ECCouncil CCISO 712-50 Question # 177 Topic 18 Discussion

An Information Security Policy is the foundation for developing an Enterprise Information Security Architecture (EISA) as it defines the principles, guidelines, and requirements for securing enterprise assets.

Role of Security Policy:

Provides the baseline for designing and implementing EISA by establishing organizational security objectives.

Guidance for Frameworks:

Informs architectural decisions regarding asset protection, access controls, and regulatory compliance.

Comparison with Other Options:

Security Regulations: Influence the policy but do not form the EISA foundation.

Asset/Data Classification: Supports EISA but is derived from the overarching security policy.

Scalability and Standardization:

Ensures that the architecture aligns with enterprise goals and adapts to evolving threats.

Policy Development and Implementation: Stresses the foundational role of security policies in driving enterprise-wide security initiatives.

Architectural Design Principles: Incorporates policies as the primary input for EISA creation and maintenance.

EC-Council CISO References: