Your role is that of an Enterprise Architect, reporting to the Chief Enterprise Architect, at a technology company. The company provides staff, as well as cloud-based services for many government agencies.
The company uses the TOGAF standard as the method and guiding framework for its Enterprise Architecture (EA) practice. The Chief Technology Officer (CTO) is the sponsor of the activity. The practice uses an iterative approach for its architecture development. This has enabled the decision-makers to gain valuable insights into the different aspects of the business.
The nature of the business is such that the data and the information stored on the company systems are the company’s major asset and are highly confidential. The company employees work remotely and need constant access to the company systems, which is done by the public infrastructure. They use message encryption, secure internet connections using Virtual Private Networks (VPNs), and other standard security measures. The company has provided computer security awareness training for all its staff.
The Chief Security Officer (CSO) has noted an increase in distributed denial-of-service (DDoS) attacks on companies with a similar profile. The CSO understands that even with thorough preparation, a major attack could stop employees from being able to do their jobs. This could lead to a large financial loss, damage to the company’s reputation with customers, and employees being unable to work.
A risk assessment has been completed, and the company has looked for cyber insurance that covers such attacks. The price for this insurance is very high. The CTO has decided not to get cyber insurance to cover such attacks.
You have been asked to describe the steps you would take to strengthen the current architecture to improve data protection.
Submit