Versions Compared

Version Old Version 4 New Version 5
Changes made by

Satwinder Singh

Satwinder Singh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Version published after converting to the new editor

Anchor
_5u18gi4tf1pg
_5u18gi4tf1pg
Enterprise Architecture Principles v 1.0 
Anchor
_GoBack
_GoBack
Columbia University Enterprise Architecture - version 1.0 - 2014-12-04

Anchor
_53jeu5c07984
_53jeu5c07984
Architecture Principles

...

  • Without this principle, exclusions, favoritism, and inconsistency would rapidly undermine the management of information. This concept was best stated by John Adams as, "a government of laws and not of men." Massachusetts Constitution, Part The First, art. XXX (1780).

...

  • While protection of IP assets is everybody's business, much of the actual protection is implemented in the IT domain. Even trust in non-IT processes can be managed by IT processes (email, mandatory notes, etc.).
  • A security policy, governing human and IT actors, will be enforced that can substantially improve protection of IP. This must be capable of both avoiding compromises and reducing liabilities.
  • Use of technology to implement data integrity and confidentiality will explicitly be architected to protect individual privacy and academic freedom.
  • Resources on such policies can be found at the Administrative Policy Library ({+}http://policylibrary.columbia.edu+).
  • This principle applies to all people that the University serves, including, for example, applicants, clients, patients, and other individuals that the institution serves.

...

  • In order to adequately provide access to information while maintaining secure information, security needs must be identified and developed at the data level, not the application level.
  • All data shall be classified as Sensitive, Confidential, Internal or Public, as defined in the University Data Classification Policy, and protected appropriately.
  • Security must be designed into data elements from the beginning; it cannot be added later. Systems, data, and technologies must be protected from unauthorized access and manipulation. Data security must be designed "on the left side" of the development lifecycle flow, not added "on the right" (at the end).
  • Endpoints, systems and applications must be classified by the types of data they use, registered and protected to the level appropriate for that data classification, per the University Registration and Protection of Systems and Endpoints Policies.
  • Complete information regarding University data security policies may be found in the Administrative Policy Library: {+}http://cuit.columbia.edu/it-policy-summaries+

...