TY - JOUR T1 - An Enterprise Security Program and Architecture to Support Business Drivers JF - Technology Innovation Management Review Y1 - 2013 A1 - Brian Ritchot KW - cybersecurity KW - cyberthreats KW - information assurance KW - information risk KW - information security KW - risk KW - security architecture AB - This article presents a business-focused approach to developing and delivering enterprise security architecture that is focused on enabling business objectives while providing a sensible and balanced approach to risk management. A balanced approach to enterprise security architecture can create the important linkages between the goals and objectives of a business, and it provides appropriate measures to protect the most critical assets within an organization while accepting risk where appropriate. Through a discussion of information assurance, this article makes a case for leveraging enterprise security architectures to meet an organizations' need for information assurance. The approach is derived from the Sherwood Applied Business Security Architecture (SABSA) methodology, as put into practice by Seccuris Inc., an information assurance integrator. An understanding of Seccuris’ approach will illustrate the importance of aligning security activities with high-level business objectives while creating increased awareness of the duality of risk. This business-driven approach to enterprise security architecture can help organizations change the perception of IT security, positioning it as a tool to enable and assure business success, rather than be perceived as an obstacle to be avoided. PB - Talent First Network CY - Ottawa VL - 3 UR - http://timreview.ca/article/713 IS - 8 U1 - Seccuris Brian Ritchot is a Senior Information Security Consultant with Seccuris Inc, specializing in the implementation and delivery of intrusion-detection solutions, vulnerability assessment, network analysis, and security architecture. With 11 years of prior experience in the federal government, Brian has developed skills and expertise to support the detection, discovery, and mitigation of cyberthreat activity. Brian has led and managed several high-profile teams and projects to deliver operational security solutions that monitor and protect systems of importance to the Government of Canada. Brian now focuses his time in the private sector, helping a variety of customers across the critical infrastructure sector with their IT security needs. These activities span enterprise security architecture development, incident response and handling, vulnerability assessments, forensic investigations, and specialized IT security expertise to mitigate sophisticated cyberintrusions. ER -