An integrated set security and privacy controls for the enterprise is created by including these considerations security in the planning, design, implementation, and operation of all EA components and artifacts. For information-centric enterprises, including IT security and data privacy as required design elements of EA components, and having leadership support at the strategic and line of business operations levels can provide a strong and meaningful statement about the importance of protecting the business and technology operating environment. Security and privacy controls should also be a consideration in business process reengineering and improvement activities, and should be a requirement for the design of information flows. Security and privacy should also be key checklist items when making acquisition decisions for systems, hardware, software, and support services at the Systems/Services level and the Technology Infrastructure level of an architecture.
Categories: Framework, Security and Privacy