The manner in which corporate information is stored and accessed is changing. With these changes, the enterprise faces new risks that must be addressed by information security. Enterprise information security architecture (EISA) using network perimeter and asset-based security models is no longer able to provide the controls and countermeasures needed for organizations to confidently take the new risks. Trusted computing models must be redefined. The first in a series on EISA, this analyst brief examines the evolution of information security and discusses the security models, controls, and countermeasures prescribed today.