icode security architecture framework

Security Verified

© 2012 iCode information security All rights reserved

Security Architecture Framework

Mohamed Ridha Chebbi, CISSPiCode InfoSec – CEO & Head of [email protected]

mailto:[email protected]

Security Verified


Agenda

IntroductionApproach to Develop Security ArchitectureInformation Security ConceptsSecurity Architecture Levels & ViewpointsTechnical ViewpointInformation ViewpointBusiness ViewpointSecurity Architecture FrameworkiCode Professional Services

Security Verified


Introduction

There are a Number of Approaches to Develop a Security Architecture Like :1. As a DOMAIN in the TECHNICAL ARCHITECTURE2. As TOTALLY SEPARATE Security Architecture ViewPoint

Security is Pervasive across all of Architecture impacting :- Business- Information - and Technology

Security Verified


Approach to Develop Security Architecture

Information

Business

Technology

Solutions &Security

Architecture

Architecture

Architecture

Architecture

Security :. Data Security Requirements. Data Classification. Application Security Standard

Security :. Business Security Requirements. Security Organization. Security Policy Framework. Process Security

Security :. Technology Security Requirements. Security Principles. Security Patterns. Security Services. Security Bricks

Security Verified


Information Security Concepts

InformationSystem

Confidentiality Integrity

AvailabilityCore Concept

Related Concept

Technique

only authorized disclosure

Data has not beenchanged

Data has not beenchanged

Isolation

Encryption

Data Validation

Data Hashing

Digital Signatures

Resilient Designs

Service LevelAgreements

AuthenticationVerifies

identities

UtilityUsefulness

of data

Security Verified


iCode Security Architecture Framework

Vision

Security ServicesFramework

Design Principles

Requirement Templates

Conce

ptua

l

Leve

l

Logic

alLe

vel

Implem

entati

on

Leve

l

BusinessViewpoint

InformationViewpoint

TechnicalViewpoint

Security Verified


Technical Viewpoint

Vision


Design Principles


.Trust Levels

.Conceptual Technology Models

.Logical Technology Models

.Trust Models

. Technical Reference Models.Security Infrastructure Architecture

.Security Services Architecture

.Application Security Architecture

Conce

ptua

l

Leve

l

Logic

alLe

vel

Implem

entati

on

Leve

l

TechnicalViewpoint

Security Verified


Information Viewpoint

Vision


Design Principles


. PolicyFramework

. InformationClassificationFramework

. Security Information Flow Models

. Security Information Architecture

. SLA Model

. Information Classification Register

. SLA’s

Conce

ptua

l

Leve

l

Logic

alLe

vel

Implem

entati

on

Leve

l


Security Verified


Business Viewpoint

Vision


Design Principles


.ProcessModels

.Roles &Responsibi-

lities Models

.OrganizationModels

.OrganizationalArchitecture

Conce

ptua

l

Leve

l

Logic

alLe

vel

Implem

entati

on

Leve

l

BusinessViewpoint

Security Verified


Global Security Architecture Framework

Vision


Design Principles


.Trust Levels

.Conceptual Technology Models

.Logical Technology Models

.Trust Models

. Technical Reference Models.Security Infrastructure Architecture

.Security Services Architecture

.Application Security Architecture

. PolicyFramework

. InformationClassificationFramework

. Security Information Flow Models

. Security Information Architecture

. SLA Model

. Information Classification Register

. SLA’s

.ProcessModels

.Roles &Responsibi-

lities Models

.OrganizationModels

.OrganizationalArchitecture

Conce

ptua

l

Leve

l

Logic

alLe

vel

Implem

entati

on

Leve

l

BusinessViewpoint


TechnicalViewpoint

Security Verified


iCode Professional Services for Tunisiana

Security Verified


Thanks

Mohamed Ridha Chebbi, CISSPiCode InfoSec – CEO & Head of [email protected]

mailto:[email protected]

icode security architecture framework

Documents