Chapter 3. Enterprise Context

When starting to architect a solution, the architect starts to gather requirements external to the organization and internally as a part of enterprise governance. The requirements can often become inflexible constraints on the design, delivery, and operation of the infrastructure and application.

External factors such as laws and regulations include mandatory security, privacy, and compliance requirements for organizations to implement. Industry and professional organizations also offer best practices and standards for the design and operation of the information system.

Internally, there are many documents that govern the design and delivery of an information systems architecture, including security policies, practices, guiding principles, and an enterprise architecture. Their role is to support the consistent and effective enforcement of security controls and information systems across the organization.

For a comprehensive security architecture, a product, project, or program needs to consider both external and internal factors that guide the design and implementation of a solution architecture. This chapter will expand on many of these topics and show how the external and internal context can help support the delivery of effective security and compliance across an organization.

All the contextual information discussed in this chapter should ideally already exist at the top level of an organization to help you integrate security into a solution architecture. ...