Security Architecture

Agenda

Frameworks and Standards

Different ways of looking at Risk

Impact

Assurance

O Desafio está aumentando...

1990 Today 20400%

20%

40%

60%

80%

100%

120%

Percentage of IT budget devoted to security

Percentage of IT budget devoted to security

Security and Architecture

IT Architecture is about using IT to meet business needs

Security is about reducing business risk

Security Architecture is about reducing business risk from IT

Security Architecture Frameworks and Standards

TOGAF Next

Everything

TOGAF 9Process, Content

TOGAF 8Process Only

IAFContent Only

SABSASecurity Specific

ZachmanContent Only

FAIRRisk Analysis

Security Measures vs. Risks

Threat

Asset

Impact

Access Path

Deterrence

Detection

Containment

Prevention

Attack

Uses

To perform

Against

Which results in

Recovery

Ris

k

Sec

urity

Mea

sure

sDeters

Controls

Detects

Recovers

Limits

Security Concepts in an Architecture Framework

Context:Why do I need to be Secure?

Concept:What security do I need?

Logical/Physical:How will I be secure?

Threats Stakeholders Drivers

Assets Domains

Access Routes

Risks

Requirements Policies

Services Measures

Different Types of Risk

Domains

Assets

• Risks are unexpected or uncertain events

• Risks trigger impacts if they occur• Real-world systems have many

risks• Security measures mitigate the

risks• The cost of a security measure

must be less than the value of the risks it mitigates

Asset Risk

Assets are things the business valuesStakeholders are people and organisations

that have an interest in assetsStakeholders have objectives - things they

want to enforce - laws, contracts, ethical rules, principles, policies Confidentiality, Integrity, Availability, Non-repudiation

Stakeholders can be negativeFor every asset/objective combination, there is

a risk this will not be enforcedLooking at risk in this way helps you to

concentrate on what is of valueDomains

Assets

Threat Risk

Threat Agents are people, organisations or events with access to your assets

Threat agents can be legitimate Employees, Customers

or illegitimate Hackers, criminals

Or unexpected events Component failure, flood, earthquake

Threat agents can make mistakes, or can deliberately attack you, or can happen unexpectedly

This leads to an objective not being metLooking at risk in this way helps you to

concentrate on possible loss scenarios

Domains

Assets

Domain Risk

Domains are the places where assets are stored: Networks, servers, processes, databases, files, sites,

boxesDomains are accessed by threat agents via

access routesAccess routes need to be secured

Guided by common sense and good practiceNon-secured access routes are a source of

riskLooking at risk in this way helps you to

concentrate on how an attacker would get inDomains

Assets

Anatomy of an Attack

Actions By Threat Agent

Legitimate Access - Event Illegitimate Access - Impact

Threat Agent Stakeholders

Security Breach Occurs

Asset

Breach Detected and Stopped

Actions by Stakeholders

Timeline

Impact

Security measures are justified by risks but…

Risks are difficult to enumerate systematically

The impact of a risk is difficult to estimate

Real systems generate enormous numbers of risks

It’s not practical to design security countermeasures as responses to risks

Most security practitioners don’t start with a list of risks

Instead, they start with good practice and common sense

And only list risks when a business case is needed

Assurance

How do I know I’m secure?

TestingPenetration Testing

Risk Analysis

Maturity Modelling

Certification (Vs ISO 27001)

Evaluation (Vs ISO 15408)

Security Architecture Service Delivery Framework

ROLES

Security Engagement Manager

Security Auditor

Security Advisor

Security Architect

CAPGEMINI PROCESSES ARTEFACTS

Work Initiation

Sizing Tools

Request Templates

Industrialised Design

Quality Assurance

Governance

Resource Management

Added Value

Reporting

Advisory

Report Templates

Architecture Design Templates

Risk Assessment Tools

Waiver & Exemption Templates

Detailed Design

Virtualised Platform Pattern

Mobile Devices Pattern

Cloud Architecture Pattern

Example Security Policies, Standards

IAM Architecture Pattern

Etc.

New Starter Pack

Value IT Tools

Controls Review

Etc.

New Project

Project: Security Initiation

Architecture Design

Security Review

Detailed Design & Build

DELIVERABLES

• Project Initiation

• Information Classification• Risk Assessment• Business Impact Assessment

• Security Architecture Resource Request

• Requirements Definition• Outline Solution Design• Full Solution Design• Waivers & Exemptions

• Controls Review

• Detailed Design

Security Designer

Conclusion: What makes up a security architecture

Security Architectur

e

Threat Agents

Access Routes

Domains

AssetsStakeholder

sObjectives

Risks

Impacts

Measures

The information contained in this presentation is proprietary.© 2013 Capgemini. All rights reserved.

www.capgemini.com

About CapgeminiWith more than 130,000 people in 44 countries, Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. The Group reported 2013 global revenues of EUR 10.1 billion. Together with its clients, Capgemini creates and delivers business and technology solutions that fit their needs and drive the results they want. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business ExperienceTM, and draws on Rightshore®, its worldwide delivery model. Learn more about us at www.capgemini.com.

Rightshore® is a trademark belonging to Capgemini