CISSP and Enterprise Architecture
One topic that professionals pursing Enterprise Architecture roles should focus on is security. Enterprise Architects are responsible for designing the structure and interaction of IT systems around fulfilling business needs for an organization. However, not everyone moving to an EA role has had a broad exposure, experience or understanding to the various types of security that makes and IT environment more secure. Many EA’s come from an application development background. While application developers understand security as it relates to system design, they may not understand overall infrastructure or physical environment security. Regardless of your background. If you are pursuing work as an Enterprise Architect., then one method to learn many aspects about security is to study the CISSP program. Knowing more about information security and standards within the framework will help you when you are designing new applications, evaluation vendor solutions or making decision on how to best leverage newer technologies such as the cloud.
Enterprise solution vendors are going to create solutions that reference the guidance within this program. Therefore the better you understand the primary concepts within the domains the more you will be able to architect a solution based on best practices.
The CISSP Program – Certified Information System Security Professional
Information security covers many areas of IT and is a program that encompasses many layers of security to protect your business from unauthorized access. In today’s business climate organizations must be wary of threats originating from outside the organization as well as internal security breaches. I believe that Enterprise Architects should study the CISSP knowledge base to gain a more holistic understanding of how to best implement security for your organization and work with your internal security staff to ensure proper measures are taken. The CISSP program covers these 10 topics and provides many great examples of how to implement layers of security based on your needs.
- Access Control
- Telecommunications and Network Security
- Information Security Governance and Risk Management
- Software Development Security
- Cryptography
- Security Architecture and Design
- Operations Security
- Business Continuity and Disaster Recovery Planning
- Legal, Regulations, Investigations and Compliance
- Physical (Environmental) Security
For complete information on the CISSP certification and exam can be found here – CISSP
Whether you decide to take the CISSP certification exam or not. Studying the material will help you become a better Enterprise Architect.