Enterprise

Security

Architecture

Our Services help you to avoid information security

risks and ensure you achieve sustainable business

growth

A G

RC

BIZ

ass

ura

nce

Serv

ice. C

op

yri

gh

t 2015 ©

GR

CB

IZass

ura

nce

. A

ll r

igh

ts r

ese

rved

.

Designing your optimal security architecture

GRCBIZassurance | info@grcbizassurance.com | +27 11 258 8750 Building 2 Country Club Estate, 21 Woodlands Drive, Woodmead, Johannesburg 2192

South Africa

Security architecture alignment When organisations plan and build network architecture and business systems architectures, too

often security architecture design is an “after-thought”. Organisations neglect to include in their

physical and logical topologies the security policies, technology standards, guidelines, and security

architecture. Where business critical business systems are planned, security architecture designs and

configuration do not systematically adhere to the same Systems Development Lifecycle (SDLC) that

is followed by business systems. The risk to your business operations is raised where your security

architecture is not part of the business systems plan, design, build and run. For example,

implementing an ERP solution where the technical impact of the reverse proxy is not considered.

Instead, in this example, the same SDLC methodology rigour that is applied to the ERP should be

applied to the reverse proxy, as part of the critical path in the Project Plan.

Enterprise security architecture framework We assist with your Security Architecture designs and optimization based on the Open-Enterprise

Security Architecture (O-ESA), NIST 800-53, SANS Top 20 Critical Security Controls, COBIT, and

ISO27001/2. We assist with the high level and low level designs across the Security in Depth

(Security Technology Architecture) covering: Conceptual Architecture, Logical Architecture, and

Physical Architecture.

Conceptual architecture is the conceptual structure for policy enforcement through security

services. Logical architecture is the logical components for the security services. Physical architecture

is specific security products and how they are connected and what functionality, performance and

reliability they provide. We assist with the high level and low level designs across security in depth

layers.

The GRCBizassurance solution delivery team has implemented several of these security tools in

various clients.

GRCBIZassurance | info@grcbizassurance.com | +27 11 258 8750 Building 2 Country Club Estate, 21 Woodlands Drive, Woodmead, Johannesburg 2192

South Africa

We will apply our proven security lifecycle methodology to implement selected security solutions in

your organisation based on your “defence in depth” requirements as depicted below.

Benefits Your organization will be able to:

Adopt a scalable enterprise security solution architecture & roadmap, and architecture

repositories based on a fit for purpose information security

Ensure compliance to Enterprise Open Security Architecture leading practices - and your

security Policies

Ensure that solutions that “go live” are not a risk for your business – i.e. compliant to your

security policies and security frameworks found in SANS, NIST, CIS, COBIT, King III,

ISO27001/2

Optimize technical and business value from your security architecture portfolio investment