Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
(ISC)²
SSCP
Framework vs. Architecture
Chassidic1
Hey all, I could use some clarification on terms Harris uses in her "Information Security and Governance and Risk Management" Chapter. Those two terms are: framework, versus architecture. Here is what I've got so far, let me know what you think, thanks:
An Enterprise Security
Framework
is a collection of
Architectures
, each of which are a document which demonstrates the alignment of business with (I.T.) Security goals from a specific viewpoint - be it from the CFO's point of view, in dollars and cents; from the CSO's perspective in the form of vulnerability information, etc.
I know that sounds kind of weird, but I figured I'd give it a shot for the time being.
Thanks!
Dovid
Find more posts tagged with
Comments
TheProfezzor
I think this is quite straightforward. Enterprise Security Framework defines how to build, implement and use the architectures. The architecture allowit to be the guide when implementing solutions to ensure business needs are met, provide standard protection across the environment, and reduce the amount of security surprises the organization will run into. Now, architecture can be from different stand points. If it's more inclined towards financial metering, it could be representing risks on CFO's point of view. If it addresses IT security goals, it is representing CIO's or CISO's point of view.
Frameworks are industry specific generally and define how architectures are brought up
Chassidic1
Thanks TP. So, it sounds like we are dealing with general versus particular, right? A framework is the general method of building and implementing a particular way of uniting business/I.T./Security needs, and, presenting this way to each "stakeholder" the way they "need" to see information?
Best Regards,
Dovid
TheProfezzor
[FONT=Calibri, Helvetica, Arial, sans-serif]
In general, a framework is a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful. Now, that something useful could be the architecture from CISO's, CFO's or CTO's standpoint.
[/FONT]
Chassidic1
Cool, thanks again
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
