TCI Reference Architecture v1.1

Reference Architecture
Guiding Principles
Define protections that enable trust in the cloud. Develop cross-platform capabilities and patterns for proprietary and open-source providers. Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer. Provide direction to secure information that is protected by regulations. The Architecture must facilitate proper and efficient identification, authentication, authorization, administration and auditability. Centralize security policy, maintenance operation and oversight functions. Access to information must be secure yet still easy to obtain. Delegate or Federate access control where appropriate. Must be easy to adopt and consume, supporting the design of security patterns The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms The architecture must address and support multiple levels of protection, including network, operating system, and application security needs.
Version 1.1
Business Operation Support Services (BOSS)

Compliance
Audit Planning Independent Audits Third-Party Audits Internal Audits Contact/Authority Maintenance
Information Technology Operation & Support (ITOS)

IT Operation
DRP
Plan Management Test Management
Presentation Services
Presentation Modality
Consumer Service Platform
Social Media Search
Presentation Platform End-Points

Mobile Devices
Mobile Device Management
Security and Risk Management

Speech Recognition (IVR)
Enterprise Service Platform

B2E B2M B2C
Desktops
Company owned Third-Party Public Kiosk
Colaboration E-Mail e-Readers
B2B P2P
Portable Devices Fixed Devices
Governance Risk & Compliance

Compliance Management Vendor Management Policy Management
Exceptions
Self Assessment
InfoSec Management
Capability Mapping Risk Portfolio Management Risk Dashboard
Medical Devices
Smart Appliances
Handwriting (ICR)
High Level Use Cases
IT Governance
Architectrure Governance Standards and Guidelines
Audit Management
IT Risk Management
Technical Awareness and Training
Residual Risk Management
Information System Regulatory Mapping
Intellectual Property Protection
Privilege Management Infrastructure
Data Governance
Data Ownership / Stewardship Secure Disposal of Data
SaaS, PaaS, IaaS
Resource Management
Segregation of Duties Contractors
PMO
Program Mgmnt Project Mgmnt Remediation
Portfolio Management
Maturity Model Roadmap Strategy Alignment Input Validation Security Design Patterns
Application Services
Programming Interfaces Security Knowledge Lifecycle
Attack Patterns Code Samples Security Application Framwrok - ACEGI
Identity Management
Domain Unique Identifier Identity Provisioning Federated IDM Attribute Provisioning
Authentication Services
SAML Token OTP Risk Based Multifactor Auth Smart Password Card Management Network Authentication Middleware Authentication OTB AutN
Data Classification Clear Desk Policy
Handling / Labeling / Security Policy Rules for Information Leakage Prevention Rules for Data Retention
Integration Middleware
Biometrics
Authorization Services
Policy Enforcement Policy Mangement Resource Data Management Role Management Policy Definition Principal Data Management XACML Obligation
Single Sign On WS-Security Identity Verification
Operational Risk Management

Operational Risk Committee Business Crisis Management Impact Analysis Key Risk Indicators Business Continuity Planning Testing
Human Resources Security

Employee Termination Background Screening Roles and Responsibilities Employment Agreements Job Descriptions Employee Awareness
Service Delivery
Service Level Management
Objectives OLAs Internal SLAs External SLAs
Information Technology Resiliency

Availability Management Resiliency Analysis
Development Process
Self-Service
Security Code Review Application Vulnerability Scanning Stress and Volume Testing
Connectivity & Delivery
Privilege Usage Management

Keystroke/Session Logging Privilege Usage Gateway Password Vaulting Resource Protection
Software Quality Assurance
Out of the Box (OTB) AutZ
Abstraction
Vendor Management Service Dashboard
Threat and Vulnerability Management

