This week on NVTC’s blog, Dr. Didier Perdu of LMI discusses the challenge of information assurance and how managers should address it.
More and more organizations are discovering the challenge of information assurance (IA). But, if you are like many other managers, you do not know how to address, let alone mitigate, the risks associated with common threats such as power failures or wireless intrusions. A solution is to leverage your enterprise architecture (EA) to make IA an integral part of the information technology (IT) planning and management activities of your organization. Here are four reasons why you need to get serious about protecting your information assets by integrating IA directly into your EA.
1. Improve Communication
An integrated EA/IA framework gets information flowing among the various layers of your organization. Sharing information improves communications. It is important to improve communication between senior leaders and the technical staff when making decisions about security controls and their implementation. By communicating early in the development process, security remains a primary consideration from initiation to disposition, which is especially important for mission-critical systems.
2. Reduce Complexity
Traditionally, security was practiced on a system-by-system basis. Having a standard approach to addressing security requirements reduces complexity. Clearly expressing the relationship between EA processes and IA controls helps security and non-security personnel understand the other group’s planning processes and procedures. And, when people understand one another’s perspectives, they are better able to work together to ensure that security requirements are addressed.
3. Achieve Compliance
Senior leaders often find themselves unable to navigate the myriad laws, regulations, and policies expanding the scope of IA. Improving communications and reducing complexity enables business and IT managers to work together, thereby enhancing your organization’s response to evolving, complex compliance requirements.
4. Lower Costs
Making security implementation decisions early in the system development lifecycle can reduce your IT costs significantly. Moreover, because IA also addresses vulnerabilities and risks, it saves future resources by providing for the restoration of information systems through built-in protection, detection, and reaction capabilities.
Senior leaders often feel unprepared to identify gaps in IT security and take appropriate action. Obtaining guidance to meet security and compliance requirements is critical to any organization. IT security no longer means simply making sure the door is locked or keeping passwords secure. Today, it means securing the information and information systems upon which your organization relies in order to be successful.
Dr. Perdu works in the Information Management Group with the Enterprise Architecture team, refining the LEAP methodology, and contributing to enterprise architecture related tasks. He holds a Ph.D. in Information Technology from George Mason University and a Master of Science in Technology and Policy from MIT. During his career he has sought to use Enterprise Architecture beyond just compliance and apply it to solve a variety of business issues faced by an enterprise. Cybersecurity is one of these challenges.