Security Controls Catalog

ea3-secEA3 artifact SP-1: Security Controls Catalog and Solutions Description

The Security Controls Catalog is

The Security Solutions Description provides a high-level view of how security is provided for selected resources throughout the enterprise.  The solutions cover four dimensions of security: physical, data, personnel, and operations and may include diagrams or matrices.

Operational Security

In the area of operational security, the Security Program should promote the development of standard operating procedures (SOPs) for all EA components that support line of business operations. SOPs should also be developed for recovery from major outages or natural disasters, and for enabling the continuity of operations if all or part of the enterprise becomes disabled.

Data Security

In the area of information security, the Security Program should promote security-conscious designs, information content assurance, source authentication, and data access control. The assessment of types of data being handled for privacy protection concerns should also be done (e.g. customer credit data or employee SSNs).

Personnel Security

In the area of personnel security, the Security Program should promote user authentication and IT security awareness, and new user/recurring training. badges, biometrics, card swipe units, cipher locks, and other methods of combining personnel and physical security solutions should be implemented.

Physical Security

The elements of physical security that should be captured in the EA include protection for the facilities that support IT processing, control of access to IT equipment, networks, and telecommunications rooms, as well as fire protection, media storage, and disaster recovery systems.

 

Leave a Comment