Compliance Testing Vulnerability Management
Application Infrastructure DB Databases Servers Network
Capacity Planning
Risk Management Framework Business Technical Assessment Assessment Independent Risk Management
Employee Code of Conduct
Information Services
Application Performance Monitoring
Asset Management
Service Costing Charge Back Operational Bugdeting Investment Budgeting
Service Delivery
Service Catalog SLAs OLAs Dashboard Recovery Contracts Plans
Reporting Services
Data Mining Reporting Tools Business Intelligence
PMO Strategy Roadmap
ITOS
Problem
Management
Incident
Management
BOSS
Risk Assessments Data Classification Process Ownership
Penetration Testing
Internal External
Threat Management
Source Code Scanning Risk Taxonomy
Security Monitoring Services

SIEM Platform Event Correlation Event Mining Database Monitoring Application Monitoring Honey Pot End-Point Monitoring Counter Threat Management Anti-Phishing User Behavior & Profile Patterns Cloud Monitoring E-Mail Journaling Market Threat Intelligence
CMDB
Knowledge
Management
Data Governance
Risk Assessments NonProduction Data Information Leakage Metadata Session Events
Security Monitoring
Service
Management
Change
Management
Audit Findings
SOC Portal Managed Security Services Knowledge Base Branding Protection
Service Support Service Support

Configuration Management
Configuration Rules (Metadata) Configuration Management Database (CMDB) Service Events
Authorization Events
Authentication Events
HR Data (Employees & Contractors)
Business Strategy
Application Events
Network Events
Computer Events
White Server Listing Anti- HIPS / Host Virus HIDS Firewall
Infrastructure Protection Services

Anti-Virus, AntiHost HIPS /HIDS Spam, Anti-Malware Firewall Media Hardware Based Forensic Tools Lockdown Trusted Assets Content Inventory Control Filtering White Listing
End-Point
Data Segregation HIPS NIPS Events
User Directory Services

Active Directory Services LDAP Repositories DBMS X.500 Repositories Repositories
Network
Firewall NIPS / NIDS Meta Directory Services
Real-time internetwork defense (SCAP)
Legal Services
Contracts E-Discovery Incident Response Legal Preparation
Internal Investigations
Forensic Analysis e-Mail Journaling
Capacity Planning Automated Asset Discovery
Software Management Configuration Management
Physical Inventory
Knowledge Repository
Risk Management
GRC RA BIA
Transformation Services
Database Events Privilege Usage Events
Content DPI Filtering Wireless Protection
Application
XML Applicance Secure Messaging Application Firewall Secure Collaboration
Real Time Filtering
Link Layer Network Security Black Listing Filtering
Change Logs
DR & BC Plans
VRA
TVM
ACLs
CRLs
Compliance Monitoring
NIPS Events
DLP EVents
eDiscovery Events
Registry Services
Location Services
Federated Services
Virtual Directory Services
Data Protection
Data lifecycle management
Meta Data Control eSignature
(Unstructured data)
Incident Management
Security Incident Response
Problem Management
Event Classifiation Trend Analysis Root Cause Analysis Problem Resolution
Automated Ticketing Ticketing
Self-Service
Internal Infrastructure
Infrastructure Services
Asset Handling
Data Software Hardware
Cross Cloud Security Incident Response
Virtual Infrastructure
Remote
Data De-Identification Life cycle management
Data Masking Data Obscuring
Data Tagging Data Seeding
Orphan Incident Management
Facility Security
Controlled Physical Access
Barriers Security Patrols Electronic Surveillance Physical Authentication
Knowledge Management
Best practices Trend Analysis Benchmarking Security Job Aids Security FAQ
Patch Management
Compliance Monitoring Service Discovery
Servers
Secure Build Image Management
Desktop Client Virtualization

Local
SessionBased VM-Based (VDI)
Storage Virtualization <<insert Jairos content> Block-Based Virtualization

Host-Based
Data Leakage Prevention

Data Discovery Network
(Data in Transit)
Intellectual Property Prevention

Intellectual Property Digital Rights Management
LDM LUN
LVM
Storage DeviceBased
Network-Based
Appliance Switched
End-Point
(Data in Use)
Server
(Data at Rest)
Change Management
Domain
Container
Process or Solution Data
SABSA ITIL v3 TOGAF JERICHO
Service Provisioning
Approval Workflow
Change Review Board Emergency Changes
Release Management
Scheduling Testing Version Control Build Source Code Management
Environmental Risk Management

