Government agencies are committing an increasing amount of resources to information security and data privacy solutions in order to meet legal and mission requirements for protecting agency information in the face of increasingly sophisticated global threats. Enterprise Architecture (EA) provides an agency-wide context and method that includes a security sub-architecture which can be used to design and implement effective controls. EA is scalable, which promotes consistency and alignment in controls at the enterprise, program, and system levels. EA also can help government agencies improve existing security and data privacy programs by enabling them to move beyond a system-level perspective and begin to promote an enterprise-wide view of security and privacy, as well as improve the agility and effectiveness of lifecycle activities for the development, implementation, and operation of related security and privacy controls that will assure the confidentiality, integrity, and availability of the agency’s data and information. This chapter presents the EA3 “Cube” EA methodology and framework, including an integrated security architecture, that is suitable for use by government agencies for the development of risk-adjusted security and privacy controls that are designed into the agency’s work processes, information flows, systems, applications, and network infrastructure.
Enterprise Architecture General Concepts
EA is a management practice and a documentation methodology that is devoted to improving the performance of organizations by enabling them to see themselves in terms of a holistic and integrated view of their strategic direction, business practices, information flows, and technology resources. By developing current and future versions of this integrated view, an organization can better manage the transition from current to future operating methods. This transition includes the identification of new goals, activities, and all types of capital and human resources (including information technology) that will improve bottom line financial and mission performance (Bernard, 2005).