Scribd Logo
Upload

Welcome to Scribd!

  • NLUUG - Fall 2010 Conference - IT Architecture and IT Security, 'A Match Made in Heaven?'

    Uploaded by

    Willem Kossen
    27 views48 pages
    This is my slideset used at the NLUUG fall conference in 2010.

    Original Title

    NLUUG - Fall 2010 conference - IT Architecture and IT Security, 'a match made in heaven?'

    Copyright

    © Attribution ShareAlike (BY-SA)

    Available Formats

    PPT, PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This is my slideset used at the NLUUG fall conference in 2010.

    Copyright:

    Attribution ShareAlike (BY-SA)
    Download as PPT, PDF or read online from Scribd
    Flag for inappropriate content
    27 views48 pages

    NLUUG - Fall 2010 Conference - IT Architecture and IT Security, 'A Match Made in Heaven?'

    Uploaded by

    Willem Kossen
    This is my slideset used at the NLUUG fall conference in 2010.

    Copyright:

    Attribution ShareAlike (BY-SA)
    Download as PPT, PDF or read online from Scribd
    Flag for inappropriate content
    of 48

    <presentatie>

    Ir. Willem J. Kossen


    Informatiebeveiliging en
    ICT-Architectuur,

    een 'match made in heaven’


    <Today>
    • About @wkossen
    • The Statement
    • Some Reasoning
    • Some Discussion

    </Today>

    • Don’t hesitate to tweet…


    ---1---
    @wkossen
    http://willemkossen.nl/b
    http://linkedin.com/in/willemkossen
    http://twitter.com/wkossen
    http://stamstruik.nl
    http://insecten.org
    http://gazzary.nl

    http://wkossen.myopenid.com
    http://www.mxi.nl
    ---2---
    Architecture?
    • Definition
    anyone?
    • A set of design artifacts, that are relevant
    for describing an object such that it can be
    produced to requirements (quality) as well
    as maintained over the period of its useful
    life (change). The design artifact describe
    the structure of components, their inter-
    relationships, and the principles and
    guidelines governing their design and
    evolution over time.

    • Source: http://www.opensecurityarchitecture.org
    Buildings
    • IT Architecture <> Building Architecture

    • FAIL
    • Diagram of stiffness of a simple square beam (A) and
    universal beam (B). The universal beam flange sections are
    three times further apart than the solid beam's upper and
    lower halves. The second moment of inertia of the universal
    beam is nine times that of the square beam of equal cross
    section (universal beam web ignored for simplification)
    VS.
    Security
    • Definition
    anyone?
    • Security betekent dat de architect
    eerst moet inloggen voor hij wat
    mag zeggen…
    Some sites attempt to use firewalls to solve
    their network security problems.
    Unfortunately, firewalls assume that "the
    bad guys" are on the outside, which is
    often a very bad assumption (MIT)
    • Proper Diskette Care and Usage

    • (1) Never leave diskettes in the drive, as the


    data can leak out of the disk and corrode the
    inner mechanics of the drive. Diskettes should
    be rolled up and stored in pencil holders.
    • (9) Periodically spray diskettes with insecticide
    to prevent system bugs from spreading.....
    • (13) Diskettes become "hard" with age. It's
    important to back up your "hard" disks before
    they become too brittle to use.

    • http://www.monster-island.org/tinashumor/humor/diskcare.html
    • Security provided by IT Systems can be
    defined as the IT system’s ability to being
    able to protect confidentiality and integrity
    of processed data, provide availability of
    the system and data, accountability for
    transactions processed, and assurance
    that the system will continue to perform to
    its design goals

    • Source: http://www.opensecurityarchitecture.org
    ISO/IEC 17799

    NEN 7510
    Defining
    • Tends to be hard
    • No-one agrees
    • Multi-interpretable
    • Inconsistent
    • Vague
    • Non conclusive
    • Impractical
    • …
    What can we do?
    • Make lists
    • Talk by example
    • Roll-Your-Own !!!
    • Use what works
    • Just choose
    • …
    So much in common
    • About Real life
    – Physical, information, behaviour, procedures, tech, etc
    • Business critical
    • Descriptive and normative
    • Quality oriented
    • Needs awareness
    • Tend to make things a bit harder
    and costly 
    • Take thought, balance
    and nuance
    • …
    Architecture is:
    Relation
    What I Do…

    Samen Veilig

    Architectuur

    Open
    • The design artifacts that describe how the
    IT Security Architecture
    security controls (= security
    countermeasures) are positioned, and how
    they relate to the overall IT Architecture.
    These controls serve the purpose to
    maintain the system’s quality attributes,
    among them confidentiality, integrity,
    availability, accountability and assurance.

    • Source: http://www.opensecurityarchitecture.org
    ---3---
    Match Made in Heaven?
    • Architecture focuses on coherence,
    principles, standards and buildingblocks,
    • Security applies aspects of those to real life
    • Architecture and Security are
    interdependent. The one without the other
    doesn’t make sense
    • If separated, security remains limited to
    Ad-Hoc conjuring up measures aimed at
    risk reduction and generally towards
    technocracy. That tends to not help the
    organisation.
    • Applying IT Security should be aimed at
    providing the best experience for the user
    or client with the least amount of
    obstruction
    • That way organisational goals (including
    change) can be met.
    • Architectural thinking supports that goal
    This isn’t automatic.
    Awareness is needed:

    Architectural awareness is a precursor for


    security-awareness.
    • Architecture is… (remember?)

    • Trends, standaarden, bestpractices,


    • Goals, strategy, vision, policy
    • Functional and operation requirements,
    processes
    • Risks and other constraints (financial)
    • Development, design, build, exploitation

    • Security is present in all of the above…


    • Again, the connection is architecture
    • security is one of the views on
    architecture.
    • Looking at security this way,
    – we improve desicionmaking,
    – we avoid risk,
    – we prevent tunnelvision,
    – everybody profits from the
    IT assets
    • Mensenwerk
    • If tijd>10min soundbite()
    ---4---
    Let’s Talk…

    • Nabranders: w.kossen@gmail.com
    </presentatie>

    You might also like