Вікіпедія

Обговорення користувача:AlexMazaltov/Enterprise Security Architecture

< Обговорення користувача:AlexMazaltov

Enterprise Security Architecture (ESA)

ред.

Goal of ESA

ред.

It represents a simple, long-term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a flexible approach to current and future threats, and also the needs of core functions.

Lifecycle for developing security architecture (LDSA)

ред.

A holistic lifecycle for developing security architecture (LDSA) that begins with assessing business requirements and subsequently creating a ‘chain of traceability’ through phases of strategy, concept, design, implementation, and metrics.

ред.
  1. Zachman
  2. Sherwood Applied Business Security Architecture (SABSA)
  3. NZISM Protective Security Requirements (PSR)
  4. The Open Group Architecture Framework (TOGAF)

How to capture detailed security requirements

ред.

The following can be used to capture detailed security requirements:

  1. Threat modeling, covert channels, and data classification.
  2. Data classification, risk assessments, and covert channels.
  3. Risk assessments, covert channels, and threat modeling.
  4. Threat modeling, data classification, and risk assessments.

Whereas according to OWASP, “Threat modeling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value.”

Internationally recognized security standards

ред.

The following security standards are internationally recognized for sound security practices:

  1. ISO 15408
  2. ISO 27018
  3. ISO 12207
  4. ISO 25010
  5. ISO 31000
  6. ISO 27001
  7. ISO 27036-2

The standard ISO 31000 is focused on the standardization and certification of an organization's Information Security Management System (ISMS)

Some properties used in ISMS?

ред.
  1. Simple property
  2. * (star) property
  3. Invocation property
  4. Strong * (star) property

The Invocation property is unique to the Biba Integrity Model.

__________________________________________________

Certified Information Systems Security Professional (CISSP).[1]

  1. https://go.itpro.tv/weekly-cissp-quiz. go.itpro.tv (англ.). Процитовано 3 грудня 2022.
Додати тему
Отримано з https://uk.wikipedia.org/w/index.php?title=Обговорення_користувача:AlexMazaltov/Enterprise_Security_Architecture&oldid=37725081
Повернутися на сторінку користувача «AlexMazaltov/Enterprise Security Architecture».