Comparison of information security architectures

Abstract

The information security architecture helps to compare the current state of security with the desired one and determine how to achieve it in an optimal way. The architecture of information security is especially important in an unstable economic situation when there is no more money for everything you “want”, and all projects should be linked to the survival of the business in a crisis. Only a clearly built architecture allows you to stay on track and achieve your goals. Implementing security architecture is often a complex process in enterprises. Traditionally, a security architecture consists of some preventive, detective, and corrective controls that are used to protect enterprise infrastructure and applications. Some enterprises work better with security architectures by adding policy-based controls, including policies and procedures. Many traditional information security thinkers see information security architecture as nothing more than the presence of security policies, controls, tools, and monitoring. The world has changed; information security is not the beast as before. Today's risk factors and threats are not as simple and not as simple as they were before. New emerging technologies and capabilities, such as the Internet of Things, are changing dramatically how companies work and what their goals and objectives are. It is important for all security professionals to understand business goals and try to support them by introducing appropriate controls that can simply be justified to interested parties and involve business risks. That is why, the concept of information security architecture is used. This article will analyze the following information security architectures that may help achieve this goal: SABSA. Sherwood Applied Business Security Architecture (SABSA); O-ESA. Open Enterprise Security Architecture (O-ESA); OSA. Open Security Architecture (OSA).