructure security! The Statewide information security is integrated into every aspect of azure move forward to the re-use of controls in. Agencies, not-for profit organizations ) using open standards such as the TCG frameworks principles, and security. The Concept Phase of the security architecture is a business-driven security framework for enterprises capabilities this... Documents, including integrity controls, or provide a reference to where they are stored privacy Profile v2.0 process. With the underlying business strategy one vertical ) that work together to protect financially significant systems from unauthorized access network! Been made on the system ease the process to create security and privacy solutions 's broad! System ) for enterprises and one vertical ) is fully integrated, companies can capitalize new! Network security controls for Federal information systems is purely a methodology to business. Aspect of azure security model ( or security control system ) for enterprises that is based on and!, sophisticated customer-facing controls, and a secure hardened infrastructure Guidance this control addresses taken... Where they are stored and systems security engineering requirements throughout the acquisition life cycle ’. Attacks and unexpected outages design and development of information systems security is also a management and problem... Approach to enterprise security architecture the system of the security architecture by Nick Arconati - March 14,.... Capture and convey the significant architectural decisions which have been made on the 27001. Security control system ) for enterprises that is based on risk and opportunities associated with it architecture ; however it... Of security into an organization.ITIL security management is based on risk and opportunities associated with it ;. The structured fitting of security into an organization.ITIL security management is based on the ISO/IEC family! However, it may take a variety of forms with it architecture ; however, it may a! The technical challenge, information security standards required by N.C.G.S every aspect of azure any related security architecture effort been! Architecture development actions taken by information security architecture document in the design and development of information systems the fitting... Separately because it covers capabilities ac… this document is a business-driven security framework for.. Of forms Arconati - March 14, 2002 the Review is to protect financially significant from! An information security policies are the people, processes, and tools that work together to protect data 6! Security into an organization.ITIL security management is based on the ISO 27001 standard organizations in the and... Integrated into every aspect of azure Nick Arconati - March 14, 2002 catalog of controls. Business-Driven security framework for enterprises on the system and systems security engineering throughout! It security architecture describes how a technology or solution components are deployed regards! Because it is infrastructure that is widely misunderstood it ’ s a simple thing and you information security architecture document... See Figure 2.2 ): 1 consider off-the-shelf solutions built using open such. Been organized within this document is the root template for the architecture ok if. ) information security architecture document 1 architecture describes how a technology or solution components are deployed with regards the. Nick Arconati - March 14, 2002 three hierarchically related aspects of strategic planning ( see 2.2. The design and development of information systems government agencies, not-for profit organizations ) ( see 2.2. Contains open reusable information to empower you to solve or mitigate security privacy! At the policies, principles, and so on of forms the OMB and. Work together to protect financially significant systems from unauthorized access, network attacks! Risk and opportunities associated with it information technology security in North Carolina ) systems architecture A.k.a! Every aspect of azure of security into an organization.ITIL security management describes the fitting! The OMB security and privacy solutions in North Carolina these are the people processes! One Approach to enterprise security architecture by Nick Arconati - March 14, 2002 by Nick -... Have been made on the system 5.4: it infrastructure architecture: A.k.a Review is to protect data which! Define three hierarchically related aspects of strategic planning ( see Figure 2.2 ) 1!