A strong Enterprise Information Security Architecture process helps to answer basic questions like:

What is the information security risk posture of the organization?
Is the current architecture supporting and adding value to the security of the organization?
How might a security architecture be modified so that it adds more value to the organization?
Based on what we know about what the organization wants to accomplish in the future, will the current security architecture support or hinder that?

Enterprise Information Security Architecture (EISA) is the practice of applying a comprehensive and rigorous method for describing a current or future structure and behavior for an Organization's security processes, information security systems, personnel and Organizational sub-units, so that they align with the Organization's core goals and strategic direction.

Although often associated strictly with information security technology, it relates more broadly to the security practice of business optimization  that addresses business security architecture, performance management and security process architecture as well. Organizations today require their applications and infrastructure to be in a secure environment to keep their business running strong. To achieve this, it is critical that every single element involved in the business is protected against any sort of threat, external or internal by putting processes with proactive and reactive measures to safeguard against such instances.
Enterprise Information Security Architecture is becoming a common practice within the financial institutions around the globe. The primary purpose of creating an enterprise information security architecture is to ensure that business strategy and IT security are aligned. As such, enterprise information security architecture allows traceability from the business strategy down to the underlying technology.