The ROI of Security Architecture

More and more organisations are advertising for Security Architects and Enterprise Security Architects. Role descriptions for these positions are getting more specific and certifications like SABSA are requested by organisations seeking applicants. It appears that there is a greater demand for security architects and their outputs. But, what is the business value of a security architecture capability? What return on investment (ROI) does a good enterprise security architect can provide? Do organisations have to take a leap of faith when building up such a capability?

In this session we will discuss and share ideas around quantifying the business value of security architecture. How do we sell security architecture to an organisation and can hold ourselves, as security architects, accountable for the results? Are there any good metrics we can define to clearly demonstrate the business value of a security architecture? How does security architecture compare to other capabilities in an organisation? 

Please join us for a lively discussion, if this topic is of interest to you.

PLEASE NOTE:
This month meeting will be on Thursday and not on the regular Wednesday,
due to a public holiday!

Are you interested in Security Architecture? If so, why don’t you join our monthly Security Architecture Working Group (SAWG) sessions, which are held every last Wednesday of the month (unless there is a public holiday) from 12-1 pm in Melbourne.

In an ideal world we have a well defined Enterprise Security Architecture that is aligned to a Enterprise Architecture, which is aligned to Business Objectives. Often this is not the case. Sadly, a lot of organisations have the need to improve their security, but appear to implement security changes on a more tactical basis or because of their need to address a particulars initiative’s security needs.

In this session we will discuss and share ideas around the definition of  a security strategy and the development of associated roadmaps that provide a more strategic approach to transforming an organisation’s enterprise security architecture. The key focus point will be identifying the first steps organisations should take to achieve a more sustainable position in managing their enterprise security architecture. We will discuss this under the premise that an organisation won’t have a mature security architecture function, potentially not even a well defined enterprise architecture. How can security architects start a transformation journey without fixing everything else that is wrong beyond their sphere of influence in an organisation?

Have you ever wondered what “red teaming” is and the value it could deliver to your organisation? If you are interested in the topic and an ISACA member you should join us for a member free session on this topic.