nd.gov - The Official Portal for North Dakota State Government
North Dakota: Legendary. Follow the trail of legends

EA Principles for Security

The EA Security Architecture is built upon five EA Conceptual Principles and four EA Principles for Security:

  1. Standardize the Security Infrastructure
  2. Educate the Enterprise
  3. Coordinate Enterprise Security
  4. Protect Enterprise IT Assets

1. Standardize the Security Infrastructure

All authentication, authorization, and auditing be consistent across the enterprise.


  • Elimination of multiple sign-on administration and risk factors
  • Elimination of multiple sign-on help desk support
  • User service level is improved
  • Reduced risk of confidential breeches
  • Better handling of termination issues
  • Transparency to user of application security functions between multiple hosts 


  • Use of common authentication processes (traditionally driven by operating system and applications)
  • Implies ability to authenticate against a common directory
  • Cost of supporting a common directory needs to be addressed at an enterprise level
  • Initial migration will require up-front investments
  • All agencies must participate
  • All vendor solutions/proposals will need to address the security requirements of the enterprise
  • Development projects need to include/address security issues in the early stages/design function


  • Reduces flexibility of agency specific solutions
  • Potential increased cost of supporting an enterprise-wide solution
  • Risk of greater exposure to enterprise through a single sign-on

2. Educate the Enterprise

Inform all stakeholders of information security policies, standards, guidelines & procedures.


  • Everyone knows what to expect
  • Everyone knows what is expected of them
  • Consistency across the enterprise
  • Reduced duplication of effort 


  • Coordinated formal training program will be created
  • Mandatory agency participation


  • Formal training provided may not meet agency needs (timeframe, content)
  • No perceived benefit to agency

3. Coordinate Enterprise Security

Implement coordinated and consistent incident prevention/response through proactive communication.


  • Consistent method of communication
  • Timely and appropriate incident response
  • Consistent expectations
  • Education
  • Reduce total cost of ownership
  • Reduce vulnerabilities


  • Centralized repository of logs
  • Testing of process
  • Formal Enterprise SIRT ‘Security Incident Response Team'
  • Requires additional education
  • Agency designated security officer
  • Incident response tracking database


  • Process may place too much burden on individual agencies This includes cost, human resource, complexity and overhead
  • Not broken why fix it? 

4. Protect Enterprise IT Assets

Apply and maintain best practices for protection of enterprise technology and information assets.


  • Improved availability
  • Improved system integrity
  • Improved data integrity
  • Improved data confidentiality
  • Decreased exposure to risks
  • Improved reaction to disaster/business continuity issues 


  • Software patches need to be kept current
  • Unnecessary services/ports need to be disabled
  • Virus protection must be current
  • Strong passwords enforced
  • Regular review of user authentication and asset authorization
  • Increased usage of physical access restrictions
  • Increased usage of data encryption, in transmission and at rest
  • Backups kept current and offsite
  • Redundancy of critical IT assets
  • Expanded utilization of dmz's and firewalls
  • Implement anti-spam philosophy
  • Coordinated and documented research
  • Non-enterprise personnel must adhere to all enterprise policies when using enterprise assets 


  • Barriers to information assets
  • Protection requirements can best be solved at an agency level 

Related Service


What Our Customers Are Saying

It is reassuring knowing that I can call for assistance and Thanks for the fast, friendly and knowledgeable assistance!issue will be taken care of quickly.

West Central Human Service Center
June 29, 2015