The Security and Privacy Program is intended to provide expertise, processes, and solutions for the protection of IT resources active in the business and technology operating environment. The Security and Privacy Program supports the EA by providing requirements for standards and procedures that are used in the planning and implementation of EA components and artifacts. Each EA component and artifact should be assessed to determine if the proper level of protection is provided, and if not, that solutions are identified on a risk-adjusted basis. Risk-adjustment refers to the trade-off between sharing and protection, as well as how much security is desired versus the cost and effort required to implement it.
Categories: Enterprise Architecture Management, Security and Privacy