flevyblog

Flevy Blog is an online business magazine covering Business Strategies, Business Theories, & Business Stories.
MANAGEMENT & LEADERSHIP STRATEGY, MARKETING, SALES OPERATIONS & SUPPLY CHAIN ORGANIZATION & CHANGE IT/MIS Other

Federal Enterprise Architecture Framework (FEAF): Security Reference Model (SRM)

Enterprise Architecture (EA) denotes management best practice for lining up business and technology resources to realize strategic results, expand upon Organizational Performance and steer departments to achieve their core missions more successfully and achieve Operational Excellence.

Federal Enterprise Architecture Framework (FEAF) assists any agency of the Federal government achieve this through documentation and information that conveys a summarized outlook of an enterprise at various tiers of scope and detail.

The FEAF comprises of 6 interconnected Reference Models including Security Reference Model (SRM), linked through Consolidated Reference Model (CRM), each relating to a sub-architectural domain of the FEA framework.

Security is a worldwide concern pervading through all layers of the organization.  Effect on security at any level has an impact on each successive level, both ascending and descending.  Appropriate place for developing and charting Security standards, policies, and norms is the Enterprise Architecture Governance since it is the enforcement point for IT investments.

Security Reference Model (SRM) is a framework for maturing a security architecture created on Information Security and privacy standards.  SRM is omnipresent, entwining itself through all of the sub-architectures of the all-encompassing EA across all the other reference models.

Enterprise and solution architects have to remain aware of entire technology, business, performance, and security drivers so as to suitably steer IT Strategy and design Information Technology systems and choose apposite technology that fits their needs.  SRM offers all levels of architects a direction to understanding when and where those needs can be consolidated.

SRM facilitates in forming an even security architecture in 3 key areas:

  1. Purpose
  2. Risk
  3. Controls

All the layers of SRM are vital for the security posture and wellbeing of an entire agency and/or system.  Highest levels of Federal architecture transform federal laws, regulations, and publications into specific policies.

Main principle of the SRM, at the enterprise layer, is to utilize the standards in place throughout the Federal or national IT security expanse to classify policy for a particular enterprise or agency. 

Segment level transforms department specific policies into security controls and measurements.  Policies set in place from the enterprise layer are utilized by SRM to categorize controls for a certain agency or segment. 

SRM utilizes controls set at the segment layer to enable system-specific designs and/or requirements of the individual system.  SRM employs controls chosen by the agency or segment to truly embed security into a system or application.

Proper security procedures ensure both risk reduction and regulatory compliance.  Regulatory compliance is not an aim in itself, but a constituent of the course by which risks and controls, applicable to the circumstance at hand, are chosen.  Risk mitigation is the eventual motive for the application of security controls.

In the same vein, chief goal of security is not to apply controls rather it is to diminish risks by means of layered security measures of which implementation of controls is a part.  Attaining decreased risk profile means that controls ought to be integrated throughout the organization, vertically and horizontally, across system and solution deployments, layered progressively.

Consequences of security are far more challenging to measure, and differ based on the organization’s business.  Metrics are signs of an organization’s advancement in security maturity and part of the overall IT Capability Maturity.  Undeveloped organizations have diminished capability of defining or collecting metrics.

Interested in learning more about FEAF: Security Reference Model?  You can download an editable PowerPoint on FEAF: Security Reference Model (SRM) here on the Flevy documents marketplace.

Do You Find Value in This Framework?

You can download in-depth presentations on this and hundreds of similar business frameworks from the FlevyPro Library.  FlevyPro is trusted and utilized by 1000s of management consultants and corporate executives. Here’s what some have to say:

“My FlevyPro subscription provides me with the most popular frameworks and decks in demand in today’s market.  They not only augment my existing consulting and coaching offerings and delivery, but also keep me abreast of the latest trends, inspire new products and service offerings for my practice, and educate me in a fraction of the time and money of other solutions.  I strongly recommend FlevyPro to any consultant serious about success.”

– Bill Branson, Founder at Strategic Business Architects

“As a niche strategic consulting firm, Flevy and FlevyPro frameworks and documents are an on-going reference to help us structure our findings and recommendations to our clients as well as improve their clarity, strength, and visual power.  For us, it is an invaluable resource to increase our impact and value.”

– David Coloma, Consulting Area Manager at Cynertia Consulting

“FlevyPro has been a brilliant resource for me, as an independent growth consultant, to access a vast knowledge bank of presentations to support my work with clients.  In terms of RoI, the value I received from the very first presentation I downloaded paid for my subscription many times over!  The quality of the decks available allows me to punch way above my weight – it’s like having the resources of a Big 4 consultancy at your fingertips at a microscopic fraction of the overhead.”

– Roderick Cameron, Founding Partner at SGFE Ltd

About Mark Bridges

Mark Bridges is a Senior Director of Strategy at Flevy. Flevy is your go-to resource for best practices in business management, covering management topics from Strategic Planning to Operational Excellence to Digital Transformation (view full list here). Learn how the Fortune 100 and global consulting firms do it. Improve the growth and efficiency of your organization by leveraging Flevy's library of best practice methodologies and templates. Prior to Flevy, Mark worked as an Associate at McKinsey & Co. and holds an MBA from the Booth School of Business at the University of Chicago. You can connect with Mark on LinkedIn here.

, , , , , , , , , , ,



Complimentary Business Training Guides


Many companies develop robust strategies, but struggle with operationalizing their strategies into implementable steps. This presentation from flevy introduces 12 powerful business frameworks spanning both Strategy Development and Strategy Execution. [Learn more]   This 48-page whitepaper, authored by consultancy Envisioning, provides the frameworks, tools, and insights needed to manage serious Change—under the backdrop of the business lifecycle. These lifecycle stages are each marked by distinct attributes, challenges, and behaviors. [Learn more]
We've developed a very comprehensive collection of Strategy & Transformation PowerPoint templates for you to use in your own business presentations, spanning topics from Growth Strategy to Brand Development to Innovation to Customer Experience to Strategic Management. [Learn more]   We have compiled a collection of 10 Lean Six Sigma templates (Excel) and Operational Excellence guides (PowerPoint) by a multitude of LSS experts. These tools cover topics including 8 Disciplines (8D), 5 Why's, 7 Wastes, Value Stream Mapping (VSM), and DMAIC. [Learn more]
Recent Articles by Corporate Function

  

  

  

  

  


The Flevy Business Blog (https://flevy.com/blog) is a leading source of information on business strategies, business theories, and business stories. Most of our articles are authored by management consultants and industry executives with over 20 years of experience.

Flevy (https://flevy.com) is the marketplace for business best practices, such as management frameworks, presentation templates, and financial models. Our best practice documents are of the same caliber as those produced by top-tier consulting firms (like McKinsey, Bain, Accenture, BCG, and Deloitte) and used by Fortune 100 organizations. Learn more about Flevy here.


Connect with Flevy:

   
  


About Flevy.com   /   Terms   /   Privacy Policy
© 2021. Flevy LLC. All Rights Reserved.