Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Security Architecture

Published byJohnathan Poole Modified over 9 years ago

Similar presentations

Presentation on theme: "Introduction to Security Architecture"— Presentation transcript:

1 Introduction to Security Architecture
Andy Wood Enterprise Security Architect

2 agenda Types of Security Architecture What is Security Architecture?
Why do Security Architecture? What is SABSA? What is the SABSA Framework? SABSA Models SABSA in the Real World Integration to other Frameworks Training & Certification agenda

3 Types of security architecture
Two types of Security Architecture: Enterprise Security Architecture (ESA) Part of EA function. Development of security Models and Frameworks for business to operate under. Drives security holistically through every part of the business. Ensures security supports business strategy and objectives. Solution Security Architecture (SSA) Project / Programme Scope Capture security requirements for project/programme Ensure integration with enterprise models Types of security architecture

4 What is security architecture?
Problem solutioning with a focus on Security Ensuring security requirements are identified and met. Ensuring controls & enablers are proportionate to risk & opportunity. Ensuring security services are managed through its lifecycle. Security Architecture is a business supporting function Must be maintained. Must evolve to changes in threat landscape and business strategy. What is security architecture?

5 Why do security architecture?
To support the business deliver its objectives in a risk and opportunity managed way Need to understand the risks and opportunities Need to implement controls and enablers to support (1) Need to deliver service management to support (2) Prevent introduction of unknown risk. Why do security architecture?

6 What is SABSA? Sherwood Applied Business Security Architecture (SABSA)
“Methodology for developing business-driven, risk and opportunity focused security architecture, and for delivering security solutions that traceably support the business requirements.” (SABSA) Sherwood Applied Business Security Architecture (SABSA) John Sherwood, David Lynas and Andrew Clark Started in mid-1995 following consultancy engagements No framework at the time (or since) to deliver ESA properly De facto framework used today globally in different markets and sectors including government and defence. Builds upon “missing components” from other frameworks Doesn’t re-invent – i.e. implementation isn’t in SABSA – use PRINCE2 Open Source & protected by SABSA Institute What is SABSA?

7 What is SABSA? SABSA Institute Formed 2012/13 to protect the framework
Will ensure framework evolves and matures Will provide resource to develop and market next versions Manages the chartered architect exam What is SABSA?

8 Sabsa framework

9 SABSA Model for security architecture

10 Sabsa matrix

11 Many models available for direct use, or can be customised.
These include: Attribute profiling Risk & Opportunity Model Multi-Tiered Control Strategy Assurance Framework Maturity Model Governance Model Vitality Model Domain & Trust Model Policy Model Lifecycle Model, etc… Frameworks and models

12 Attribute profiling Most powerful tool in SABSA
To be introduced in future TOGAF version Conceptual abstraction of real business requirement. Standardised and re-usable. Provides 2-way traceability. Defines monitoring & reporting. Starting Taxonomy available Attribute profiling

13 Standard attribute taxonomy

14 Multi-tiered control strategy (MTCS)
Defence in depth applies layering of controls to reduce risk are the layers providing the right type of controls? is it cost effective? does it meet BRs? Multi-Tiered Control Strategy controls architected to function Deter, Prevent, Contain, Detect, Track, Recover and Assure Provides cost effectiveness by preventing over investment Traceability of controls back to BRs Provides justification Provides assurance around controls Multi-tiered control strategy (MTCS)

15 MTCS Model

16 Mtcs enhanced

17 Sabsa in the real world Green Field Architecture
Clean and simple Brown Field Architecture Muddy waters Unknown current state Heavy emphasis on strategy Sabsa in the real world

18 Integration with frameworks
Flexible and adaptive framework Aligns with others such as TOGAF ITIL COBIT ISO27001 SOX PCI-DSS And any other… Integration with frameworks

19 Training & certification
Three levels Foundation (SCF) [4,500] (knowledge of) Official foundation course + 2 multiple choice exams (96Q’s / 75%+) in 2 hours. Practitioner (SCP) [400] (able to apply) One official specialised course + 2 essay questions. Master (SCM) [8] (able to redevelop) Two official specialist courses + 10,000 word thesis. Four specialisms Security Architecture Design & Development Risk Management & Governance Business Continuity & Crisis Management Security Operations & Service Management Training & certification

Download ppt "Introduction to Security Architecture"

Similar presentations

Enterprise Architecture Rapid Assessment

Enterprise Architecture Rapid Assessment
© 2006 itSMF USA. All rights reserved. ITIL v3 – Familiar Ground, New Territory David Cannon ITSM Practice Principal - HP.

© 2006 itSMF USA. All rights reserved. ITIL v3 – Familiar Ground, New Territory David Cannon ITSM Practice Principal - HP.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
Company profile Intelligent Development Solutions is a Proprietary company, registered in Zambia. The firm is made up of consultants who are professionals.

Company profile Intelligent Development Solutions is a Proprietary company, registered in Zambia. The firm is made up of consultants who are professionals.
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.

Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
ISEB Qualifications an evolving framework for the future.

ISEB Qualifications an evolving framework for the future.
Improving IT Governance Through Formal Change Management

Improving IT Governance Through Formal Change Management
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
IS6112 Application Modelling and Design Introduction.

IS6112 Application Modelling and Design Introduction.
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
PRINCE2™ Now and Next. Andy Murray PRINCE2 Lead Author Outperform UK Ltd.

PRINCE2™ Now and Next. Andy Murray PRINCE2 Lead Author Outperform UK Ltd.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
AP039: Your ERP Opportunity Trent Innes – Dynamics Sales Manager Matt Sheard – Dynamics Solutions Specialist ERP.

AP039: Your ERP Opportunity Trent Innes – Dynamics Sales Manager Matt Sheard – Dynamics Solutions Specialist ERP.
Developing Enterprise Architecture

Developing Enterprise Architecture
A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

Similar presentations

Ads by Google