When the building is finished, those who architected, designed and constructed it move out, but someone has to run the building during its lifetime. Such a person is often called the facilities manager. The job of the facilities manager is to deal with the operation of the building and its various services, maintaining it in good working order, and monitoring how well it is performing in meeting the requirements. The framework for doing this is called the 'operational security architecture'.

​

In the realm of business information systems the operational architecture is concerned with classical systems operations work. Here the focus of attention is only on the security-related parts of that work. The operational security architecture is concerned with the following:

​

• What?  Ensuring the operational continuity of the business systems and information processing, and maintaining the security of operational business data and information (confidentiality, integrity, availability, auditability and accountability);

• Why?  To manage operational risks and hence to minimize operational failures and disruptions;

• How?  Performing specialized security-related operations (user security administration, system security administration, data back-ups, security monitoring, emergency response procedures, etc.);

• Who?  Providing operational support for the security-related needs of all users and their applications (business users, operators, administrators, etc.);

• Where?  Maintaining the system integrity and security of all operational platforms and networks (by applying operational security standards and auditing the configuration against these standards);

• When?  Scheduling and executing a timetable of security-related operations.

​

Source:

​

Sherwood, J., Clark, A., & Lynas, D. (2005). The Tradesman's View. In J. Sherwood, A. Clark, & D. Lynas,

        Enterprise  Security Architecture (p. 40). San Francisco: CMP Books.