Information security architecture establishes rigorous and comprehensive policies, procedures, and guidelines around the development and operationalization of an information security architecture across the enterprise information technology deployed within an organization.

An organization's information security architecture must be tightly aligned with the organization's business mission in order to be successful. Establishing an information security architecture program that ultimately hampers the mission success will result in the architecture being ignored and the organization's risk level increasing.

When aligning your information security architecture with your business mission, you should ask yourself similar questions to those that you asked throughout the development of your information security program:

• What is your organization's business risk appetite?
  • How much risk is your organization willing to tolerate?
  • How much is your organization willing to spend to reduce risk?
• How mature is your organization?
  • Is your organization a startup running out of Office 365 or Google Apps for business?
  • Is your organization a 40-year-old manufacturer with 15,000 employees and 200 locations?
• Is your organization's information technology centralized or decentralized?
• How does your organization approach foundational IT/hygiene issues?
  • Topics:
    • Asset discovery and management
    • Secure configurations
    • Account privilege restriction
    • Patching
• Is your organization mature, and does it work to ensure the IT systems are maintained?
• Are IT solutions built and forgotten about until they break?
• Is your organization somewhere in between? Determine where your organization sits.

Understanding answers to questions like these will help you to ensure that your information security architecture program is well targeted to the organization. These questions will also allow you to establish plans to adjust your information security architecture program as your organization matures.