flevyblog

Flevy Blog is an online business magazine covering Business Strategies, Business Theories, & Business Stories.
MANAGEMENT & LEADERSHIP STRATEGY, MARKETING, SALES OPERATIONS & SUPPLY CHAIN ORGANIZATION & CHANGE IT/MIS Other

Federal Enterprise Architecture Framework (FEAF): Security Reference Model (SRM)

Editor's Note: Take a look at our featured best practice, Digital Transformation Strategy (145-slide PowerPoint presentation). Digital Transformation is being embraced by organizations across most industries, as the role of technology shifts from being a business enabler to a business driver. This has only been accelerated by the COVID-19 global pandemic. Thus, to remain competitive and outcompete in today's fast paced, [read more]

Also, if you are interested in becoming an expert on Digital Transformation, take a look at Flevy's Digital Transformation Frameworks offering here. This is a curated collection of best practice frameworks based on the thought leadership of leading consulting firms, academics, and recognized subject matter experts. By learning and applying these concepts, you can you stay ahead of the curve. Full details here.

* * * *

Enterprise Architecture (EA) denotes management best practice for lining up business and technology resources to realize strategic results, expand upon Organizational Performance and steer departments to achieve their core missions more successfully and achieve Operational Excellence.

Federal Enterprise Architecture Framework (FEAF) assists any agency of the Federal government achieve this through documentation and information that conveys a summarized outlook of an enterprise at various tiers of scope and detail.

The FEAF comprises of 6 interconnected Reference Models including Security Reference Model (SRM), linked through Consolidated Reference Model (CRM), each relating to a sub-architectural domain of the FEA framework.

Security is a worldwide concern pervading through all layers of the organization.  Effect on security at any level has an impact on each successive level, both ascending and descending.  Appropriate place for developing and charting Security standards, policies, and norms is the Enterprise Architecture Governance since it is the enforcement point for IT investments.

Security Reference Model (SRM) is a framework for maturing a security architecture created on Information Security and privacy standards.  SRM is omnipresent, entwining itself through all of the sub-architectures of the all-encompassing EA across all the other reference models.

Enterprise and solution architects have to remain aware of entire technology, business, performance, and security drivers so as to suitably steer IT Strategy and design Information Technology systems and choose apposite technology that fits their needs.  SRM offers all levels of architects a direction to understanding when and where those needs can be consolidated.

SRM facilitates in forming an even security architecture in 3 key areas:

  1. Purpose
  2. Risk
  3. Controls

All the layers of SRM are vital for the security posture and wellbeing of an entire agency and/or system.  Highest levels of Federal architecture transform federal laws, regulations, and publications into specific policies.

Main principle of the SRM, at the enterprise layer, is to utilize the standards in place throughout the Federal or national IT security expanse to classify policy for a particular enterprise or agency. 

Segment level transforms department specific policies into security controls and measurements.  Policies set in place from the enterprise layer are utilized by SRM to categorize controls for a certain agency or segment. 

SRM utilizes controls set at the segment layer to enable system-specific designs and/or requirements of the individual system.  SRM employs controls chosen by the agency or segment to truly embed security into a system or application.

Proper security procedures ensure both risk reduction and regulatory compliance.  Regulatory compliance is not an aim in itself, but a constituent of the course by which risks and controls, applicable to the circumstance at hand, are chosen.  Risk mitigation is the eventual motive for the application of security controls.

In the same vein, chief goal of security is not to apply controls rather it is to diminish risks by means of layered security measures of which implementation of controls is a part.  Attaining decreased risk profile means that controls ought to be integrated throughout the organization, vertically and horizontally, across system and solution deployments, layered progressively.

Consequences of security are far more challenging to measure, and differ based on the organization’s business.  Metrics are signs of an organization’s advancement in security maturity and part of the overall IT Capability Maturity.  Undeveloped organizations have diminished capability of defining or collecting metrics.

Interested in learning more about FEAF: Security Reference Model?  You can download an editable PowerPoint on FEAF: Security Reference Model (SRM) here on the Flevy documents marketplace.

Do You Find Value in This Framework?

