T1 02 M.M.veeraragaloo
-
Upload
oding-herdiana -
Category
Documents
-
view
214 -
download
0
Transcript of T1 02 M.M.veeraragaloo
![Page 1: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/1.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 1/44
EnterpriseSecurity
Architecture for
Cyber SecurityM.M.Veeraragaloo
5th September 2013
![Page 2: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/2.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 2/44
Outline
• Cyber Security Overview
• TOGAF and Sherwood Applied Business SecurityArchitecture (SABSA)o Overview of SABSA
o Integration of TOGAF and SABSA
• Enterprise Security Architecture Framework
The Open Group EA Practitioners Conference - Johannesburg 2013 2
![Page 3: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/3.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 3/44
Cyber Security
3
1. What is Cyber Security?
2. How is Cyber Security related to information security?3. How do I protect my company from malicious attacks?
The Four Types of Security Incidents1. Natural Disaster2. Malicious Attack (External Source)
3. Internal Attack4. Malfunction and Unintentional Human Error
Information security - the "preservation of confidentiality , integrity and availability
of information" (ISO/IEC 27001:2005);
"Cyber Security is to be free from danger or damage caused by disruption or fall-out ofICT or abuse of ICT. The danger or the damage due to abuse, disruption or fall-out can be comprised of a limitation of the availability and reliability of the ICT, breach of the
confidentiality of information stored in ICT or damage to the integrity of thatinformation.” (The National Cyber Security Strategy 2011, Dutch Ministry of Securityand Justice)
![Page 4: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/4.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 4/44
Cyber Security in Perspective
4The Open Group EA Practitioners Conference - Johannesburg 2013
No official position about the differences between Cyber Security and Information Security
Risk Management
(ISO/IEC 27001:2005);
Information SecurityISO/IEC 2700:2009
Information Technology
Business Continuity(BS 25999-2:2007).
Cyber Security
Source: 9 Steps to Cyber Security – The Manager’s Information Security Strategy Manual (Dejan Kosutic)
![Page 5: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/5.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 5/44
Cyber Security in South Africa
5Source: SA-2012-cyber-threat (Wolf Pack) [ 2012/2013 The South African Cyber Threat Barometer]
![Page 6: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/6.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 6/44
TOGAF & SABSA
9/9/2013Footer Text 6
![Page 7: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/7.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 7/44
SABSA Overview
9/9/2013Footer Text 7
![Page 8: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/8.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 8/44
SABSA Meta Model
The Open Group EA Practitioners Conference - Johannesburg 2013 8
![Page 9: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/9.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 9/44
SABSA Matrix
The Open Group EA Practitioners Conference - Johannesburg 2013 9
![Page 10: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/10.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 10/44
SABSA Life Cycle
The Open Group EA Practitioners Conference - Johannesburg 2013 10
In the SABSA Lifecycle, the development of the contextual and conceptual layers is grouped into an activity called Strategy
Planning. This is followed by an activity called Design, which embraces the design of the logical, physical, component, and
service management architectures. The third activity is Implement, followed by Manage & Measure. The significance of the
Manage & Measure activity is that once the system is operational, it is essential to measure actual performance against targets,
to manage any deviations observed, and to feed back operational experience into the iterative architectural development process.
![Page 11: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/11.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 11/44
SABSA Taxonomy of ICT Business Attributes
The Open Group EA Practitioners Conference - Johannesburg 2013 11
![Page 12: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/12.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 12/44
SABSA Taxonomy of General Business Attributes
The Open Group EA Practitioners Conference - Johannesburg 2013 12
![Page 13: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/13.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 13/44
SABSA Operational Risk Model
The Open Group EA Practitioners Conference - Johannesburg 2013 13
![Page 14: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/14.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 14/44
SABSA integrated withTOGAF
9/9/2013Footer Text 14
![Page 15: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/15.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 15/44
A Central Role for Requirements Management
The Open Group EA Practitioners Conference - Johannesburg 2013 15
Linking the Business Requirements (Needs) to the Security Services – which TOGAF does in the “Requirements
Management” Phase and SABSA does via the Business Attributes Profile. These Artefacts needs to be linked to ensure
traceability from Business Needs to Security Services.
