CHAPTER 7
EA management plan is a living document that gets updated at
regular intervals (annually)
Home Architecture Analogy: The EA Management Plan is like the
architect’s project plan
EA management plan has 4 parts:
• EA program management
• Summary of current architecture: to provide an integrated
view of how the components and artifacts work
• Summary of future architecture
• EA glossary and references: where a glossary of EA terms is
provided along with an acronym list.
1-EA program management sections:
• Governance and principles: documents how policy and
decision making occur
• Support of strategy and business: Identifies performance
gaps
• EA roles and responsibilities
• EA program budget
• EA program performance measures
2-Summary of current architecture sections:
• Strategic goals and initiatives
• Business and services information flow
• Systems and applications
• Technology infrastructure
• IT security
• EA standards
• Workforce skill requirements
3- Summary of future architecture sections:
• Future operating scenarios
• Planning assumptions
• Updating current and future views
• EA sequencing plan
• EA configuration management
The acronym list and glossary are helpful in creating a common set
of terms and definitions
CHAPTER 8
Security is one of the vertical “threads” that has an impact at all
levels of the EA framework.
Security basic parts:
• Information security
• Personnel security
• Operational security
• physical security
Security and privacy program’s eight areas:
• Governance
• Operations
• Personnel
• Workflow
• Information
• Application
• Infrastructure
• Physical
there isn’t a 100% foolproof solution for any enterprise.
Security and privacy should be key checklist items
Risk-adjustment refers to the trade-off between sharing and
protection + how much security is desired versus the cost and effort
Information security should promote:
• Security and privacy preventive design
• information content assurance
• Source authentication
• Data access control
Personnel security should promote:
• User authentication
• Awareness
• Procedure training
Risk Assessment is an overall evaluation of risk at all levels of
architecture
Security Testing and Evaluation is to identify security or privacy
vulnerabilities
Vulnerability Remediation is the act of correcting any security or
privacy vulnerabilities
Standard Operating Procedures (SOPs) is to ensure that action is
taken by end-users and system administrators in IT security incident
Disaster recovery aspects:
• the method for recovery
• the effect on mission accomplishment
Disaster recovery aspects need to be evaluated immediately and
continually
Continuity of Operations are procedures that are invoked if all or
part of the enterprise are unexpectedly destroyed
0
