This integrated security architectural framework ties business processes to risk while identifying gaps in regulatory standards, industry standards, and security policy compliance. This framework provides decision makers with information that can be referenced to help prioritize projects while addressing security in a cost-effective manner. The framework additionally supports organizational survivability following a disaster by directly feeding quantitative risk data into business continuity management.
Business owners can quickly see the end-to-end relationships between the framework’s elements. Security practitioners can quickly show the risk addressed by each element and can measure each IT security service’s delivery across the framework.