Options
Framework vs. Architecture
Chassidic1
Member Posts: 37 ■■□□□□□□□□
in SSCP
Hey all, I could use some clarification on terms Harris uses in her "Information Security and Governance and Risk Management" Chapter. Those two terms are: framework, versus architecture. Here is what I've got so far, let me know what you think, thanks:
An Enterprise Security Framework is a collection of Architectures, each of which are a document which demonstrates the alignment of business with (I.T.) Security goals from a specific viewpoint - be it from the CFO's point of view, in dollars and cents; from the CSO's perspective in the form of vulnerability information, etc.
I know that sounds kind of weird, but I figured I'd give it a shot for the time being.
Thanks!
Dovid
An Enterprise Security Framework is a collection of Architectures, each of which are a document which demonstrates the alignment of business with (I.T.) Security goals from a specific viewpoint - be it from the CFO's point of view, in dollars and cents; from the CSO's perspective in the form of vulnerability information, etc.
I know that sounds kind of weird, but I figured I'd give it a shot for the time being.
Thanks!
Dovid
Comments
-
OptionsTheProfezzor
Member Posts: 204 ■■■□□□□□□□
I think this is quite straightforward. Enterprise Security Framework defines how to build, implement and use the architectures. The architecture allowit to be the guide when implementing solutions to ensure business needs are met, provide standard protection across the environment, and reduce the amount of security surprises the organization will run into. Now, architecture can be from different stand points. If it's more inclined towards financial metering, it could be representing risks on CFO's point of view. If it addresses IT security goals, it is representing CIO's or CISO's point of view.
Frameworks are industry specific generally and define how architectures are brought upOSCP: Loading . . . -
OptionsChassidic1
Member Posts: 37 ■■□□□□□□□□
Thanks TP. So, it sounds like we are dealing with general versus particular, right? A framework is the general method of building and implementing a particular way of uniting business/I.T./Security needs, and, presenting this way to each "stakeholder" the way they "need" to see information?
Best Regards,
Dovid -
OptionsTheProfezzor
Member Posts: 204 ■■■□□□□□□□
[FONT=Calibri, Helvetica, Arial, sans-serif]In general, a framework is a real or conceptual structure intended to serve as a support or guide for the building of something that expands the structure into something useful. Now, that something useful could be the architecture from CISO's, CFO's or CTO's standpoint.
[/FONT]OSCP: Loading . . .
