Documente Academic
Documente Profesional
Documente Cultură
Guiding Principles
Define protections that enable trust in the cloud. Develop cross-platform capabilities and patterns for proprietary and open-source providers. Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer. Provide direction to secure information that is protected by regulations. The Architecture must facilitate proper and efficient identification, authentication, authorization, administration and auditability. Centralize security policy, maintenance operation and oversight functions. Access to information must be secure yet still easy to obtain. Delegate or Federate access control where appropriate. Must be easy to adopt and consume, supporting the design of security patterns The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms The architecture must address and support multiple levels of protection, including network, operating system, and application security needs.
Version 1.1
Presentation Services
Presentation Modality
Consumer Service Platform
Social Media Search
Desktops
Company owned Third-Party Public Kiosk
B2B P2P
InfoSec Management
Capability Mapping Risk Portfolio Management Risk Dashboard
Medical Devices
Smart Appliances
Handwriting (ICR)
IT Governance
Architectrure Governance Standards and Guidelines
Audit Management
IT Risk Management
Data Governance
Data Ownership / Stewardship Secure Disposal of Data
SaaS, PaaS, IaaS
Resource Management
Segregation of Duties Contractors
PMO
Program Mgmnt Project Mgmnt Remediation
Portfolio Management
Maturity Model Roadmap Strategy Alignment Input Validation Security Design Patterns
Application Services
Programming Interfaces Security Knowledge Lifecycle
Attack Patterns Code Samples Security Application Framwrok - ACEGI
Identity Management
Domain Unique Identifier Identity Provisioning Federated IDM Attribute Provisioning
Authentication Services
SAML Token OTP Risk Based Multifactor Auth Smart Password Card Management Network Authentication Middleware Authentication OTB AutN
Handling / Labeling / Security Policy Rules for Information Leakage Prevention Rules for Data Retention
Integration Middleware
Biometrics
Authorization Services
Policy Enforcement Policy Mangement Resource Data Management Role Management Policy Definition Principal Data Management XACML Obligation
Service Delivery
Service Level Management
Objectives OLAs Internal SLAs External SLAs
Development Process
Self-Service
Security Code Review Application Vulnerability Scanning Stress and Volume Testing
Abstraction
Capacity Planning
Risk Management Framework Business Technical Assessment Assessment Independent Risk Management
Information Services
Application Performance Monitoring
Asset Management
Service Costing Charge Back Operational Bugdeting Investment Budgeting
Service Delivery
Service Catalog SLAs OLAs Dashboard Recovery Contracts Plans
Reporting Services
Data Mining Reporting Tools Business Intelligence
PMO Strategy Roadmap
ITOS
Problem
Management
Incident
Management
BOSS
Risk Assessments Data Classification Process Ownership
Penetration Testing
Internal External
Threat Management
Source Code Scanning Risk Taxonomy
CMDB
Knowledge
Management
Data Governance
Risk Assessments NonProduction Data Information Leakage Metadata Session Events
Security Monitoring
Service
Management
Change
Management
Audit Findings
Authorization Events
Authentication Events
Business Strategy
Application Events
Network Events
Computer Events
End-Point
Network
Firewall NIPS / NIDS Meta Directory Services
Legal Services
Contracts E-Discovery Incident Response Legal Preparation
Internal Investigations
Forensic Analysis e-Mail Journaling
Physical Inventory
Knowledge Repository
Risk Management
GRC RA BIA
Transformation Services
Database Events Privilege Usage Events
Application
XML Applicance Secure Messaging Application Firewall Secure Collaboration
Real Time Filtering
Change Logs
DR & BC Plans
VRA
TVM
ACLs
CRLs
Compliance Monitoring
NIPS Events
DLP EVents
eDiscovery Events
Registry Services
Location Services
Federated Services
Data Protection
Data lifecycle management
Meta Data Control eSignature
(Unstructured data)
Incident Management
Security Incident Response
Problem Management
Event Classifiation Trend Analysis Root Cause Analysis Problem Resolution
Self-Service
Internal Infrastructure
Infrastructure Services
Asset Handling
Data Software Hardware
Virtual Infrastructure
Remote
Facility Security
Controlled Physical Access
Barriers Security Patrols Electronic Surveillance Physical Authentication
Knowledge Management
Best practices Trend Analysis Benchmarking Security Job Aids Security FAQ
Patch Management
Compliance Monitoring Service Discovery
Servers
Secure Build Image Management
LDM LUN
LVM
Storage DeviceBased
Network-Based
Appliance Switched
End-Point
(Data in Use)
Server
(Data at Rest)
Change Management
Domain
Container
Process or Solution Data
Service Provisioning
Approval Workflow
Release Management
Scheduling Testing Version Control Build Source Code Management
Application Virtualization
Client Application Streaming Server Application Streaming
Virtual Workspaces
File-Based Virtualization
Synchronous Keys
Data-in-use
Encryption (Memory)
Data-at-Rest Encryption
(DB, File, SAN, Desktop, Mobile)
Server Virtualization
Virtual Machines (Hosted Based)
Full Paravirtualization Hardware-Assisted
Database Virtualization
Storage Services
Network Services
Network Segementation Authoritative Time Source
OS VIrtualization
TPM Virtualization
Virtual Memory
Smartcard Virtualization
Chief Architect: Jairo Orea Lead Architects: Marlin Pholman, Yaron Levi, Dan Logan. Team: David Sherr, Richard Austin , Vern Williams, Anish Mohammed, Harel Hadass, Phil Cox, Yale Li, Price Oden, Tuhin Kumar, Rajiv Mishra, Ravila White, Scott Matsumoto, Rob Wilson, Charlton Barreto, Ryan Bagnulo, Subra Kumaraswamy. Date: 07/20/2011 Revision: 12th Review