Security is a strategic concern (posted by Fabien Villard)
Here is an interesting point of view on security business today from an IBM Security Strategist: http://www.networkworld.com/news/2009/081709-8-dirty-secrets-of-the.html
Among the eight points some are tightly related to enterprise strategy and enterprise architecture. Points 2, 6 and 7 focus on external concerns, regulations and security product vendors, but others may be summarized like this: what do I need as a company when speaking of Security? Moreover, how do I manage to know that? This kind of question is all about strategy and point 8 is a clear conclusion: “Technology without strategy is chaos, Corman said”.
But security strategy has no reasons to be designed apart from the enterprise strategy. Risk evaluation (point 5) and risk priorities (point 4) should be part of the enterprise strategy and risk mitigation (point 3) should be part of the enterprise architecture as a result of good practices, not as a resullt of late add-ons: security concerns should be included as a primary requirement of all designs, starting from the enterprise level studies.
