A well-defined information security architecture process will follow the SDLC/SELC of your organization. If your organization does not have a well-defined SDLC/SELC process, then work to ensure that you are part of the project or task initiation within your various business operating groups.

What we are trying to ensure is that information security architecture is built into an information system at the earliest stage possible. The earlier that we can integrate with the stakeholders, the better we are able to serve their interests and the interests of the organization by developing the most secure system possible. Additionally, by starting earlier and building security into the system from the beginning, we are ensuring an integrated security solution rather than a bolted-on mess. This will help to ensure more efficient and better performing security controls.