Enterprise Information Protection Standards of Practice - Options and Basis

All.Net presents the Options and Basis components of our standards of practice for enterprise information protection. These provide overarching coverage and many specifics surrounding what we currently view as a reasonable and prudent approaches to addressing information protection for enterprises. While there may be many other approaches that might also meet the need, we hope that these will help provide guidance within the community.

This content is part of a process used by our affiliated companies as developed over many years. We identify these issues, characterize the environment, and apply these decision points by interacting with clients and applying our expertise to help form overall architecture and its component parts. Typically, decisions are reviewed both internally and externally in an iterative fashion so that as we discover things that require changes, those changes ripple through the overall standard to keep it up to date and relevant.

In many cases, this standard of practice is used starting with an as-is review, identifying a desired future state, doing what, by then, is a relatively straight forward gap analysis, and then characterizing a workable transition plan for the organization. In our more agile approach, we undertake only an initial and periodic as-is and future state analysis, understanding that the reduced time and cost in assessment leads to more resources available for acting on the results, and that planning is less certain and less permanent when we are moving at a faster pace.

Elements of the framework:

Mon Sep 29 18:51:58 PDT 2014