FAQ Category: Security and Privacy

Enterprise Architecture Professionals

What is the difference between a Disaster Recovery Plan and a Continuity of Operations Plan?

**Disaster Recovery**: The assessment and recovery procedures for responding to a man-made or natural event that significantly disrupts or eliminates business and technology operations, yet does not threaten the existence of the enterprise. This includes sabotage, theft or corruption of resources, successful large scale hacker/virus attacks, building damage, fire, flood, and electrical outages. Two time-related…
Read more

What are the differences between perimeter defense and core configuration controls?

Security and privacy controls should function to reduce or eliminate external and internal threats – doing so through a combination of perimeter defense and internal configuration control. Controls should also support rapid bounce-back capabilities (called resilience) when incidents occur – from minor to major in scope. When done correctly, controls can serve to detect and…
Read more

How does IT security functions at each level of the EA3 framework?

An integrated set security and privacy controls for the enterprise is created by including these considerations security in the planning, design, implementation, and operation of all EA components and artifacts. For information-centric enterprises, including IT security and data privacy as required design elements of EA components, and having leadership support at the strategic and line…
Read more

How do I make an integrated set of security and privacy functions?s

An integrated set of security and privacy controls for the enterprise is created by including these considerations security in the planning, design, implementation, and operation of all EA components and artifacts. For information-centric enterprises, including IT security and data privacy as required design elements of EA components, and having leadership support at the strategic and…
Read more

How are security and privacy issues described in the Project Management Plan?

In the area of physical security, determine and describe the facilities and other direct access protection that will be required to achieve an acceptable level of risk to prevent unauthorized access to these EA components. In the area of information security, determine how the information created/used by the EA component will be protected and authenticated.…
Read more

Why is it important to include security and privacy in an EA program and the documentation of EA components?

The role of security and privacy within an EA program is best described as a comprehensive set of controls that pervade all architectural domains and are a key part of an organization’s risk management strategy. One can think of this as a vertical thread that weaves through all levels of the architecture. The thread metaphor…
Read more

What are the key elements of an Security and Privacy Program?

There are four key elements of the Security and Privacy Program: information security, personnel, operations, and physical protection.

What are the Physical Security issues that should be reflected in the Security and Privacy Plan?

The aspects of physical protection that should be captured in the EA include controls for the facilities that support IT processing, control of access to buildings, equipment, networks, and telecommunications rooms, as well as fire protection, media storage, and disaster recovery systems.

What are the Personnel Security issues that should be reflected in the Security and Privacy Plan?

In the area of personnel security, the Security and Privacy Program should promote user authentication, security awareness, and training

What are the Information Security issues that should be reflected in the Security and Security Plan?

In the area of information security, the Security and Privacy Program should promote security and privacy-conscious designs, information content assurance, source authentication, and data access control.