It is the common experience of many organizations that information security solutions are often designed, acquired and installed on a tactical basis. A requirement is identified, a specification is developed and a solution is sought to meet that situation. In this process, there is no opportunity to consider the strategic dimension, and the result is that the organization builds up a mixture of technical solutions on an ad hoc basis, each independently designed and specified and with no guarantee that they will be compatible and interoperable. There is often no analysis of the long-term costs, especially the operational costs, which make up a large proportion of the total cost of ownership, and there is no strategy that can be identifiably said to support the goals of the business.
MTG’s approach avoids these piecemeal problems via the development of an enterprise security architecture that is business-driven and that describes a structured inter-relationship between the technical and procedural solutions to support the long-term needs of the business. If the architecture is to be successful, then it must provide a rational framework within which decisions can be made upon the selection of workable security solutions. The decision criteria will be derived from a thorough understanding of the business requirements, including:
- The need for cost reduction
- Modularity
- Scalability
- Ease of component reuse
- Operability
- Usability
- Interoperability both internally and externally
- Integration with the enterprise IT architecture and its legacy systems
Furthermore, information systems security is only a small part of information security, which in turn, is but one part of a wider topic: business security. Business security embraces three major areas: information security; business continuity, and physical & environmental security. Broader still is the view that business security is concerned with all aspects of operational risk management. Only through an integrated approach to these broad aspects of business security will it be possible for the enterprise to make the most cost-effective and beneficial decisions with regard to the management of operational risk. The enterprise security architecture and the security management process should therefore embrace all of these areas.
MTG will apply a combination of our proprietary methodology, and that which is provided under the appropriate Framework model for our approach in conducting these services. The Framework model is the foundation upon which the work is designed
|