You can download in-depth presentations on this and hundreds of similar business frameworks from the FlevyPro Library.  FlevyPro is trusted and utilized by 1000s of management consultants and corporate executives. Here’s what some have to say:

“My FlevyPro subscription provides me with the most popular frameworks and decks in demand in today’s market.  They not only augment my existing consulting and coaching offerings and delivery, but also keep me abreast of the latest trends, inspire new products and service offerings for my practice, and educate me in a fraction of the time and money of other solutions.  I strongly recommend FlevyPro to any consultant serious about success.”

– Bill Branson, Founder at Strategic Business Architects

“As a niche strategic consulting firm, Flevy and FlevyPro frameworks and documents are an on-going reference to help us structure our findings and recommendations to our clients as well as improve their clarity, strength, and visual power.  For us, it is an invaluable resource to increase our impact and value.”

– David Coloma, Consulting Area Manager at Cynertia Consulting

“FlevyPro has been a brilliant resource for me, as an independent growth consultant, to access a vast knowledge bank of presentations to support my work with clients.  In terms of RoI, the value I received from the very first presentation I downloaded paid for my subscription many times over!  The quality of the decks available allows me to punch way above my weight – it’s like having the resources of a Big 4 consultancy at your fingertips at a microscopic fraction of the overhead.”

– Roderick Cameron, Founding Partner at SGFE Ltd

87-slide PowerPoint presentation
Securing the Path to Digital Transformation In today's hyperconnected landscape, digital transformation stands as the linchpin of strategic success for organizations striving to maintain competitiveness and operational excellence. The advent of cutting-edge technologies like cloud computing, [read more]

Want to Achieve Excellence in Digital Transformation?

Gain the knowledge and develop the expertise to become an expert in Digital Transformation. Our frameworks are based on the thought leadership of leading consulting firms, academics, and recognized subject matter experts. Click here for full details.

Digital Transformation is being embraced by organizations of all sizes across most industries. In the Digital Age today, technology creates new opportunities and fundamentally transforms businesses in all aspects—operations, business models, strategies. It not only enables the business, but also drives its growth and can be a source of Competitive Advantage.

For many industries, COVID-19 has accelerated the timeline for Digital Transformation Programs by multiple years. Digital Transformation has become a necessity. Now, to survive in the Low Touch Economy—characterized by social distancing and a minimization of in-person activities—organizations must go digital. This includes offering digital solutions for both employees (e.g. Remote Work, Virtual Teams, Enterprise Cloud, etc.) and customers (e.g. E-commerce, Social Media, Mobile Apps, etc.).

Learn about our Digital Transformation Best Practice Frameworks here.

Readers of This Article Are Interested in These Resources


18-page Word document
This Word Document provides a template for an IT Security & Governance Policy and is easily customisable. Areas cover are: Security, Data Back-Up, Virus Protection, Internet & Email usage, Remote & 3rd Party Network Access, User-Account Management, Procurement, Asset Management and IS Service [read more]


 
Excel workbook
 
 
23-slide PowerPoint presentation

About Mark Bridges

Mark Bridges is a Senior Director of Strategy at Flevy. Flevy is your go-to resource for best practices in business management, covering management topics from Strategic Planning to Operational Excellence to Digital Transformation (view full list here). Learn how the Fortune 100 and global consulting firms do it. Improve the growth and efficiency of your organization by leveraging Flevy's library of best practice methodologies and templates. Prior to Flevy, Mark worked as an Associate at McKinsey & Co. and holds an MBA from the Booth School of Business at the University of Chicago. You can connect with Mark on LinkedIn here.

, , , , , , , , , , ,



Complimentary Business Training Guides


Many companies develop robust strategies, but struggle with operationalizing their strategies into implementable steps. This presentation from flevy introduces 12 powerful business frameworks spanning both Strategy Development and Strategy Execution. [Learn more]

  This 48-page whitepaper, authored by consultancy Envisioning, provides the frameworks, tools, and insights needed to manage serious Change—under the backdrop of the business lifecycle. These lifecycle stages are each marked by distinct attributes, challenges, and behaviors. [Learn more]

We've developed a very comprehensive collection of Strategy & Transformation PowerPoint templates for you to use in your own business presentations, spanning topics from Growth Strategy to Brand Development to Innovation to Customer Experience to Strategic Management. [Learn more]

  We have compiled a collection of 10 Lean Six Sigma templates (Excel) and Operational Excellence guides (PowerPoint) by a multitude of LSS experts. These tools cover topics including 8 Disciplines (8D), 5 Why's, 7 Wastes, Value Stream Mapping (VSM), and DMAIC. [Learn more]
Recent Articles by Corporate Function

  

  

  

  

  

The Flevy Business Blog (https://flevy.com/blog) is a leading source of information on business strategies, business theories, and business stories. Most of our articles are authored by management consultants and industry executives with over 20 years of experience.

