Enterprise Information Security Architecture (EISA) is the practice of applying a comprehensive and rigorous method for describing a current or future structure and behavior for an Organization's security processes, information security systems, personnel and Organizational sub-units, so that they align with the Organization's core goals and strategic direction. Although often associated strictly with information security technology, it relates more broadly to the security practice of business optimization that addresses business security architecture, performance management and security process architecture as well. Organizations today require their applications and infrastructure to be in a secure environment to keep their business running strong. To achieve this, it is critical that every single element involved in the business is protected against any sort of threat, external or internal by putting processes with proactive and reactive measures to safeguard against such instances.
Enterprise Information Security Architecture is becoming a common practice within the financial institutions around the globe. The primary purpose of creating an enterprise information security architecture is to ensure that business strategy and IT security are aligned. As such, enterprise information security architecture allows traceability from the business strategy down to the underlying technology.