crisc-d4-it-security-enterprise-architecture

Enterprise Architecture

isaca-crisc · framework · Production-ready

Drawn fromCRISC Review Manual · ISACA peer-reviewed case sets·Reviewed May 5, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Enterprise Architecture

Enterprise Architecture (EA) is the discipline of intentionally designing, governing, and continuously evolving an organization's systems, data, applications, and technology so they work together coherently to deliver business strategy. EA is not a documentation exercise — it is an active governance practice ensuring every significant technology decision aligns with business objectives, manages risk, and preserves the organization's capacity to change. In the CRISC context, EA is the control framework that makes IT risks visible before they cascade into operational, financial, or compliance failures.

Where it stops · what it isn't

—EA IS: A governance and design discipline that aligns IT structure with business strategy, surfaces architectural risks, and manages system complexity across the enterprise lifecycle.
—EA IS NOT: A one-time documentation exercise, a purely technical function divorced from business strategy, or a synonym for infrastructure management or system administration.
—EA IS: The structured management of four interconnected architecture domains — Business, Data, Application, and Technology (per TOGAF) — treated as an integrated whole.
—EA IS NOT: A replacement for project management, IT operations, or security governance; it is a complementary discipline that informs and constrains those functions.
—EA IS: A risk-identification mechanism that surfaces technical debt, architectural drift, integration complexity, and legacy dependencies before they cause business disruption.
—EA IS NOT: Exclusively applicable to large enterprises — EA principles scale from a solopreneur SaaS stack to Fortune 500 transformation programs.

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

REQUIRES

IT Operations ManagementSystem Development Life Cycle (SDLC)

ENABLES

Policies, Standards, and Business ProcessesIT Risk Identification and AssessmentRegulatory Compliance Design (HIPAA, PCI-DSS, GDPR, SOX)

PART OF

CRISC Domain 4: IT and Security

RELATED TO

Information Security Architecture (Zero-Trust)

CONSTRAINS

Application Development and Deployment Decisions

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.