Professional Documents
Culture Documents
Guiding Principles
q Define protections that enable trust in the cloud. q Develop cross-platform capabilities and patterns for proprietary and open-source providers. q Will facilitate trusted and efficient access, administration and resiliency to the customer/consumer. q Provide direction to secure information that is protected by regulations. q The Architecture must facilitate proper and efficient identification, authentication, authorization, administration and auditability. q Centralize security policy, maintenance operation and oversight functions. q Access to information must be secure yet still easy to obtain. q Delegate or Federate access control where appropriate. q Must be easy to adopt and consume, supporting the design of security patterns q The Architecture must be elastic, flexible and resilient supporting multi-tenant, multi-landlord platforms q The architecture must address and support multiple levels of protection, including network, operating system, and application security needs.
Version 2.0
Presentation Services
Presentation Platform Presentation Modality
Consumer Service Platform
Social Media Search
End-Points
Mobile Devices
Mobile Device Management
Desktops
Company owned Third-Party Public Kiosk
B2B P2P
InfoSec Management
Capability Mapping Risk Portfolio Management Risk Dashboard
Medical Devices
Smart Appliances
Handwriting (ICR)
IT Governance
Architectrure Governance Standards and Guidelines
Secure Sandbox
Audit Management
IT Risk Management
Data Governance
Data Ownership / Stewardship Secure Disposal of Data
SaaS, PaaS, IaaS
Resource Management
Segregation of Duties Contractors
PMO
Program Mgmnt Project Mgmnt Remediation
Portfolio Management
Maturity Model Roadmap Strategy Alignment Input Validation Security Design Patterns
Application Services
Programming Interfaces Security Knowledge Lifecycle
Attack Patterns Code Samples Security Application Framwrok - ACEGI
Identity Management
Domain Unique Identifier Identity Provisioning Federated IDM Attribute Provisioning
Authentication Services
Risk Based Multifactor Auth Smart Password OTP Card Management Biometrics Network Authentication Single Sign On Middleware WS-Security Authentication Identity Verification OTB AutN SAML Token
Handling / Labeling / Security Policy Rules for Information Leakage Prevention Rules for Data Retention
Integration Middleware
Service Delivery
Service Level Management
Objectives OLAs Internal SLAs External SLAs
Development Process
Self-Service
Security Code Review Application Vulnerability Scanning Stress and Volume Testing
Entitlement Review Policy Policy Definition Enforcement Principal Data Policy Management Mangement Resource Data XACML Management Role Obligation Management Out of the Box (OTB) AutZ
Authorization Services
Abstraction
Capacity Planning
Risk Management Framework Business Technical Assessment Assessment Independent Risk Management
Information Services
Application Performance Monitoring
Asset Management
Service Costing Charge Back Operational Bugdeting Investment Budgeting
Service Delivery
Service Catalog SLAs OLAs Dashboard Recovery Contracts Plans
Reporting Services
Data Mining Reporting Tools Business Intelligence
PMO Strategy Roadmap
ITOS
Problem
Management
Incident
Management
BOSS
Risk Assessments Data Classification Process Ownership
Penetration Testing
Internal External
Threat Management
Source Code Scanning Risk Taxonomy
CMDB
Knowledge
Management
Data Governance
Risk Assessments NonProduction Data Information Leakage Metadata Session Events
Security Monitoring
Service
Management
Change
Management
Audit Findings
Authorization Events
Authentication Events
Business Strategy
Application Events
Network Events
Computer Events
Behavioral Malware Prevention White Sensitive File Listing Protection AntiHIPS / Host Virus HIDS Firewall
Server
End-Point
HIPS /HIDS
Network
Behavioral Malware Prevention Firewall Content Filtering DPI Inventory Control NIPS / Wireless NIDS Protection Link Layer Network Security Black Listing Filtering
Legal Services
Contracts E-Discovery Incident Response Legal Preparation
Internal Investigations
Forensic Analysis e-Mail Journaling
Physical Inventory
Knowledge Repository
Risk Management
GRC RA BIA
Transformation Services
Database Events Privilege Usage Events
Application
XML Applicance Application Firewall Secure Messaging Secure Collaboration
Real Time Filtering
Change Logs
DR & BC Plans
VRA
TVM
ACLs
CRLs
Compliance Monitoring
NIPS Events
DLP EVents
eDiscovery Events
Registry Services
Location Services
Federated Services
Data Protection
Data lifecycle management
Meta Data Control eSignature
(Unstructured data)
Incident Management
Security Incident Response
Problem Management
Event Classifiation Trend Analysis Root Cause Analysis Problem Resolution
Self-Service
Internal Infrastructure
Infrastructure Services
Asset Handling
Data Software Hardware
Virtual Infrastructure
Remote
Facility Security
Controlled Physical Access
Barriers Security Patrols Electronic Surveillance Physical Authentication
Knowledge Management
Best practices Trend Analysis Benchmarking Security Job Aids Security FAQ
Patch Management
Compliance Monitoring Service Discovery
Servers
Secure Build Image Management
LDM LUN
LVM
Storage DeviceBased
Network-Based
Appliance Switched
End-Point
(Data in Use)
Server
(Data at Rest)
Change Management
Domain
Container
Process or Solution Data
Service Provisioning
Approval Workflow
Release Management
Scheduling Testing Version Control Build Source Code Management
Application Virtualization
End Point
Virtual Workspaces
Vertical Isolation
File-Based Virtualization
Symmetric Keys
Data-in-use
Encryption (Memory)
Data-at-Rest Encryption
(DB, File, SAN, Desktop, Mobile)
Server Virtualization
Virtual Machines (Hosted Based)
Full Paravirtualization Hardware-Assisted
Database Virtualization
Storage Services
Network Services
Network Segmentation Authoritative Time Source
OS VIrtualization
TPM Virtualization
Virtual Memory
Smartcard Virtualization
Co-Chairs: Jairo Orea, Yaron Levi, Dan Logan. Team: Richard Austin, Frank Simorjay, Yaron Levi, Jon-Michael Brook, Jarrod Stenberg, Ken Trant, Earle Humphreys, Vern Williams Date: 02/25/2013