alternate text alternate text alternate text alternate text

IFEAD

 People -- Process -- Business -- Technology
IFEAD is an independent research and information exchange organization working on the future state of Enterprise Architecture.
-Home US
-Home NL
-EA Links
-EA Standards
-EA Methods
-EA Tools
-EA & SOE/SOA
-EA & Strategy
-EA Best Practices
-EA Governance
-EA Security
-EA Defense
-EA Education
-EA Certification
-EA Conferences
-EA Publications
-EA Books
-EA Presentations
-E2A Approach IFEAD (Extended Enterprise Architecture)
-EA News
-Enterprise Portfolio Management
-About IFEAD
-IFEAD Partners
-About the Founder
-Contact Us
-Disclaimer
-Page Translation

Enterprise Architecture Security

-

New profile adds Security & Privacy to the USA Federal Enterprise Architecture

The USA Office of Management and Budget is instructing agencies to make a direct connection between the lines of business in the Federal Enterprise Architecture and security and privacy.

The security and privacy profile released this month extends across all five FEA reference models.

That means agencies now have a common starting point to discuss how to make sure security and privacy issues fit across lines of business and throughout a system’s life-cycle, said Karen Evans, OMB administrator for e-government and IT.

USA-NIST Computer Security resource Center

The mission of NIST's Computer Security Division is to improve information systems security by:

  • Raising awareness of IT risks, vulnerabilities and protection requirements, particularly for new and emerging technologies;
  • Researching, studying, and advising agencies of IT vulnerabilities and devising techniques for the cost-effective security and privacy of sensitive Federal systems;
  • Developing standards, metrics, tests and validation programs:
    to promote, measure, and validate security in systems and services
    to educate consumers and
    to establish minimum security requirements for Federal systems
  • Developing guidance to increase secure IT planning, implementation, management and operation.

Arizona Enterprise Architecture Security

The Security Architecture is an integral and critical component within the overall Enterprise Architecture designed specifically to:
• Enable secure communications and the appropriate protection of information
resources within the State of Arizona.
• Support the legal information security requirements established by existing Federal
and State statutes pertaining to information confidentiality, accessibility, availability
and integrity.
• Support secure, efficient transaction of business and delivery of services.
• Leverage opportunities to obtain IT security synergies and economies of scale.

Accordingly, the Security Architecture supports the overarching goal of Enterprise Architecture to enable and accelerate the development of effective digital government within Arizona by providing a consistent framework that aligns information technology resources with business strategies, and fosters effective and timely technical decision-making.

Security Safeguards Privacy

The nexus between network security and consumer privacy is increasingly being seen in measures health care organizations are taking to comply with the federal Health Insurance Portability and Accountability Act. Systems deployed last April to meet HIPAA's privacy deadline will help achieve compliance with a security deadline in April 2005.

At Children's Hospital, in Boston, the IT department this year implemented an integrated system of password management and user provisioning that meets HIPAA's privacy mandates without impeding the staff's access to data, said Scott Ogawa, chief technology officer at the hospital.

"We were stuck between a rock and a hard place," Ogawa said last week at the Inside ID conference here. "Our job is not to stand in the way of the caregiving process. Clinicians demand immediate access to their data."

One of the greatest challenges the hospital faced was securing the network password system, which, according to Ogawa, presents one of the top 10 threats to security. Easy-to-guess passwords are common, he said.

"It would probably shock you, but before HIPAA, you'd walk around in ICU, and you would see several notes [with passwords] on each of the monitors," Ogawa said, adding that resetting passwords costs the hospital $160,000 per year and that employees who forgot passwords could face long delays before regaining access to the network.

The integrated password management and user provisioning system not only improves security, it also improves access to data, Ogawa said. Overall help desk calls dropped by 80 percent, and the hospital is saving $207,000 per year.

Enterprise identity management for public-facing systems can be more complicated, and the growing pool of users alone creates new challenges for privacy, said Paula Arcioni, identity management services manager at the New Jersey Office of Information Technology, in Trenton.
-
Home | About IFEAD | EA Publications | Partners | News
Contact Us | Disclaimer | Copyright © 2001-2008, IFEAD
Extended Enterprise Architecture Framework / E2AF & Extended Enterprise Architecture Maturity Model / E2AMM are Service Marks (SM) registered by IFEAD