All Articles

Situation:

• Security architecture program tends to focus heavily on technology, often neglecting people, process policies needed to manage the program
• Activities in the program often planned as unrelated parts of specific problems to be delivered in a given time window thereby losing overarching view of the architecture and also losing ability to confidently claim that the security objectives are met.
• Many cases it seems like a daunting task and often pushed backward

Problems:

This leads to several problems

• The security architecture team/security team doesn’t know whether it is supporting business goals.
• The organization lose sense of direction in terms of defining security priorities and initiatives.
• Risk treatment becomes non-definitive.

• To make security architecture development better managed, security architecture governance is ‘must have’.
• The security architecture governance process must be part of and in sync with an overarching security governance program.
• The security architecture governance program must be customised to suit specific organisational needs.
• Begin by defining the organisational pressure that shape and define organisational security posture and use best practice as a guide to determine what the security architecture program must include.The pressure would be referred as ‘security pressure position’ in rest of the document.
• Conduct gap analysis to identify the initiatives needed to reach to the target state of security architecture posture.
• Create an action plan and implement the project using industry best practices, tools, templates and using external expertise where

>>Click Here to Download the Complete Report