![Page 16: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/16.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 16/44
Requirements Management in TOGAFusing SABSA Business Attribute Profiling
The Open Group EA Practitioners Conference - Johannesburg 2013 16
Business Attribute Profiling: This describes the level ofprotection required for each business capability.
• Requirements Catalog: This stores the architecture
requirements of which security requirements form an integral
part. The Business Attribute Profile can form the basis for all
quality requirements (including security requirements) and
therefore has significant potential to fully transform the current
TOGAF requirements management approach.•Business and Information System Service Catalogs: TOGAF
defines a business service catalog (in Phase B: Business
Architecture) and an information system service catalog (Phase
C: Information Systems Architecture). The creation of the
information system services in addition to the core concept of
business services is intended to allow more sophisticated
modelling of the service portfolio.• The Security Service Catalog: As defined by the SABSA
Logical Layer, this will form an integral part of the TOGAF
Information System Service Catalogs.
![Page 17: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/17.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 17/44
The Business Attribute Profile Mapped onto the TOGAFContent Meta Model
The Open Group EA Practitioners Conference - Johannesburg 2013 17
![Page 18: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/18.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 18/44
SABSA Life Cycle and TOGAF ADM
The Open Group EA Practitioners Conference - Johannesburg 2013 18
Ma i TOGAF a d SABSA Ab t a tio
![Page 19: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/19.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 19/44
Mapping TOGAF and SABSA AbstractionLayers
The Open Group EA Practitioners Conference - Johannesburg 2013 19
![Page 20: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/20.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 20/44
Mapping of TOGAF to SABSA Strategy andPlanning Phase
The Open Group EA Practitioners Conference - Johannesburg 2013 20
As the SABSA phases extend beyond the core phases of the TOGAF ADM, the scoping provided by
the SABSA Domain Model extends beyond these core phases of TOGAF, both in terms of solution
design and system and process management during the operational lifecycle.
![Page 21: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/21.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 21/44
Overview of Security Related Artifacts in the TOGAF ADM
The Open Group EA Practitioners Conference - Johannesburg 2013 21
![Page 22: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/22.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 22/44
Preliminary Phase – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 22
![Page 23: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/23.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 23/44
Phase A - Architecture Vision – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 23
![Page 24: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/24.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 24/44
Phase B – Business Architecture – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 24
![Page 25: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/25.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 25/44
Phase C – Information Systems Architecture – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 25
![Page 26: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/26.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 26/44
Phase D – Technology Architecture – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 26
![Page 27: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/27.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 27/44
![Page 28: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/28.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 28/44
Phase H – Architecture Change Management – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 28
![Page 29: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/29.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 29/44
Enterprise Security
Architecture - Framework
9/9/2013Footer Text 29
ICT i id t id th h l
![Page 30: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/30.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 30/44
ICT service providers must consider the wholemarket. Four dimensions to put in one line
The Open Group EA Practitioners Conference - Johannesburg 2013 30
Service Models
Cloud (XaaS)
Hosting
Managed Service
Monitoring
Frameworks
ISO 27002
NIST
ISF
Requirements
national/intern. law
industries
SOX, PCI DSS…
customers
Service Types
Desktop
Communication
Collaboration
Computing
LogonLogonLogon
Service Provider
ICT e i e o ide u t o ide the hole
![Page 31: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/31.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 31/44
ICT service providers must consider the wholemarket. Four dimensions to put in one line
The Open Group EA Practitioners Conference - Johannesburg 2013 31
4) Mapping Model to demonstrate fulfillment of
all types of security requirements
3) Hierarchy of Security Standards
delivering information on each level of detail
2) Modular and Structured approach
that serves all possible models
and offerings
1) Produce Standardized Security measures for
industrialized ICT production
Enterprise Security Architecture
» shaping the security of ICT service provisioning «
deliver assurance to customers and provide directions for production
From Requirements to ICT Services
![Page 32: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/32.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 32/44
From Requirements to ICT Services.Standardisation is Key
The Open Group EA Practitioners Conference - Johannesburg 2013 32
requirements identification
requirements consolidation
conception, integration
operations, maintenance
Corporate Governance, Risk, &
Compliance
customer requirements
(Automotive, Finance, Public, …)
partiallyoverlap
standard options full custom
no-go
industrialized services
(established platforms and processes)
customer-specific
services
F k f E t i S it
![Page 33: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/33.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 33/44
Framework for Enterprise SecurityArchitecture
The Open Group EA Practitioners Conference - Johannesburg 2013 33
Requirements (corporate and customer)
Framework for ESA
Enablement (ISMS)
security management process and
reference model (mainly ISO 27001)
Enforcement (Practices)
controls / techniques
(mainly ISO 27002)
specific standards
impact analysis for
non-framework
requirements
Enterprise Security Architecture
Industrialized ESA Services
processes including roles for newbusiness, changes and operational
services
technology platform evidence (monitoring, analytics
and reporting)
custom services
(specific service andrealization for a
customer)
Framework for ESA
![Page 34: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/34.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 34/44
Framework for ESA.The Enablement Framework with ISMS activities.
