Enterprise Security Architecture: A Business-Driven Approach
High-level security principles (e.g., trust models, "least privilege"). Logical
Learn how to assess your current state across five levels—from Reactive (Chaos) to Business-Driven (Optimized). Most enterprises believe they are at Level 3; the PDF provides a diagnostic tool proving they are actually at Level 1. Most enterprises believe they are at Level 3;
The most powerful feature of this architecture is traceability. A business requirement (e.g., "Protect customer PII to comply with GDPR") is traced down through the layers:
Translates business goals into security concepts and information attributes. A business requirement (e
Business-Driven Approach
Defines the business context, objectives, and high-level risk appetite. Conceptual A business requirement (e.g.
Security is delivered as a set of services to the business (e.g., Authentication Service, Authorization Service, Non-Repudiation Service). This allows the architecture to remain agile; the service interface remains constant even if the underlying technology changes.