ABSTRACT
IT security professionals are challenged to keep abreast of constantly evolving and changing technology
and, thus, new and complex security solutions. Often, it is impossible to implement new security control
mechanisms concurrently with the implementation of new technology. One challenge most often facing
Information Systems Security Organizations (ISSOs) is the competition with other business and IT
departments for a share of IT budgets. Another is the availability of resources, to include trained security
architects, engineers, and administrators. In many large and complex organizations, the IT organization
and hence the security support functions are often fragmented and spread throughout the enterprise to
include the lines of business. This is a good thing because it increases awareness and builds support for
the untenable task at hand, yet it most often results in the ongoing implementation of a very fragmented
security infrastructure and company security posture.