Professional Documents
Culture Documents
0
DECEMBER 4, 2017
Disclaimer: The chosen case scenario is for learning purposes only. The plan presented in the case scenario is fictitious
and are not intended to be implemented without professional consultation. Reference herein to any specific
commercial products, processes, or services by trade name, trademark, manufacturer, or otherwise does not constitute
or imply its endorsement, recommendation, or favoring by the U.S., State, or local governments, and the information
and statements shall not be used for the purposes of advertising.
David Smith, CEO Excellent service to be maintained by security system Cryptography in storage (protected)
“business enabling” especially for internet technologies
PKI Cryptography in transmission (efficient)
TPM (cryptographic hardware)
Key management Solution
Data redundancy
Business continuity / Data backup
Business threat intelligence platform (Offensive Strategy)
Juan Carlos, COO Multilingual applications; Secure reliable VPN; VPN Solution
application to secure procurement for travel for
Multifactor authentication
business managers; communication application includes
enhanced function (e.g. speed, interface) Secure Virtual Meeting Solution
Enables Travel Procurement Security
Business Expense Policy
Application translatable to many languages
Allows for culturally sensitive messages for holidays in
region
Rosemary brown, Customer relationship management and customer Single-sign on for users
VP of eBusiness service will be enabled and/or enhanced
Simple interface
Reader Consideration:
This architectural layer is described as “able to design the forest rather the trees”. Meaning, the architect is concerned
with the overall shape and size of the forest, tree locations, density, and overall mix of tree species. This document will
provide an introductory view of the security strategies to be deployed.
The deliverables for IBFS matched to the SABSA model are as follows:
Assets (What) Motivation (Why) Process (How) People (Who) Location (Where) Time (When)
Business
Business Risk Business Process Business Business Time
The Business Organization &
Management Model Geography Dependencies
Relationships
Security
Business Security Entity Security-Related
Control Strategies & Security Domain
Attributes Profile Model & Trust Lifetimes &
Objectives Architectural Model
Framework Deadlines
Layering
Specific Deliverables:
1) SABSA ® Business Attributes Profile. Includes selected business attributes, definitions, metric types, measurement
approaches.
2) SABSA ® Business Risk Model. Includes statement to include control objectives
3) Assessment of the current status of security against the SABSA ® Business Attributes Profile and associated control
objectives
4) Description of the architectural layering to be employed, and the major security strategies and concepts mapped to
the control objectives
5) A series of breakout documents, each describing a major security strategy
6) The security entity model and trust framework
7) The security domain model
8) A list of security-related lifetimes and deadlines to be addressed at lower layers
(Sherwood et al., 2005, p. 116)
iNFORMATICS, Inc.
October 27, 2017
Ryan Nye, Security Architect
Internal Memo: Post Interview Snapshot
Concerns of management:
David Smith, CEO Architecture should ensure customer’s confidence to maintain their private
information
Juan Carlos, COO “Operate on a truly global scale”
Rosemary brown, Architecture is sensitive to the needs of customers; Customer will not be pushed to
products, but will be in control by browsing applications
VP of eBusiness
Helmut Meyer, CFO Expensive security platforms and solutions: “cost a lot in past without demonstrable
benefits”
Brian Jones, Excessive requests for login credentials; systems to stay independently secure while
exchanging marketing information
VP of Marketing
What we will need to get their agreement to the conceptual security architecture:
David Smith, CEO Excellent service to be maintained by security system “business enabling” especially
for internet technologies
Juan Carlos, COO Multilingual applications; Secure reliable VPN; application to secure procurement for
travel for business managers; communication application includes enhanced function
(e.g. speed, interface)
Rosemary brown, Customer relationship management and customer service will be enabled and/or
enhanced
VP of eBusiness
Helmut Meyer, CFO Clear ROI breakdown; system will be flexible to enable integration and disintegration
of business units
Brian Jones, Single-sign on mechanisms, System to remain in control of flow of information
throughout network and be sensitive to laws and regulations (EU)
VP of Marketing
Ranjit Patel, CIO Standards and protocols to interface with legacy networks; System will improve on-
time transactions and will communicate with legacy networks; system will be scalable
up and down as integration and disintegration occurs
Ho Siew Luan (Sarah), Documentary evidence of physical and logical controls of architecture. will account for
range of compliance needs. Specifically, to reduce insider trading
Director of Compliance
The standards applied will follow the ISO standards. ISO standards are reviewed every 5 years to ensure its applicability
and effectiveness. The website describes the standards as the following:
“ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving
an information security management system within the context of the organization. It also includes requirements for
the assessment and treatment of information security risks tailored to the needs of the organization. The requirements
set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size
or nature” (ISO.org, n.d.).
35 control objectives
ISO/IEC 27002 specifies some 35 control objectives (one per “security control category”). These control objectives
provide guidance concerning the need to protect the confidentiality, integrity and availability of information
(ISO27001.com, n.d.).
