consolidated reference model (crm) - Blog - Global Risk Community2024-03-29T12:05:16Zhttps://globalriskcommunity.com/profiles/blogs/feed/tag/consolidated+reference+model+%28crm%29Security Reference Model (SRM) of the Federal Enterprise Architecture Framework (FEAF)https://globalriskcommunity.com/profiles/blogs/security-reference-model-srm-of-the-federal-enterprise-architectu2021-09-07T11:39:11.000Z2021-09-07T11:39:11.000ZMark Bridgeshttps://globalriskcommunity.com/members/MarkBridges<div><p><span style="font-size:12pt;"><a href="{{#staticFileLink}}9542439669,original{{/staticFileLink}}"><img class="align-right" src="{{#staticFileLink}}9542439669,RESIZE_400x{{/staticFileLink}}" alt="9542439669?profile=RESIZE_400x" width="250" /></a><a href="https://flevy.com/business-toolkit/enterprise-architecture">Enterprise Architecture (EA)</a> denotes management best practice for lining up business and technology resources to realize strategic results, expand upon Organizational Performance and steer departments to achieve their core missions more successfully and achieve Operational Excellence.</span></p><p><span style="font-size:12pt;">Federal Enterprise Architecture Framework (FEAF) assists any agency of the Federal government achieve this through documentation and information that conveys a summarized outlook of an enterprise at various tiers of scope and detail.</span></p><p><span style="font-size:12pt;">The FEAF comprises of 6 interconnected Reference Models including Security Reference Model (SRM), linked through Consolidated Reference Model (CRM), each relating to a sub-architectural domain of the FEA framework.</span></p><p><span style="font-size:12pt;">Security is a worldwide concern pervading through all layers of the organization. Effect on security at any level has an impact on each successive level, both ascending and descending. Appropriate place for developing and charting Security standards, policies, and norms is the Enterprise Architecture Governance since it is the enforcement point for IT investments.</span></p><p><span style="font-size:12pt;">Security Reference Model (SRM) is a framework for maturing a security architecture created on Information Security and privacy standards. SRM is omnipresent, entwining itself through all of the sub-architectures of the all-encompassing EA across all the other reference models.</span></p><p><span style="font-size:12pt;">Enterprise and solution architects have to remain aware of entire technology, business, performance, and security drivers so as to suitably steer IT Strategy and design Information Technology systems and choose apposite technology that fits their needs. SRM offers all levels of architects a direction to understanding when and where those needs can be consolidated.</span></p><p><span style="font-size:12pt;">SRM facilitates in forming an even security architecture in 3 key areas:</span></p><ol><li><span style="font-size:12pt;"><strong>Purpose</strong></span></li><li><span style="font-size:12pt;"><strong>Risk</strong></span></li><li><span style="font-size:12pt;"><strong>Controls</strong></span></li></ol><p><span style="font-size:12pt;"><a href="https://flevy.com/browse/flevypro/feaf-security-reference-model-srm-5837"><img class="aligncenter size-full wp-image-9613" src="https://flevy.com/blog/wp-content/uploads/2021/09/Slide-Deck-image-FEAF-SRM.png" alt="" width="693" height="520" /></a></span></p><p><span style="font-size:12pt;">All the layers of SRM are vital for the security posture and wellbeing of an entire agency and/or system. Highest levels of Federal architecture transform federal laws, regulations, and publications into specific policies.</span></p><p><span style="font-size:12pt;">Main principle of the SRM, at the enterprise layer, is to utilize the standards in place throughout the Federal or national IT security expanse to classify policy for a particular enterprise or agency.<strong> </strong></span></p><p><span style="font-size:12pt;">Segment level transforms department specific policies into security controls and measurements. Policies set in place from the enterprise layer are utilized by SRM to categorize controls for a certain agency or segment.<strong> </strong></span></p><p><span style="font-size:12pt;">SRM utilizes controls set at the segment layer to enable system-specific designs and/or requirements of the individual system. SRM employs controls chosen by the agency or segment to truly embed security into a system or application.</span></p><p><span style="font-size:12pt;">Proper security procedures ensure both risk reduction and regulatory compliance. Regulatory compliance is not an aim in itself, but a constituent of the course by which risks and controls, applicable to the circumstance at hand, are chosen. Risk mitigation is the eventual motive for the application of security controls.</span></p><p><span style="font-size:12pt;">In the same vein, chief goal of security is not to apply controls rather it is to diminish risks by means of layered security measures of which implementation of controls is a part. Attaining decreased risk profile means that controls ought to be integrated throughout the organization, vertically and horizontally, across system and solution deployments, layered progressively.</span></p><p><span style="font-size:12pt;">Consequences of security are far more challenging to measure, and differ based on the organization’s business. Metrics are signs of an organization’s advancement in security maturity and part of the overall IT Capability Maturity. Undeveloped organizations have diminished capability of defining or collecting metrics.</span></p><p><span style="font-size:12pt;">Interested in learning more about FEAF: Security Reference Model? You can download <a href="https://flevy.com/browse/flevypro/feaf-security-reference-model-srm-5837">an editable PowerPoint on <strong>FEAF: Security Reference Model (SRM)</strong> here </a>on the <a href="https://flevy.com/browse">Flevy documents marketplace</a>.</span></p><h3><span style="font-size:12pt;"><strong>Do You Find Value in This Framework?</strong></span></h3><p><span style="font-size:12pt;">You can download in-depth presentations on this and hundreds of similar business frameworks from the <a href="https://flevy.com/pro/library">FlevyPro Library</a>. <a href="https://flevy.com/pro">FlevyPro</a> is trusted and utilized by 1000s of management consultants and corporate executives. Here’s what some have to say:</span></p><blockquote><p><span style="font-size:12pt;">“My FlevyPro subscription provides me with the most popular frameworks and decks in demand in today’s market. They not only augment my existing consulting and coaching offerings and delivery, but also keep me abreast of the latest trends, inspire new products and service offerings for my practice, and educate me in a fraction of the time and money of other solutions. I strongly recommend FlevyPro to any consultant serious about success.”</span></p><p><span style="font-size:12pt;">– Bill Branson, Founder at Strategic Business Architects</span></p></blockquote><blockquote><p><span style="font-size:12pt;">“As a niche strategic consulting firm, Flevy and FlevyPro frameworks and documents are an on-going reference to help us structure our findings and recommendations to our clients as well as improve their clarity, strength, and visual power. For us, it is an invaluable resource to increase our impact and value.”</span></p><p><span style="font-size:12pt;">– David Coloma, Consulting Area Manager at Cynertia Consulting</span></p></blockquote><blockquote><p><span style="font-size:12pt;">“FlevyPro has been a brilliant resource for me, as an independent growth consultant, to access a vast knowledge bank of presentations to support my work with clients. In terms of RoI, the value I received from the very first presentation I downloaded paid for my subscription many times over! The quality of the decks available allows me to punch way above my weight – it’s like having the resources of a Big 4 consultancy at your fingertips at a microscopic fraction of the overhead.”</span></p><p><span style="font-size:12pt;">– Roderick Cameron, Founding Partner at SGFE Ltd</span></p></blockquote></div>