The Open Group EA Practitioners Conference - Johannesburg 2013 34
Define scope and
ISMS policy
Define risk assessment approach
Identify risks, derive control obj.
& controls
Approve residual risks
Draw up statement of
applicability (SoA)
P1
P2
P3
P4
P5
Implement risk handling plan &
controls
Define process for monitoring the
effectiveness of controls
Develop security awareness
D1
D2
D3
Lead ISMS and steer fundsD4
Implement methods to identify /
handle security incidentsD5
Monitoring & review security
incidents
Review risk assessment approach
C1
Evaluate effectiveness of the
controls implementedC2
C3
Perform and document ISMS
auditsC4
Carry out management
evaluationsC5
Implement appropriate corrective
and preventative controls
Communicate activities &
improvements
Ensure improvements achieve
targets
Implement identified
improvements in ISMS A1
A2
A3
A4
Activities of the Enablement Framework
Considering: Plan Build Run
![Page 35: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/35.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 35/44
Considering: Plan – Build – Run.Sales, Service, Production, (Integration).
The Open Group EA Practitioners Conference - Johannesburg 2013 35
ESA reflects three types of business:
Customer Projects – Operations – Platform Preparation
Bid, Transition, Transformation
Set-up for operations
Major Changes
New Business & Major Changes
(Project Business)
Service Delivery Management
Provide industrialized and customer specific ICT
Services
Evidence
Operations
(Daily Business)
Define Offering and SDEs
Initial set-up of ESA (creation and extension)
Maintenance of ESA (improvements)
ESA Platform
E n t e r p r
i s e S e c u r i t y A r c h i t e c t u r e
f o r I C T
S e r v i c e s
Co ide i Pla Build Ru
![Page 36: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/36.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 36/44
Considering: Plan – Build – Run.Sales, Service, Production, (Integration).
The Open Group EA Practitioners Conference - Johannesburg 2013 36
H o w ? S
t a n d a r d s
3
W h o ? R
o l e s e t c .
2
Define Offering and Service Delivery Elements Initial set-up of ESA Maintenance
ESA Technology Platform
Bid, Transition,Transformation
Set-up for operations Major Changes
New Business & Change(Project Business)
Service Delivery Management Provide ICT Services Evidence
Operations(Daily Business)
W h a t ? W o r k a r e a s
1
![Page 37: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/37.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 37/44
Cooperation: Implementation of Roles.Customer Projects, Portfolio, and Operations.
The Open Group EA Practitioners Conference - Johannesburg 2013 37
Security Manager
Customer
ICT SRC Manager
Security Architects and Experts
(engineering)
Customer Security Manager
Operations Manager
Operations Personnel
step-by-step transfer of business
Project (bid,
transition, transformation)Operations
(CMO+FMO)
requirements requirements
governance
Offering Manager
Considering: Plan Build Run
![Page 38: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/38.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 38/44
Considering: Plan – Build – Run.Sales, Service, Production, (Integration).
The Open Group EA Practitioners Conference - Johannesburg 2013 38
H o w ? S t a n d a r d s
3
W h o ? R
o l e s e t c .
