Essentially, the most successful it security systems will rely on a fragmented structure; they may look to third-party or other external local hosting service providers for data that is not as crucial to keep secret. Thus, enterprises must plan for space for "machine rooms that afford high availability and reliability to departmental server resources as well as appropriate network security for these resources" (Clotfelter, 2013, p 7).Then, for more restricted data, in-house servers can provide an extra layer of security to help ensure that such sensitive data remains in proper hands. To protect such restricted data, proper identity management strategies should include "a cross functional client and technical team abstracted requirements for updates" (Clotfelter, 2013, p 5). Thus, enterprise organizations must rely on a tiered network infrastructure that provides a number of different levels of security for various elements of the enterprise organization.
Security plans are a necessary part of it protection precautions.
It is important that security plans are flexible and fluid in order to adapt, both to the internal changes of the enterprise organization, but also to the constantly evolving external threat of hackers and security breaches (Clotfelter, 2013). It security systems must be able to adapt to changing needs within the organization which they protect. Here, the research suggests that "the enterprise security architecture must ensure confidentiality, integrity, and availability throughout the enterprise and align with the corporate business objectives" (Arconati, 2002, p 2). It must help facilitate the meeting organizational goals, by securing a solid ground free of technological threats for the organization to grow. As such, all security plans must be highly detailed and tailored to each organization's specific goals and objectives. Specific goals may hinder some aspects of more general it security plan, and must be adapted in order to fit organizational needs. In this sense, "the objective of enterprise security architecture is to provide the conceptual design of the network security infrastructure, related to security mechanisms, and related to security policies and procedures," yet still able to adapt based on its conceptual nature (Arconati, 2002, p 2). Additionally, the threat of external technology develops a rapid pace. This research has already evaluated the sophisticated nature of attacks on enterprise it systems. As previously discussed, it threats are constantly changing, and are thus an incredible dangerous and intangible enemy to fight. Stiff security plans that do not have room for adaptations in IDS systems or penetration testing will surely lead to an enterprise organization falling victim to the latest in hacker technology.
Because of the nature of enterprise business, most organizations within this category are required to follow a number of regulations in regard to it safety. According to the research, "information security is partly a technical problem, but has significant procedural, administrative, physical, and personal components as well" (Arconati, 2002, p 4). As a result, there are a variety of regulatory bodies that enforce regulations that may hinder potential elements within a security plan. Federal and local regulations can have an impact on how the organization's security policy is created and enforced. Many federal regulations force organizations to have certain elements within the protection systems in order to be effective against particular and well-known attacks. Many regulations in force required firewalls, antivirus protection, IDS, encryption, and restricted access based on position within the organization (U.S. Bureau of Industry and Security, 2013). It is important for all enterprise organizations follow these requirements to the T. In order to prevent not only legal ramifications, but a general consumer mistrust for not providing the most effective security measures, especially with so many variations in local regions.
Arconati, Nicholas. (2002). One approach to enterprise security architecture. InfoSec Reading Room. SANS Institute. Web. http://www.sans.org/reading_room/whitepapers/policyissues/approach-enterprise-security-architecture_504
Clotfelter, James. (2013). ITS technology infrastructure plan. Information Technology Services. University of North Carolina Greensboro. Web. http://its.uncg.edu/About/ITS_Technology_Infrastructure%20Plan.pdf
Glynn, Fergal. (2013). What is penetrating testing? VeraCode. Web. http://www.veracode.com/security/penetration-testing
SANS Institute. (2011). Understanding intrusion detection systems. InfoSec Reading Room. Web. http://www.sans.org/reading_room/whitepapers/detection/understanding-intrusion-detection-systems_337
Quest Software. (2013). Top five it security threats and how to combat them. News Release. Dell Software. Web. http://www.quest.com/news-release/top-five-it-security-threats-and-how-to-combat-them-062012-817479.aspx
U.S. Bureau of Industry and Security. Policies and regulations. Industry and Security Industry. U.S. Department of Commerce. Web. http://www.bis.doc.gov/policiesandregulations/