nd.gov - The Official Portal for North Dakota State Government
North Dakota: Legendary. Follow the trail of legends

EA Principles for Security

The EA Domain Team for Security is built upon five EA Conceptual Principles and four EA Principles for Security:

  1. Standardize the Security Infrastructure
  2. Educate the Enterprise
  3. Coordinate Enterprise Security
  4. Protect Enterprise IT Assets

1. Standardize the Security Infrastructure

All authentication, authorization, and auditing be consistent across the enterprise.

Benefits:

  • Elimination of multiple sign-on administration and risk factors
  • Elimination of multiple sign-on help desk support
  • User service level is improved
  • Reduced risk of confidential breeches
  • Better handling of termination issues
  • Transparency to user of application security functions between multiple hosts 

Implications:

  • Use of common authentication processes (traditionally driven by operating system and applications)
  • Implies ability to authenticate against a common directory
  • Cost of supporting a common directory needs to be addressed at an enterprise level
  • Initial migration will require up-front investments
  • All agencies must participate
  • All vendor solutions/proposals will need to address the security requirements of the enterprise
  • Development projects need to include/address security issues in the early stages/design function

Counterarguments:

  • Reduces flexibility of agency specific solutions
  • Potential increased cost of supporting an enterprise-wide solution
  • Risk of greater exposure to enterprise through a single sign-on

2. Educate the Enterprise

Inform all stakeholders of information security policies, standards, guidelines & procedures.

Benefits:

  • Everyone knows what to expect
  • Everyone knows what is expected of them
  • Consistency across the enterprise
  • Reduced duplication of effort 

Implications:

  • Coordinated formal training program will be created
  • Mandatory agency participation

Counterarguments:

  • Formal training provided may not meet agency needs (timeframe, content)
  • No perceived benefit to agency

3. Coordinate Enterprise Security

Implement coordinated and consistent incident prevention/response through proactive communication.

Benefits:

  • Consistent method of communication
  • Timely and appropriate incident response
  • Consistent expectations
  • Education
  • Reduce total cost of ownership
  • Reduce vulnerabilities

Implications:

  • Centralized repository of logs
  • Testing of process
  • Formal Enterprise SIRT ‘Security Incident Response Team'
  • Requires additional education
  • Agency designated security officer
  • Incident response tracking database

Counterarguments:

  • Process may place too much burden on individual agencies This includes cost, human resource, complexity and overhead
  • Not broken why fix it? 

4. Protect Enterprise IT Assets

Apply and maintain best practices for protection of enterprise technology and information assets.

Benefits:

  • Improved availability
  • Improved system integrity
  • Improved data integrity
  • Improved data confidentiality
  • Decreased exposure to risks
  • Improved reaction to disaster/business continuity issues 

Implications:

  • Software patches need to be kept current
  • Unnecessary services/ports need to be disabled
  • Virus protection must be current
  • Strong passwords enforced
  • Regular review of user authentication and asset authorization
  • Increased usage of physical access restrictions
  • Increased usage of data encryption, in transmission and at rest
  • Backups kept current and offsite
  • Redundancy of critical IT assets
  • Expanded utilization of dmz's and firewalls
  • Implement anti-spam philosophy
  • Coordinated and documented research
  • Non-enterprise personnel must adhere to all enterprise policies when using enterprise assets 

Counterarguments:

  • Barriers to information assets
  • Protection requirements can best be solved at an agency level 

Related Service

 

What Our Customers Are Saying

Perfect Work

Bowman County Sheriffs Office
July 21, 2014
 
 

Copyright © 2014 North Dakota Information Technology Department - ITD
Use Adobe Reader to view, print and collaborate on PDF files.