How are security and privacy issues described in the Project Management Plan?

In the area of physical security, determine and describe the facilities and other direct access protection that will be required to achieve an acceptable level of risk to prevent unauthorized access to these EA components. In the area of information security, determine how the information created/used by the EA component will be protected and authenticated.… Continue reading How are security and privacy issues described in the Project Management Plan?

Why is it important to include security and privacy in an EA program and the documentation of EA components?

The role of security and privacy within an EA program is best described as a comprehensive set of controls that pervade all architectural domains and are a key part of an organization’s risk management strategy. One can think of this as a vertical thread that weaves through all levels of the architecture. The thread metaphor… Continue reading Why is it important to include security and privacy in an EA program and the documentation of EA components?

What are the Operational Security issues that should be reflected in the Security and Privacy Plan?

In the area of operational security, the Security and Privacy Program should promote the development of SOPs for EA component security, risk assessment, testing and evaluation, remediation, certification, operation, and disposal. SOPs should also be developed for extreme events such as recovery from major outages or natural disasters, and enabling the continuity of operations if… Continue reading What are the Operational Security issues that should be reflected in the Security and Privacy Plan?

How can the EA Management Program help to promote effective security and privacy solutions?

The Security and Privacy Program is intended to provide expertise, processes, and solutions for the protection of IT resources active in the business and technology operating environment. The Security and Privacy Program supports the EA by providing requirements for standards and procedures that are used in the planning and implementation of EA components and artifacts.… Continue reading How can the EA Management Program help to promote effective security and privacy solutions?

What is the difference between a Disaster Recovery Plan and a Continuity of Operations Plan?

**Disaster Recovery**: The assessment and recovery procedures for responding to a man-made or natural event that significantly disrupts or eliminates business and technology operations, yet does not threaten the existence of the enterprise. This includes sabotage, theft or corruption of resources, successful large scale hacker/virus attacks, building damage, fire, flood, and electrical outages. Two time-related… Continue reading What is the difference between a Disaster Recovery Plan and a Continuity of Operations Plan?