Flevy (https://flevy.com) is the marketplace for business best practices, such as management frameworks, presentation templates, and financial models. Our best practice documents are of the same caliber as those produced by top-tier consulting firms (like McKinsey, Bain, Accenture, BCG, and Deloitte) and used by Fortune 100 organizations. Learn more about Flevy here.
  


OUR CORE OFFERINGS
Flevy Marketplace: Top 100
· Strategy & Transformation
· Digital Transformation
· Operational Excellence
· Organization & Change
· Financial Models
· Consulting Frameworks
· PowerPoint Templates
FlevyPro (Subscription Service)
KPI Library
Streams (Functional Bundles)
Flevy Executive Learning (FEL)
PowerPoint Services

FREE Resources

About Flevy
Management Topics
Marcus (AI-Powered Consultant)
Partner Program
LinkedIn Influencer Marketing
FAQ / Terms / Privacy / Blog
Contact Us: support@flevy.com



CONNECT WITH US!
       
TOP 100 TRENDING TOPICS
Acquisition Strategy
Agile
Analytics
Artificial Intelligence
Balanced Scorecard
Best Practices
Big Data
Breakout Strategy
Business Continuity Planning
Business Plan Financial Model
Business Transformation
CMMI
COBIT
Change Management
Cloud
Communications Strategy
Company Financial Model
Competitive Advantage
Competitive Analysis
Consulting Frameworks
Continuous Improvement
Core Competencies
Corporate Culture
Cost Reduction Assessment
Customer Experience

BROWSE BY FUNCTION
Strategy, Transformation, & Innovation
Digital Transformation
Operational Excellence and LSS
Organization, Change, & HR
Management Consulting

Customer Journey
Customer Service
Cyber Security
Data Privacy
Decision Making
Digital Marketing Strategy
Digital Transformation
Digital Transformation Strategy
Due Diligence
ESG
Employee Engagement
Employee Training
Enterprise Architecture
Growth Strategy
HR Strategy
Hiring
Hoshin Kanri
ISO 27001
ITIL
Information Technology
Innovation Management
Integrated Financial Model
Kaizen
Kanban
Key Performance Indicators

ADDITIONAL RESOURCES
Business Strategy Frameworks
Case Studies
Consulting Training Guides
COVID-19 Trend Data
Digital Transformation
Financial Advising Services (FAS)

Knowledge Management
Leadership
Lean
Lean Manufacturing
Logistics
M&A (Mergers & Acquisitions)
Manufacturing
Market Research
Marketing Plan Development
Maturity Model
McKinsey PowerPoint
McKinsey Templates
Operational Excellence
Organizational Change
Organizational Design
Performance Management
Post-merger Integration
Pricing Strategy
Process Improvement
Process Maps
Procurement Strategy
Product Launch Strategy
Product Strategy
Project Management
Quality Management


Free Resources
KPI Library
Lean Management
Lean Six Sigma Training Guides
Marcus Insights
Operational Excellence

Real Estate
Remote Work
Restructuring
Risk Management
Robotic Process Automation
SWOT
SaaS
Sales
Scrum
Service Design
Six Sigma Project
Social Media Strategy
Strategic Planning
Strategic Thinking
Strategy Development
Supply Chain Analysis
Sustainability
Target Operating Model
Team Management
Total Productive Maintenance
Value Chain Analysis
Value Creation
Value Stream Mapping
Visual Workplace
Workplace Safety


Product Strategy
Small Business Owner
Startup Resources
Strategic Planning
Strategic Planning Process
Value Innovation Strategy


© 2012-2024 Copyright. Flevy LLC. All Rights Reserved.