Physical Security Equipment Location Power Redundancy
Equipment Maintenance Availability Services
Application Virtualization
Client Application Streaming Server Application Streaming
Virtual Workspaces
File-Based Virtualization
Synchronous Keys
Cryptographic Services Signature PKI Key Management Services

Asynchronous Keys
Data-in-Transit Encryption
(Transitory, Fixed)
Data-in-use
Encryption (Memory)
Data-at-Rest Encryption
(DB, File, SAN, Desktop, Mobile)
Server Virtualization
Virtual Machines (Hosted Based)
Full Paravirtualization Hardware-Assisted
Network Virtualizaton Network Address

Space Virtualization IPv4 IPv6
External (VLAN) Internal (VNIC)
Database Virtualization
Planned Changes Project Changes Operational Chages
Storage Services
Network Services
Network Segementation Authoritative Time Source
Mobile Device Virtualization
Policies and Standards

Operational Security Baselines Job Aid Guidelines Role Based Awareness Best Practices & Regulatory correlation Information Security Policies Technical Security Standards Data/Asset Classification
OS VIrtualization
TPM Virtualization
Virtual Memory
Smartcard Virtualization
Chief Architect: Jairo Orea Lead Architects: Marlin Pholman, Yaron Levi, Dan Logan. Team: David Sherr, Richard Austin , Vern Williams, Anish Mohammed, Harel Hadass, Phil Cox, Yale Li, Price Oden, Tuhin Kumar, Rajiv Mishra, Ravila White, Scott Matsumoto, Rob Wilson, Charlton Barreto, Ryan Bagnulo, Subra Kumaraswamy. Date: 07/20/2011 Revision: 12th Review

TCI Reference Architecture v1.1

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

TCI Reference Architecture v1.1

Încărcat de

Drepturi de autor:

Formate disponibile

Reference Architecture

Business Operation Support Services (BOSS)

Information Technology Operation & Support (ITOS)

Presentation Platform End-Points

Security and Risk Management

Enterprise Service Platform

Colaboration E-Mail e-Readers

Portable Devices Fixed Devices

Governance Risk & Compliance

High Level Use Cases

Technical Awareness and Training

Residual Risk Management

Information System Regulatory Mapping

Intellectual Property Protection

Privilege Management Infrastructure

Data Classification Clear Desk Policy

Single Sign On WS-Security Identity Verification

Operational Risk Management

Human Resources Security

Information Technology Resiliency

Connectivity & Delivery

Privilege Usage Management

Software Quality Assurance

Out of the Box (OTB) AutZ

Vendor Management Service Dashboard

Threat and Vulnerability Management

Employee Code of Conduct

Security Monitoring Services

SOC Portal Managed Security Services Knowledge Base Branding Protection

Service Support Service Support

HR Data (Employees & Contractors)

White Server Listing Anti- HIPS / Host Virus HIDS Firewall

Infrastructure Protection Services

Data Segregation HIPS NIPS Events

User Directory Services

Real-time internetwork defense (SCAP)

Capacity Planning Automated Asset Discovery

Software Management Configuration Management

Content DPI Filtering Wireless Protection

Link Layer Network Security Black Listing Filtering

Virtual Directory Services

Automated Ticketing Ticketing

Cross Cloud Security Incident Response

Data De-Identification Life cycle management

Data Masking Data Obscuring

Data Tagging Data Seeding

Orphan Incident Management

Desktop Client Virtualization

Storage Virtualization <<insert Jairos content> Block-Based Virtualization

Data Leakage Prevention

Intellectual Property Prevention

SABSA ITIL v3 TOGAF JERICHO

Change Review Board Emergency Changes

Environmental Risk Management

Equipment Maintenance Availability Services

Cryptographic Services Signature PKI Key Management Services

Network Virtualizaton Network Address

Planned Changes Project Changes Operational Chages

Mobile Device Virtualization

Policies and Standards

S-ar putea să vă placă și