Example
Infamous American Designer of the 1940’s Charles Eames said, “Recognizing the need is the primary condition for
design” (Eames, n.d.). For a Security Architect, the quote is applicable, as the needs of the business and identifying key
motivations for are recognized first. The enterprise builder may use the SABSA model. The model divides the
architectural building process into six layers and asks six questions on each layer: what, why, how, who, where, and
when. In this document, an audit layer is added to make it an all-inclusive seven-layer model. Each layer is dependent on
the plans of the preceding layer until built, where it will ultimately be managed and inspected.
The business attributes profile is a tool used to justify the business driver (increase value) by assigning key attributes
that promote a business stance in the areas of:
• Usability of the system and interfaces
• Management of the system
• Operational attributes of the system
• Risk management of the organization
• Legal & regulatory issues of the business
• Technical and feasibility issues
• Overall Business Strategy
The business attributes can be used in two ways:
First, we can use as a pick-list to prompt your thinking on business drivers - start with attribute list to create list of
related business drivers. Second, we can use as a cross-check for completeness of the business drivers -start with a list
of business drivers and cross-check against business attribution list. "The one-to-one mapping of business attributes to
business drivers is not a necessity" (Sherwood et al., 2005, p. 89). For this project, we used the list as both cross-check
and prompt to obtain the 51 business drivers.
Example
DOCUMENT REFERENCE: FinalProject.Week7.RYANNYE “Business Drivers”, “Business Attributes”, “Attributes Profile&Metrics” tabs
The SABSA ® Business Risk model is a qualitative measurement method that classifies risk into a series of band. First,
we match business drivers to business attributes (from a predetermined list). Second, we pull the relevant threats from
a database and assign them to the business drivers. Third, we estimate what impact this would have on IBFS. Fourth,
we look into what specific vulnerabilities would compromise the network. Fifth, we assign a risk category using the
following model:
We then provide risk mitigation by providing control objectives. In the SABSA ® Risk Model provided to IBFS, we have
provided both ISO controls and specific risk mitigation procedures.
The developed SABSA ® Business Risk model for IBFS can be found at the following:
DOCUMENT REFERENCE: FinalProject.Week7.RYANNYE “Business Risk Model” tab
SNAPSHOT
DOCUMENT REFERENCE: FinalProject.Week7.RYANNYE “Layered Security”, "MultiTierSecurity", "Security Strategy View" tabs
FAQ: Why do we want to avoid application security within the Network Layer?
Application security at the network layer would be “unsound because it locks application security into network topology
dependence”. For example, when the network topology changes, the application security is at risk. The reading
recommends “separation and independence of application security and network security is the best architectural
approach”.
Reporting tools
Integrity
Authenticity
Roles
Authorization certificates
Non-repudiation
Digital signatures
Notarization servers
Non-Repudiation
Transaction logs
DOCUMENT REFERENCE: FinalProject.Week7.RYANNYE “Security Strategy View” tab Application Security Services
The data management solution provided to IBFS will implement security with both access restriction and protection of
informational resources. The data management security has the following functions:
• Access control to data
• Authorization based on business need
• Segregation of write access
• Data availability, integrity, confidentiality protection
• Authentication of SQL requests and responses
7 Application Layer
(HTTP, HTTPS, FTP, SMTP, SSH, SMB,
POP3, DNS, NFS, etc.)
6 Presentation Layer
(MIME, XDR)
5 Session Layer
(TLS/SSL, NetBIOS, SOCKS, RPC, RMI,
etc.)
3 Network Layer Network Layer Network naming, addressing, directory, and routing control
(IPv4, IPv6, ICMP, IPSec, IGMP, etc.) Network Protocols
DOCUMENT REFERENCE: FinalProject.Week7.RYANNYE “Security Strategy View” tab Communications Security Services
9.1 PREVENTION
Item Description
Subject Entity requesting access, which can be a human user or an external
system acting on behalf of a user.
Object The resource to which the subject is requesting access. The object
can be a data structure (e.g. file, database), an application function,
a computer system, a peripheral
Snapshot:
We can use the list as both a checklist and shopping guide to make sure product as all important mechanisms matched
to the security strategy.
DOCUMENT REFERENCE: FinalProjectSupportingDoc.Week7.RYANNYE “Security Service View” tab
The goals of system assurance is correctness, reliability, and proper operation of the system. The following areas
require a level of assurance for the three characteristics:
Risk can be evaluated by three main characteristics. Threat, asset, criticality, and system vulnerability. When all three
crossover to high risk, the risk must be prioritized to the top of the list.
(Wilson, 2013)
The graphic below refers to a flowchart draft of the new IBFS Risk Management system.
