Enterprise Architecture Program: Publications, Resources & Toolkit

The IT Security Business Case: Sustainable Funding to Manage the Risks

  • 16 May 2006
  • Author: Mike Cooke
  • Number of views: 7529
The IT Security Business Case: Sustainable Funding to Manage the Risks
This brief takes a holistic approach to constructing the case for enterprise IT security investment by outlining for the state CIOs the following steps: 

  • Understanding state government’s IT environment that drives the need for security 
  • Starting with an enterprise-wide IT risk assessment 
  • Making the case for IT security through demonstrating the risks (bolstered by the IT risk assessment results), the benefits of security, and how security aligns with the state’s business needs.


Rate this article:
No rating


About The Enterprise Architecture Program

The NASCIO Enterprise Architecture program was developed to enable the mission of state and local government. Government must continually reinvent itself to remain relevant by effectively and efficiently providing services to the citizens of this country. The path to this continual transformation must embrace leadership, management, coordination, communication and technology throughout government. Enterprise architecture is the discipline to appropriately define and leverage these capabilities within the complexities of government.

Funding to support the NASCIO EA Program and information sharing initiative is provided by a grant from the U.S. Department of Justice, the Bureau of Justice Assistance, Office of Justice Programs.

Enterprise Architecture Development Tool-Kit v3.0

October 2004

The enhancements in the third version of the Tool-Kit result from the expertise and continued dedication of enterprise architecture practitioners from all levels of government and the private sector. Version 3.0 incorporates an updated governance architecture framework with added roles and responsibilities and a focus on multi-level communication. Process models with explanatory narrative are included for governance and the architecture lifecycle. The Tool-Kit also includes fully populated security domain and application domain blueprints.