ABSTRACT
Many organizations suffer serious information security incidents, despite having taken positive steps towards achieving good security standards. The authors hypothesize that these issues are often as a result of security arrangements not being sufficiently integrated with businesses. We believe that adopting an enterprise architecture (EA) approach to implementing information security – commonly referred to as an ‘Enterprise Information Security Architecture’ (EISA) – will deliver substantial benefits. Our paper has reviewed and analyzed literature concerning the root causes of information security incidents and describes a novel approach with 8 domains for ensuring critical factors are considered when building an EISA framework.
Acknowledgments
The authors would like to express their gratitude to the anonymous reviewers for their constructive feedback and helpful advice during the writing of this paper.
Disclosure statement
No potential conflict of interest was reported by the authors.