Snapshot:
As we saw with the graphic in the previous section, the directory authenticates users to the network. The directory
service contains entity object such as users, roles, groups, and hardware. File system objects involved may be
“container” or “leaf” objects. The file objects take upon a hierarchal structure. We will need to manage privileges to all
users to restrict access to system areas for which they are not authorized. The protection against high level changes to
users are evident: without the directory service, no other service can remain operable.
Snapshot:
FAQ: What aspects could you allow non-security personnel access to possibly change?
Information under their control such as personal contact information and address.
12/4/2017 SECURE ENTERPRISE ARCHITECTURE 25
Confidential
Snapshot:
To increase compliance, we will be using a PKI (public key cryptography) strategy for VPN connections and closely
connected business entities. This strategy will safeguard customer information from data leakage and safeguard
corporate information from insider trading. The four benefits that Public Key Cryptography provide are: authentication,
integrity protection, encryption key management, and non-repudiation. Authentication and integrity components are
assumed when each party generates a public-private key pair to initiate a secure connection (asymmetric cryptographic
relationship). The private key is used to create a digital signature on messages sent to the receiving party who can
verify the signature with a public key. Encryption key management is realized from the system which uses different keys
to authenticate message and encryption. Rules in key management issues are established from a certificate
authority(CA), certificate policy (CP), and certificate practices statement (CPS). Non-repudiation is achievable because
each party generates a unique key. The trusted independent certification authority can be uniquely linked to the party
that created them. This provides another issue which is trusting the certificate authority.
(MarkLogic, n.d.)
In the conceptual layer, we rate the security of the hosts running on the IBFS network. The tiers of hosts are divided into
customers, providers/partners, corporate workers on-site, and corporate workers off-site using VPN. These all make up
their own security domain.
The connections to CompanyX will be authenticated through various technologies: Kerberos server, LDAP, or PKI.
TRUST MODEL
TRUSTED TRUSTED AUTHENTICATION
USER HOST? NETWORK?
Customers NO NO Kerberos Realm 1 – Records Access
2FA – Message sent to email/phone to help secure host
Providers / Partners YES NO Kerberos Realm 2 – Database Access
PKI / Cert – VPN / Payment / EDI to IBFS Insurance
Snapshot:
10.3 VPN
Virtual Private Networks (VPNs) provide point-to-point encryption within the network layer. Many of the data streams
from IBFS branches to Corporate is completely encrypted. There is limited merit for utilizing VPNs to protect network
confidentiality because it provides little protection inside the enterprise itself. For example, the VPN provides encrypted
communication across the world to protect from outsider threats but the data transmitted will ultimately have to be
secured from unauthorized viewing at the receiving point. Our reading presents most security incidents occur on-site
and not over the communication channel.
FAQ: How do the terms Unconditionally Trusted and Conditionally Trusted relate to one another with respect to the
concept of Trusted Entities?
Unconditionally trusted entities are those that can misbehave without the violation of the policy being detected. A
conditionally trusted entity is one who’s misbehavior will be detected by the security policy.
A security domain is a set of security elements subject to a common security policy defined and enforced by a single
security policy authority. The security domain consists of security elements, policy, and rules. The element may be a
security entity (e.g. type of user) or object (e.g. data structure, database, computers). The security policy is created and
assigned to the elements or objects. The policy may be governed by a security policy authority. For users in a PKI setup,
the certificate authority governs the policy.
Snapshot:
ROI Consideration
Enhanced encryption technology to protect data will allow lowered price for cyber security insurance and avoid costly
lawsuits. “Encryption can add nearly 20% to an organizations ROI in security, and render data useless in the event of a
breach” (O’Leary et al., 2017).
ISO.org. (n.d.). ISO/IEC 27001:2013. ISO.org. Retrieved on December 11, 2017, from https://www.iso.org/standard/54534.html
ISO27001.com (n.d.) ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security
controls (second edition). Iso27001security.com. Retrieved on December 11, 2017, from
http://www.iso27001security.com/html/27002.html
Onlinetech.com. (n.d.). Technical Security. Onlinetech.com Retrieved on December 11, 2017, from
http://www.onlinetech.com/compliance-security/secure-hosting/technical-security
Pham, T. (2015, December 7). Encrypting Data to Meet HIPAA Compliance [Web Log Post]. Onlinetech.com. Retrieved from
http://resource.onlinetech.com/encrypting-data-to-meet-hipaa-compliance/
Sherwood, J., Clark, A., Lynas, D. (2005). Enterprise Security Architecture, A Business-Driven Approach. Boca Raton, Florida: CRC
Press.
Wilson, S. [RSA Conference 2013]. (2013, May 30). Why Companies Fail with Compliance Initiatives - Seth Wilson [Video File].
Retrieved from https://www.youtube.com/watch?v=RrGamuOHIlU
University of San Diego. (n.d.). Module 5 Presentation, Physical Security Architecture [Video File]. Retrieved from
https://ole.sandiego.edu