2
Define Offering and Service Delivery Elements Initial set-up of ESA Maintenance
ESA Technology Platform
Bid, Transition,Transformation
Set-up for operations Major Changes
New Business & Change(Project Business)
Service Delivery Management Provide ICT Services Evidence
Operations(Daily Business)
W h a t ? W o r k a r e a s
1
Corporate and Product Security
![Page 39: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/39.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 39/44
Corporate and Product Securityincorporated in one Hierarchy
The Open Group EA Practitioners Conference - Johannesburg 2013 39
Corporate Security Rule Base
Corporate Security Policy
ICT Security Standards
ICT Security Principles
ICT Security Baselines
Refinement Pyramid of Standards Requirements for
ICT Service Provisioning
(“product security”)
ISO 27001
Certificate
Detailed
customer
inquiry
Software
settings,
configuration
Examples
Certification and Audit
Security Measures
Security Implementation
Demonstrating that Customer
![Page 40: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/40.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 40/44
Demonstrating that CustomerRequirements are met
The Open Group EA Practitioners Conference - Johannesburg 2013 40
Customer Requirements
R1
R2
R3
R4R5
C1 C2 C3 C4 C5 C6 C7
Set of Controls(contractual )
Requirements are met
(Suitability)
Controls of ESA and its
ICT Security Standards
Service type:
Desktop
Communication
Collaboration
Computing
Certification and 3rdSecurity
![Page 41: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/41.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 41/44
9/9/2013Footer Text 41
E v i d e n c e a n d
C u s t o m e r R e l a t i o n
S e r v i c e M a n a g e m
e n t
Wide Area Network
Security
Customer and users Data Center
User LANPeriphery
Remote UserAccess
User IdentityManagement
Mobile Work-
place Security
Office Work-place Security
CorporateProvider Access
Gateway andCentral Services
Provider IdentityManagement
Data Center
Security
Data CenterNetworks
Computer SystemsSecurity
Application and
AM Security
VM and S/W
Image Mngt.
Database andStorage Security
OperationsSupport Security
Networks
Asset and Configu-ration Management
Business ContinuityManagement
Security PatchManagement
Hardening, Provisio-ning & Maintenance
Change and ProblemManagement
Customer Communication and Security
System DevelopmentLife-Cycle
Systems Acquisitionand Contracting
Risk Management
Logging, Monitoring &Security Reporting
Incident Handling andForensics
VulnerabilityAssessment, MitigationPlan
Release Mngt. andAcceptance Testing
Certification and 3rdParty Assurance
Administration Network
Security
SecurityTaxonomy.
EAS M t M d l
![Page 42: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/42.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 42/44
EAS – Meta Model
The Open Group EA Practitioners Conference - Johannesburg 2013 42
Queries,Analysis,Portfolios,
etc.
Stakeholder
Views
“Model World” Architecture
Repository
“Real World” Enterpriseapplicationsteams &information
Industry Glossaries
Industry Reference Models
Application Models
Application Glossaries
“Meta-Model” Common Language
“Standardized” Content, e.g. businessprocesses, applicationsetc.
“Integrated andconsistent Views” Stakeholder specificviews & reports
![Page 43: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/43.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 43/44
ICT Security Services and Solutions
The Open Group EA Practitioners Conference - Johannesburg 2013 43
EnterpriseSecurityManagement
Identityand AccessManagement
ICTInfrastructureSecurity
Architecture and Processes
Applications, Risk and Compliance
Security and Vulnerability Management
Users and Identities
Smart Cards
Trust Centers
BusinessEnablementEnabling the managed useof ICT resources and ITapplications with digitalidentities, roles and rights.
BusinessIntegrationEmbedding security inprocesses, defining goalsand responsibilities,ensuring goodgovernance andcompliance.
Workplace, Host and Storage Security
Network Security
Physical Security
BusinessProtectionDefending from hostileaction: protectingnetworks, IT applications,data and building security
![Page 44: T1 02 M.M.veeraragaloo](https://reader033.fdocuments.in/reader033/viewer/2022052712/577c850b1a28abe054bb7464/html5/thumbnails/44.jpg)
8/19/2019 T1 02 M.M.veeraragaloo
http://slidepdf.com/reader/full/t1-02-mmveeraragaloo 44/44
If you have one last breath
use it to say...