An enterprise security architecture that doesn't respond to change is not relevant in today's business environment. A properly executed security architecture helps organizations remain proactive in the face of change because it is modular, flexible and aligned with business goals. It remains relevant long after it is initially implemented, and can be used to guide new infrastructure or application projects in the appropriate selection of essential security requirements. Because they can understand the impact of new infrastructure, systems and applications, organizations can adapt quickly and easily to future challenges and opportunities.

The first step in creating such an architecture is determining where your critical assets and data reside, and how they interact with your business and business partners. While it sounds simple, most organizations cannot effectively map their assets across their enterprise, let alone prioritize their security needs. This results in a disjointed architecture, redundant or misaligned security practices and increased costs, and can actually create vulnerabilities.

Proven Development Methodology
Unlike systems integrators, Cybertrust identifies corporate assets and interactions with a strict focus on their relation to your information security strategy and architecture, and individual risk tolerance.

We follow the widely used Zachman Framework for Enterprise Architecture as the underlying logical structure to derive a business-driven security view of an organization.

Our focus:

• Business Interaction Model - Defines the business interactions between the various elements of the enterprise and establishes and defines the fundamental building blocks of the enterprise.
• Logical Requirements Model - This model takes the building blocks identified in the first stage and assigns business requirements for security to each component. These best practice requirements, moderated by the required risk profile, drive the implementation of technical, policy and procedural solutions that support the business needs of the enterprise.
• Technology Requirements Model - This model takes the architectural or technical requirements for security established in the second stage and establishes a best practice technical architecture. This is moderated by business needs that will provide the level of protection indicated by the risk profile of the enterprise. It is not meant to be implemented as is. Rather, it is established so that system designers and architects have a benchmark they can use to measure proposed design solutions and highlight possible weaknesses.

The final architecture provides a blueprint for guiding separate development projects, ensuring that the overall systems environment maintains architectural (and security) integrity. The architectural requirements are founded in internationally-recognized, industry best practice and government standards (such as AS/NZS 7799, AS/NZS ISO/IEC 17799, COBIT, and ACSI-33) and are selected based on customer compliance requirements.