Business Express is an online portal that covers the latest developments in the world of business and finance. From startups and entrepreneurship to mergers and acquisitions, Business Express provides reporting on the stories that matter most to business leaders and decision-makers.The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
Canva CYBER SECURITY Business technologyFirewallAntivirus Alert Protection Security and Cyber Security Firewall e1592399930928 - Business Express
CYBER SECURITY Business, technology,FirewallAntivirus Alert Protection Security and Cyber Security Firewall

EISA: The core principles of strengthening the enterprise cybersecurity

mike - Business Express


By Mike Paye, VP of Research and Development at Netwrix

Global spending on cybersecurity is on the rise as organisations face ever more sophisticated attacks on a daily basis and up their spending to stay safe. This trend is affecting cloud security as well, with a recent Netwrix survey revealing that 49 per cent of organisations claimed their budget for cloud security has increased in 2022.

Prior to implementing any specific solutions or procedures, it is crucial to define the core security principals that form the enterprise information security architecture (EISA). To ensure EISA reflects both current and future business needs, organisations must consider both their digital systems and personnel teams, along with their associated roles and functions.

The core components of EISA

Ahead of the development process, it is vital to recognise the key layers of an effective and successful EISA. Firstly, the business context is necessary to define the enterprise informational use cases and how this specific data affects the achievement of organisational goals. This conceptual layer is the element which can provide information regarding risk attributes and the enterprise profile. 

Another key element is the clear identification of pathways between applications, procedures, information, and services. Knowledge of how all these elements interact with each other helps to develop an architecture that will not interfere with critical business processes. Lastly, a conclusion should be drawn on what is needed to reduce existing vulnerabilities and maintain the appropriate level of cybersecurity procedures into the future – being sure to specify details of the devices, software, processes, and additional components that are required.

How to develop an effective EISA

EISA development starts with examining the existing level of cybersecurity. What security standards and processes the organisation is currently following and what security gaps do they leave? Identifying these points can make it easier to later analyse cybersecurity weaknesses and determine how they can be resolved. After assessing the organisation’s current cybersecurity status, the next step is to set new security goals – taking business priorities into account. Both the technical and strategical contexts help narrow down the areas of future focus.

As soon as all the preliminary work is done, it is time to consult with a verified framework that can guide an organisation to the actual improvement of the foundational cybersecurity layers such as data, identities, and infrastructure. The Open Group Architecture Framework (TOGAF), the Sherwood Applied Business Security Architecture (SABSA), the Federal Enterprise Architecture Framework (FEAF), the Zachman Framework, and the COBIT 5 framework have proven to be trustworthy sources of current best practices, so there is no need to start from scratch.

Don't miss out on any breaking news or insightful opinions!
Subscribe to our free newsletter and stay updated on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email.

Next is determining how the EISA will be integrated into the existing IT environment and dividing the tasks between the in-house and vendors’ development teams. Assessment of internal resources, the available level of expertise, and state of the market should help inform this decision. 

Finally, organisations must be sure to revise the security architecture regularly. To address the constantly evolving threat landscape, EISA should be tested and reviewed on a regular and ongoing basis. 

Communication is the main challenge when developing an EISA

There is no one size fits all approach when it comes to developing a successful EISA, however, there are several common challenges to lookout for throughout the integration process. 

Lack of understanding and communication across departments, teams, users, and stakeholders should be addressed in the early stages of the process. Communicating clearly across the organisation about why it is important to prioritise IT security best practices, along with the intended goals of the EISA, is essential in mitigating emerging risks and sustaining higher IT security standards. 

Negative or failed past experiences can cause concern and a degree of hesitancy amongst stakeholders towards newer initiatives such as, for example, the possible ineffectiveness of upcoming IT investments into new cybersecurity measures. To avoid this, it is important to manage expectations by providing information about the costs and return on investment (ROI) of any new data protection software. 

However, this can be difficult to accurately calculate, and with other factors including lack of funding, it will not be easy to convince stakeholders who may already be sceptical. Therefore, an effective EISA plan must address these concerns at a comprehensive level. 

The benefits of an effective EISA

Having a well thought out EISA development plan serves as an invaluable tool for planning new cybersecurity measures throughout all levels of the organisation. A thoroughly planned EISA can also provide the information – which could otherwise be unavailable – needed to help make the best choices when it comes to managing the technology lifecycle and solutions to utilise throughout the IT environment. Equally as important, it is a critical tool for organisations needing to follow compliance regulations enforced by current industry standards and legal requirements.

Enterprise security is different from the traditional understanding of cybersecurity – as organisations with complex infrastructures need effective management, regular assessments, and strong security policies in order to avoid major cybersecurity incidents. Both security architecture and enterprise strategy go hand in hand when it comes to improving business-wide privacy and cybersecurity effectiveness. Without a comprehensive and detailed EISA plan, the entire organisation, its digital infrastructure, and business continuity can be put in jeopardy of a cyberattack. 


Recent Post: