Information Security Architecture
Enterprise Information Security Architecture is a set of requirements, processes, principles, and models that determine the current And/or future structure and behaviour of an organization’s security processes, information security systems, personnel, and organizational sub-units. It ensures that the security architecture and controls are in alignment with the organization’s core goals and strategic direction. Though Enterprise Information Security Architecture deals with information security, it relates more broadly to the security practice of business. Optimization. Thus, it also addresses business security architecture, performance management and security process architecture. The main objective of implementing EISA is to make sure that IT security is in alignment with business strategy.
Enterprises are struggling nowadays to achieve the balance between implementing the security controls in the enterprise while allowing the employees to increase the productivity and communicate the information easily. Enterprise security is not only about protecting the infrastructure of the enterprise, but also the sensitive data flowing among the organization. Security of enterprise is done in a generic manner by applying three ways [1, 2]:
Prevention – This involves preventing the networks from intruders by avoiding security Breaches. This is normally done by the implementation of firewalls.
Detection – This process focuses on the detection of the attacks and the breaches that are done over the network.
Recovery – Once an attack occurs, recovery is essential for preventing the information asset of the enterprise that may damage due to the attack. For this, some recovery mechanisms are being employed by the enterprises. Till date, most of the researches and works have been done in the area of prevention and detection of the attack.
Enterprise Information Security Architecture (EISA) could be a key component of an information security program. the first function of EISA is to document and communicate the artifacts of the safety program during a consistent manner. As such, the first deliverable of EISA could be a set of documents connecting business drivers with technical implementation guidance. These documents are developed iteratively through multiple levels of abstraction.
Related Product:- EC-Council Security Analyst v10 | ECSA
Motives behind enterprise security
Enterprise security is getting difficult primarily due to the following reasons A. Increasing threats- Enterprise organizations are continuously attacked by newer With the aim of stealing the confidential information. Cybercriminals, hackers are growing in a large number. It has been reported that in recent years, malware are worse than previous attacks. Further, crime is getting more sophisticated these days. All these factors need to be managed. B. Technology Complexity – Security experts are dealing with threats as well as maintaining the change with the effect of the new technologies like cloud computing, mobile computing, Internet of things and virtualization. These new technologies are creating a gap within the system which need to be addressed. C. Legacy security procedures and techniques: From the past, many security techniques have been used in the enterprises starting from firewalls, Intrusion Detection System/ Intrusion Prevention System (IDS/IPS), to host security software (i.e., antivirus software), and to security monitoring and compliance tools (i.e., SIEM, log management, etc.). These procedures are incapable of dealing with the multidimensional threat.
Also Read:- What is an Information Security Incident?
There exist multiple security standards for securing and protecting the assets of the enterprises. Some organizations use the published security standards while others implemented their own security architecture depending on their requirement. There is no single uniform standard that can be applied to all enterprises. By incorporating the recommended policies and programs, effective and consistent security architecture can be developed.
Trends in enterprise security
Due to the incorporation of cloud and mobile applications, the security needed by the enterprise has been increased at a wider level. The attacks are changing day by day and so this necessitates more secure information environment. Thus these trends suggest that further improvement is needed in the security architectures of the enterprises.
- Encrypted data
- DDoS (Distributed Denial of Service Attack
- Managed Security Service
- Single platforms for secure
- Increased Customer expectation
- Data collection and process
- Malware analytic
- Intelligent algorithm
The following are the goals of EISA:
– To help in monitoring and detecting network behaviors in real time acting upon internal and externals security risks.
– To help an organization detect and recover from security breaches.
– To aid in prioritizing resources of an organization and pay attention to various threats.
– To benefit the organization in cost prospective when incorporated in security provisions such as incident response, disaster recovery, and event correlation, etc.
– To help in analyzing the procedures needed for the IT department to identify assets and function properly.
– To help perform risk assessment of an organization’s ET assets with the cooperation of IT staff.
Questions related to this topic
- What is Enterprise Information Security Architecture ?
- What is Trends in enterprise security ?
- What is Motives behind enterprise security?
Learn advanced security techniques by ECSA
- Enterprise Information Security Architecture
- Vulnerability Assessments Top 8 Most Useful
- What Is Incident Response Orchestration?
- Types of Penetration Testing:
Learn CEH & Think like hacker
- What is Ethical Hacking? & Types of Hacking
- 5 Phases of Hacking
- 8 Most Common Types of Hacker Motivations
- What are different types of attacks on a system
- Scope and Limitations of Ethical Hacking
- TEN Different Types Of Hackers
- What is the Foot-printing?
- Top 12 steps for Foot printing Penetration Testing
- Different types of tools with Email Foot printing
- What is “Anonymizer” & Types of Anonymizers
- Top DNS Interrogation Tools
- What is SNMP Enumeration?
- Top vulnerability scanning tools
- Information Security of Threat
- Foot printing tools:
- What is Enumeration?
- Network Security Controls
- What is Identity and Access Management?
- OWASP high TEN web application security risks
- Password Attacks
- Defend Against Key loggers
- Defend Against Spyware
- Covering Tracks
- Covering Track on Networks
- Everything You Need To Know About Sniffing – Part 1
- Everything You Need To Know About Sniffing – Part 2
- Learn more about GPS Spyware & Apparatuses
- Introduction of USB Spyware and It’s types
- 10 Types of Identity Theft You Should Know About
- Concepts of Denial-of-Service Attack & Distributed Denial of Service Attack
- Most Effective Ways to Overcome Impersonation on Social Networking Site’s Problem
- How Dynamic Host Configuration Protocol (DHCP) Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- IOS Switch Commands
- Web Server Concept
- Web Server Attacks
- Web Server Attack Tools
- Web Server Security Tools
- 6 Quick Methodology For Web Server Attack
- Learn Skills From Web Server Foot Printing / Banner Grapping
- The 10 Secrets You Will Never Know About Cyber Security And Its Important?
- Ways To Learn Finding Default Content Of Web Server Effectively
- How will Social Engineering be in the Future
- Understand The Background Of Top 9 Challenges IT Leaders Will Face In 2020 Now
- Learning Good Ways To Protect Yourself From Identity Theft
- Anti-phishing Tools Guide
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com