Essay Available:
Pages:
2 pages/≈550 words
Sources:
4
Style:
Other
Subject:
Technology
Type:
Essay
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 10.8
Topic:
Enterprise Architecture: Key Elements of a Security and Privacy Program
Essay Instructions:
Answer the following questions:
- What are the key elements of a Security and Privacy Program?
- Why are there no 100% fool-proof IT security solutions?
- Using the class scenario, identify an existing OSUIT Risk Management or Security plan or policy and make the supported justification as to why it does or does not link to an EA program. The OSUIT posted privacy notice is not viable documentation for this assignment. Use your answer from question one to support your assessment.
*Review the assignment support document for minimum requirements for your answers and information on the class scenario.
Essay Sample Content Preview:
Chapter 11:Enterprise Architecture
Name
Institution
Course
Instructor
Date
Chapter 11:Enterprise Architecture
1. The Key Elements of a Security and Privacy Program
There are four key elements of a security and privacy program. These programs comprise personnel , physical protection, operations, and information security. This segment shall elaborate on this element concisely.
Information security
Information security ensures optimal protection of information relating to the EA component and processes. "In the area of information security, the security and privacy program should promote security and privacy-conscious design, information content assurance, source authentication, and data access control." (Bernard, 2020, p. 239). In this case, design refers to the logical and physical systems review activities investigating flows, relationships, and data structure. In addition, assurance ensures information protection from alteration by unauthorized sources or unintentional changes. Besides, authentication is the ability to verify the information source. Equally important, access refers to individuals who can access the EA information and the ways the enterprise manages this access. In brief, information security aims to protect the organizations' data and confidential information.
Personnel
Personnel refers to the enterprise's structures to engage partners, such as the workforce, in implementing the EA plan. "In the area of personnel security, the security privacy program should promote user authentication, security awareness, and training" (Bernard, 2020, p. 240). Foremost, user authentication is the identity verification of contractors and employees who utilize the enterprise's resources, such as systems and facilities. Besides, awareness training aims to educate the system administrators and end-users regarding the requirements and conditions they should accept before accessing the EA component. Lastly, information security contains procedure training that aids the workforce in handling the system in cases of security attacks adequately. In brief, personnel usually entails human interaction with the EA system.
Operations
Operation is also a key component in security and privacy program. "In the area of operational security, the security and privacy program should promote the development of SOPs for EA component security, risk assessment, testing and evaluation, remediation, certification, operation, and disposal" (Bernard, 2020, p. 241). Risk assessment involves the evaluation of risks across all levels of the architect. Equally important, component security testing and evaluation of the vulnerability of EA components for future considerations for correction during remediation. After that, component certification and accreditation may occur after undertaking all the remediation actions. In addition, standard operating procedures ensure that the system administrators and end-users undertake effective and timely actions when faced with IT-related risks such as cyber-attacks. If any part is under attack, they may refer to the recovery and assessment procedure in the disaster recovery segment. Lastly, sometimes the organization may face severe attacks, forcing it to disband. In this case, the organization usually outlines the recovery procedure in the continuity of operations category.
Physical Protection
Physical protection is the fourth key element in security and privacy program. Physical protection refers to the safety of tangible assets in an enterprise (Tekinerdoğan et al., 2020). "The aspect of physical protection that should be captured in the EA include controls for the facilities that support IT processing, control for the facilities that support IT processing, control of access to buildings, equipment, networks, and telecommunication rooms." (Bernard, 2020, p. 243) Notably, building security is a building where experts use IT resources. Most importantly, the wiring closet, server rooms, and network operation centers allow access control of the E...
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now: