Requirements for a true enterprise-wide security infrastructure: the play's the thing

Abstract

Business has certain requirements that must be met if the enterprise is to thrive; some of these requirements are affected by security systems. The relationship of these requirements and supporting business has been well illustrated by the success of enterprise resource planning (ERP) systems and the initial failure and subsequent transformational impact of tools such as spreadsheets. If designed correctly, an enterprise-wide security infrastructure can, in fact, enable new business. However, the best security in the world will not be adequate if the business itself is not supported. This paper describes a set of minimum requirements that must be met if security systems are to meet their promise of enabling entirely new lines of business, and then describes an instantiation of these requirements in a currently available system.