Professional Documents
Culture Documents
</Today>
• Source: http://www.opensecurityarchitecture.org
Buildings
• IT Architecture <> Building Architecture
• FAIL
• Diagram of stiffness of a simple square beam (A) and
universal beam (B). The universal beam flange sections are
three times further apart than the solid beam's upper and
lower halves. The second moment of inertia of the universal
beam is nine times that of the square beam of equal cross
section (universal beam web ignored for simplification)
VS.
Security
• Definition
anyone?
• Security betekent dat de architect
eerst moet inloggen voor hij wat
mag zeggen…
Some sites attempt to use firewalls to solve
their network security problems.
Unfortunately, firewalls assume that "the
bad guys" are on the outside, which is
often a very bad assumption (MIT)
• Proper Diskette Care and Usage
• http://www.monster-island.org/tinashumor/humor/diskcare.html
• Security provided by IT Systems can be
defined as the IT system’s ability to being
able to protect confidentiality and integrity
of processed data, provide availability of
the system and data, accountability for
transactions processed, and assurance
that the system will continue to perform to
its design goals
• Source: http://www.opensecurityarchitecture.org
ISO/IEC 17799
NEN 7510
Defining
• Tends to be hard
• No-one agrees
• Multi-interpretable
• Inconsistent
• Vague
• Non conclusive
• Impractical
• …
What can we do?
• Make lists
• Talk by example
• Roll-Your-Own !!!
• Use what works
• Just choose
• …
So much in common
• About Real life
– Physical, information, behaviour, procedures, tech, etc
• Business critical
• Descriptive and normative
• Quality oriented
• Needs awareness
• Tend to make things a bit harder
and costly
• Take thought, balance
and nuance
• …
Architecture is:
Relation
What I Do…
Samen Veilig
Architectuur
Open
• The design artifacts that describe how the
IT Security Architecture
security controls (= security
countermeasures) are positioned, and how
they relate to the overall IT Architecture.
These controls serve the purpose to
maintain the system’s quality attributes,
among them confidentiality, integrity,
availability, accountability and assurance.
• Source: http://www.opensecurityarchitecture.org
---3---
Match Made in Heaven?
• Architecture focuses on coherence,
principles, standards and buildingblocks,
• Security applies aspects of those to real life
• Architecture and Security are
interdependent. The one without the other
doesn’t make sense
• If separated, security remains limited to
Ad-Hoc conjuring up measures aimed at
risk reduction and generally towards
technocracy. That tends to not help the
organisation.
• Applying IT Security should be aimed at
providing the best experience for the user
or client with the least amount of
obstruction
• That way organisational goals (including
change) can be met.
• Architectural thinking supports that goal
This isn’t automatic.
Awareness is needed:
• Nabranders: w.kossen@gmail.com
</presentatie>