The second brief in a series on EISA traces the evolution of information and application architecture and the related response from information security. Enterprise information security architecture needs to shift from a control model to a serving model, as is the premise for service oriented information technology models. This paper defines five principles of computing by which information security must adhere or face irrelevance. These principles address people, information, applications, systems, and infrastructure. While not strict guidelines, they are intended to direct the enterprise information security architecture in a direction that is congruent with rapid change in information technology. It is intended that whatever it is that information security does build is relevant and compelling to the business units.