Part two of Guy Sereff's paper discussing Information Security Integration within the Enterprise Reference Architecture Model
In Part 1: Foundation, Guy Sereff reviewed the relationship and distinction between Enterprise Architecture, Enterprise Architecture Frameworks and Enterprise Reference Architecture Models. He also discussed several key Information Security Architecture considerations, such as available standards, relevant certifications and supplemental methodologies designed to offer an organization resources to help them address the on-going challenge of providing secure and reliable technology solutions.
In this paper, Part 2: Implementation, Guy focuses on how to successfully bring these base concepts together into a strategic plan of action. That plan begins by carrying out a four-step approach that organizations must take if they want to better integrate Information Security into their broader Enterprise Reference Architecture Model.