enterprise security architecture - wordpress.com...enterprise security architecture framework we...
TRANSCRIPT
Enterprise
Security
Architecture
Our Services help you to avoid information security
risks and ensure you achieve sustainable business
growth
A G
RC
BIZ
ass
ura
nce
Serv
ice. C
op
yri
gh
t 2015 ©
GR
CB
IZass
ura
nce
. A
ll r
igh
ts r
ese
rved
.
Designing your optimal security architecture
GRCBIZassurance | [email protected] | +27 11 258 8750 Building 2 Country Club Estate, 21 Woodlands Drive, Woodmead, Johannesburg 2192
South Africa
Security architecture alignment When organisations plan and build network architecture and business systems architectures, too
often security architecture design is an “after-thought”. Organisations neglect to include in their
physical and logical topologies the security policies, technology standards, guidelines, and security
architecture. Where business critical business systems are planned, security architecture designs and
configuration do not systematically adhere to the same Systems Development Lifecycle (SDLC) that
is followed by business systems. The risk to your business operations is raised where your security
architecture is not part of the business systems plan, design, build and run. For example,
implementing an ERP solution where the technical impact of the reverse proxy is not considered.
Instead, in this example, the same SDLC methodology rigour that is applied to the ERP should be
applied to the reverse proxy, as part of the critical path in the Project Plan.
Enterprise security architecture framework We assist with your Security Architecture designs and optimization based on the Open-Enterprise
Security Architecture (O-ESA), NIST 800-53, SANS Top 20 Critical Security Controls, COBIT, and
ISO27001/2. We assist with the high level and low level designs across the Security in Depth
(Security Technology Architecture) covering: Conceptual Architecture, Logical Architecture, and
Physical Architecture.
Conceptual architecture is the conceptual structure for policy enforcement through security
services. Logical architecture is the logical components for the security services. Physical architecture
is specific security products and how they are connected and what functionality, performance and
reliability they provide. We assist with the high level and low level designs across security in depth
layers.
The GRCBizassurance solution delivery team has implemented several of these security tools in
various clients.
GRCBIZassurance | [email protected] | +27 11 258 8750 Building 2 Country Club Estate, 21 Woodlands Drive, Woodmead, Johannesburg 2192
South Africa
We will apply our proven security lifecycle methodology to implement selected security solutions in
your organisation based on your “defence in depth” requirements as depicted below.
Benefits Your organization will be able to:
Adopt a scalable enterprise security solution architecture & roadmap, and architecture
repositories based on a fit for purpose information security
Ensure compliance to Enterprise Open Security Architecture leading practices - and your
security Policies
Ensure that solutions that “go live” are not a risk for your business – i.e. compliant to your
security policies and security frameworks found in SANS, NIST, CIS, COBIT, King III,
ISO27001/2
Optimize technical and business value from your security architecture portfolio investment