To properly inform your decision making, as an information security architect in support of a technology project, you must be able to determine what the business and technology-related goals are for the information system being designed.
Establishing a process such as an initial information security analysis at project initiation will allow you, as the information security architect, to gather the necessary information to properly support your project and provide the most relevant guidance possible.
As part of an initial information security analysis, you will want to gather the following information:
- Purpose and description of the information system
- Compliance requirements
- Key information system and project roles
- Expected user types
- Interface requirements
- External information systems access
- Business impact assessment
- Information categorization
An important note regarding this process is to recognize that it is referred to as an initial information security analysis. You may not be able to get all your questions answered during project initiation, and this is perfectly acceptable. However, what the process gives you is a framework to work with so that you can begin gathering the information in order for you to properly advise your project and business stakeholders.