Enterprise Security Architecture

From Glitchdata Wiki
Jump to: navigation, search

Enterprise Security Architecture is part of Computing Security, Security Consider:


  • Authentication: The substantiation of the identity of a person or entity related to the enterprise or system in some way.
  • Authorization: The definition and enforcement of permitted capabilities for a person or entity whose identity has been established.
  • Audit: The ability to provide forensic data attesting that the systems have been used in accordance with stated security policies.
  • Assurance: The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies.
  • Availability: The ability of the enterprise to function without service interruption or depletion despite abnormal or malicious events.
  • Asset Protection: The protection of information assets from loss or unintended disclosure, and resources from unauthorized and unintended use.
  • Administration: The ability to add and change security policies, add or change how policies are implemented in the enterprise, and add or change the persons or entities related to the systems.
  • Risk Management: The organization's attitude and tolerance for risk. (This risk management is different from the special definition found in financial markets and insurance institutions that have formal risk management departments.)