Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.

Slides:

Advertisements

Similar presentations

Connected Health Framework

Advertisements

IT Governance & Quality Management

Life Science Services and Solutions

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

<<Date>><<SDLC Phase>>

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Building a SOA roadmap for your enterprise Presented by Sanjeev Batta Architect, Cayzen Technologies.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

TI BISNIS ITG using COBIT &

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Security Controls – What Works

SOA Update from The Open Group OMG Technical Meeting 4 December 2006 Dr Christopher J Harding Forum Director Tel Mobile

ISS IT Assessment Framework

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

Connect – Mersey Care NHS Trust & SCC Knowledge Driven Health.

Information Systems Controls for System Reliability -Information Security-

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

Getting Smarter with Information An Information Agenda Approach

SharePoint Governance Success Getting Started with Governance CalSPUG Edition Presented by Sag Baruss Published January.2014 Version 1.7.

Developing Enterprise Architecture

An Introduction to the new features in TOGAF® 9

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

The disappearing perimeter and The need for secure collaboration Bob West Founder and CEO, Echelon One, & Jericho Forum ® Board Member Jericho Forum at.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

44 Montgomery Street Suite 960 San Francisco, CA USA Tel Cell

Roles and Responsibilities

CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.

Gershon Janssen 11 th October 2011 London Privacy Management Reference Model International Cloud Symposium 2011.

The Jericho Forum’s Architecture for De-Perimeterised Security Presentation at CACS 2007 Auckland Prof. Clark Thomborson 10 th September 2007.

Jericho’s Architecture for De-Perimeterised Security Presentation at ISACA/IIA Wellington Prof. Clark Thomborson 27 th July 2007.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

The Open Group Architecture Framework (TOGAF) Version 7 John Spencer, Director – Architecture Forum Anaheim, January 24 th 2002.

Setting the Foundations  The Jericho Forum “Commandments”  Nick Bleech Rolls Royce & Jericho Forum Board.

The DoD Information Enterprise Strategic Plan and Roadmap (SP&R)

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

Enterprise Architecture HOW COMPANIES ARE EXPLOITING INFORMATION TO THROUGH IT.

Jericho Commandments, Future Trends, & Positioning.

Secure Business Collaboration Do It Now!

COA Masterclass The introduction! Paul Simmonds Board of Management, Jericho Forum ® ex.CISO, ICI Plc.

© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.

12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

MITA -- A Vision of Evolving Medicaid Systems The View from CMS Rick Friedman Director, Division of State Systems Centers for Medicare & Medicaid Services.

Basic Concepts Key Learning Points : The objectives of this chapter are as follows:  To provide an introduction to the basic Concepts of enterprise architectures,

Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.

The Four Pillars of Identity: A Solution for Online Success Tom Shinder Principle Writer and Knowledge Engineer, SCD iX Solutions Group Microsoft Corporation.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

TOGAF and Information Governance Richard Jeffrey-Cook TOGAF and Information Governance Richard Jeffrey-Cook DLM Forum - Dublin.

Department of Computer Science Introduction to Information Security Chapter 8 ISO/IEC Semester 1.

Azure Stack Foundation

Michael J. Novak ASQ Section 0511 Meeting, February 8, 2017

Open Platform 3.0™ Overview – 3rd August 2016 Dr Christopher J Harding

BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.

Transforming business

IT and Project Management Best Practice Training

The disappearing perimeter and The need for secure collaboration

EA Modelling Guidelines

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

Collaboration Oriented Architecture COA Position Paper An Overview

The MobileIron® Threat Detection difference:

Data Governance & Management Skills and Experience

Presentation transcript:

Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information Architect, Eli Lilly

Questions at the end, please! Apart from points of clarification.

Backgrounder Technically an Open Group Forum Founded by CISO’s of multinational companies in January 2004 to respond to… De-Perimeterisation Today: 42 Member Companies and growing Mission Act as a catalyst to accelerate the achievement of the collective vision, by: Defining the problem space Communicating the collective vision Challenging constraints and creating an environment for innovation Demonstrating the market Influencing future products, services, and standards

Suppliers Customers Desired Future State Standards and Solutions Standards Dev Customers Suppliers Police and Gov’t Agencies Security Forum Work Types Needs Principles Strategy Position Papers Guidelines Standards Solutions White Papers Patterns Use Cases

Backgrounder The journey so far… Defined the issue, and created noise around … –We don’t apologise for the controversy! Created the Commandments, there are 11! Created a generic Roadmap Trademarked: Jericho Forum Created Inherently Secure Communications Paper Published the COA Position Paper

Why the COA Position Paper? We had defined the Problem… We had developed a set of “Principles” in the Commandments… We had created a roadmap (Though not rich with content) We realised we needed to provide more details around the Solution….

COA: The Papers Framework Introduction Problem Why Should I Care? Components of COA Recommended Solution/Response Conclusion The Way Forward

Introduction Aim: To provide a guiding framework that enables Secure Information Sharing in a Collaborative environment. Aligned to the Jericho Forum Commandments 4-8 pertaining to  Surviving in a Hostile World  Need for Trust  Identity Management and Federation

Problem Traditional approaches to architecting security solutions are aimed at securing organizational borders, and the network, reinforcing a ‘perimeterised’ perspective. This is contrary to the future business needs of most organisations.

A Lilly segway We are changing from a FIPCo to a FIPNet. –Fully Integrated Pharmaceutical Company –Fully Integrated Pharmaceutical Network Collaboration will be a core capability.

Why Should I care? De-perimeterisation is happening NOW! COA is the framework that will allow appropriately architected business-driven solutions to be developed and delivered. Adopting COA allows the added value of de-perimeterisation while mitigating the additional risks to your organizations.

Components of COA Services - Federated Identity - Policy Management - Data/Information Management - Classification - Audit Solution Attributes Usability/Manageability Availability Efficiency/Performance Effectiveness Agility An Architects’ View Principles - Known parties - Assurance - Trust - Risk - Compliance - Legal, Regulatory, Contractual - Privacy Technologies - End Point Security/Assurance - Secure Communications - Secure Protocols -Secure Data/Information - Content Monitoring - Content Protection Processes People Risk Information Devices Enterprise Secure! Reliable! Trustworthy!

Recommended Solution/Response A section that describes how existing standards, protocols and frameworks should be used and supplemented with additional standards, tools, and services to deliver COA… ITIL TOGAF COBIT ISO 27001/2 SAML SOA

Conclusion Implementing COA builds upon existing standards and practises to enable effective and secure collaboration COA provides a high level pattern to allow legacy applications to be re-architected to be collaboration oriented. It takes a different mindset, and new services, both in the cloud and around the data.

The way forward The COA position paper sketches the skeleton We need to collectively refine / develop the standards, tools and services in more detailed papers Many of which can, and should be taken up by the Security Forum and ultimately service providers Example : Inherently Secure Communications Standard Trust / Classification Framework….