Organizations have always been striving to come up with aninformation security system where it is possible for them to securethe data within the company and at the same time protecting the usersof the system. However, it is unlikely for such a system to bedeveloped and is not cost efficient. It is unlikely for the system tobecome operational because of the incomplete manner in which theentire activity is carried out. Most firms fail to take intoconsideration the users of the information security systems based onhow much they understand the systems and if they can utilize them(Peltier, 2005). Much of the work is left to the developers, and theend users are not taken through the system. Eventually, the systemfails because the end users have limited information on how to use itcourtesy of the lack of creation of awareness. Also, it becomes notcost effective since it is underutilized by those expected to use thesystem.
EISA aims at the application of a comprehensive and rigorous methodfor the description of the organization’s security processes andthe information systems such that they are aligned with the goalsthat may have been set in the organization. Much focus is giventowards the security practices of the organization where aspects ofarchitecture and performance management are addressed. The primarypurpose of creation of EISA is ensuring that there is an alignment ofan organization’s strategy with the information technology securitymeasures that are available in the company (Shariati, Bahmani &Shams, 2011).
Peltier, T. R.(2005). Implementing an Awareness Program.Information
SystemsSecurity, 14(2), 37-49.
Shariati, M.,Bahmani, F., & Shams, F. (2011). Enterprise information security,a review of
architectures andframeworks from interoperability perspective. Procedia Computer