Обговорення користувача:AlexMazaltov/Enterprise Security Architecture
Enterprise Security Architecture (ESA)
ред.Goal of ESA
ред.It represents a simple, long-term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a flexible approach to current and future threats, and also the needs of core functions.
Lifecycle for developing security architecture (LDSA)
ред.A holistic lifecycle for developing security architecture (LDSA) that begins with assessing business requirements and subsequently creating a ‘chain of traceability’ through phases of strategy, concept, design, implementation, and metrics.
Frameworks related to `LDSA`
ред.- Zachman
- Sherwood Applied Business Security Architecture (SABSA)
- NZISM Protective Security Requirements (PSR)
- The Open Group Architecture Framework (TOGAF)
How to capture detailed security requirements
ред.The following can be used to capture detailed security requirements:
- Threat modeling, covert channels, and data classification.
- Data classification, risk assessments, and covert channels.
- Risk assessments, covert channels, and threat modeling.
- Threat modeling, data classification, and risk assessments.
Whereas according to OWASP, “Threat modeling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value.”
Internationally recognized security standards
ред.The following security standards are internationally recognized for sound security practices:
- ISO 15408
- ISO 27018
- ISO 12207
- ISO 25010
- ISO 31000
- ISO 27001
- ISO 27036-2
The standard ISO 31000 is focused on the standardization and certification of an organization's Information Security Management System (ISMS)
Some properties used in ISMS?
ред.- Simple property
- * (star) property
- Invocation property
- Strong * (star) property
The Invocation property is unique to the Biba Integrity Model.
__________________________________________________
Certified Information Systems Security Professional (CISSP).[1]
- ↑ https://go.itpro.tv/weekly-cissp-quiz. go.itpro.tv (англ.). Процитовано 3 грудня 2022.