icode security architecture framework
DESCRIPTION
Information Security Architecture Framework by iCodeTRANSCRIPT
Security Verified
© 2012 iCode information security All rights reserved
Security Architecture Framework
Mohamed Ridha Chebbi, CISSPiCode InfoSec – CEO & Head of [email protected]
Security Verified
© 2012 iCode information security All rights reserved
Agenda
IntroductionApproach to Develop Security ArchitectureInformation Security ConceptsSecurity Architecture Levels & ViewpointsTechnical ViewpointInformation ViewpointBusiness ViewpointSecurity Architecture FrameworkiCode Professional Services
Security Verified
© 2012 iCode information security All rights reserved
Introduction
There are a Number of Approaches to Develop a Security Architecture Like :1. As a DOMAIN in the TECHNICAL ARCHITECTURE2. As TOTALLY SEPARATE Security Architecture ViewPoint
Security is Pervasive across all of Architecture impacting :- Business- Information - and Technology
Security Verified
© 2012 iCode information security All rights reserved
Approach to Develop Security Architecture
Information
Business
Technology
Solutions &Security
Architecture
Architecture
Architecture
Architecture
Security :. Data Security Requirements. Data Classification. Application Security Standard
Security :. Business Security Requirements. Security Organization. Security Policy Framework. Process Security
Security :. Technology Security Requirements. Security Principles. Security Patterns. Security Services. Security Bricks
Security Verified
© 2012 iCode information security All rights reserved
Information Security Concepts
InformationSystem
Confidentiality Integrity
AvailabilityCore Concept
Related Concept
Technique
only authorized disclosure
Data has not beenchanged
Data has not beenchanged
Isolation
Encryption
Data Validation
Data Hashing
Digital Signatures
Resilient Designs
Service LevelAgreements
AuthenticationVerifies
identities
UtilityUsefulness
of data
Security Verified
© 2012 iCode information security All rights reserved
iCode Security Architecture Framework
Vision
Security ServicesFramework
Design Principles
Requirement Templates
Conce
ptua
l
Leve
l
Logic
alLe
vel
Implem
entati
on
Leve
l
BusinessViewpoint
InformationViewpoint
TechnicalViewpoint
Security Verified
© 2012 iCode information security All rights reserved
Technical Viewpoint
Vision
Security ServicesFramework
Design Principles
Requirement Templates
.Trust Levels
.Conceptual Technology Models
.Logical Technology Models
.Trust Models
. Technical Reference Models.Security Infrastructure Architecture
.Security Services Architecture
.Application Security Architecture
Conce
ptua
l
Leve
l
Logic
alLe
vel
Implem
entati
on
Leve
l
TechnicalViewpoint
Security Verified
© 2012 iCode information security All rights reserved
Information Viewpoint
Vision
Security ServicesFramework
Design Principles
Requirement Templates
. PolicyFramework
. InformationClassificationFramework
. Security Information Flow Models
. Security Information Architecture
. SLA Model
. Information Classification Register
. SLA’s
Conce
ptua
l
Leve
l
Logic
alLe
vel
Implem
entati
on
Leve
l
InformationViewpoint
Security Verified
© 2012 iCode information security All rights reserved
Business Viewpoint
Vision
Security ServicesFramework
Design Principles
Requirement Templates
.ProcessModels
.Roles &Responsibi-
lities Models
.OrganizationModels
.OrganizationalArchitecture
Conce
ptua
l
Leve
l
Logic
alLe
vel
Implem
entati
on
Leve
l
BusinessViewpoint
Security Verified
© 2012 iCode information security All rights reserved
Global Security Architecture Framework
Vision
Security ServicesFramework
Design Principles
Requirement Templates
.Trust Levels
.Conceptual Technology Models
.Logical Technology Models
.Trust Models
. Technical Reference Models.Security Infrastructure Architecture
.Security Services Architecture
.Application Security Architecture
. PolicyFramework
. InformationClassificationFramework
. Security Information Flow Models
. Security Information Architecture
. SLA Model
. Information Classification Register
. SLA’s
.ProcessModels
.Roles &Responsibi-
lities Models
.OrganizationModels
.OrganizationalArchitecture
Conce
ptua
l
Leve
l
Logic
alLe
vel
Implem
entati
on
Leve
l
BusinessViewpoint
InformationViewpoint
TechnicalViewpoint
Security Verified
© 2012 iCode information security All rights reserved
iCode Professional Services for Tunisiana
Security Verified
© 2012 iCode information security All rights reserved
Thanks
Mohamed Ridha Chebbi, CISSPiCode InfoSec – CEO & Head of [email protected]