Enterprise Security Architecture Concepts and Practice
|
|
- Marion Jones
- 8 years ago
- Views:
Transcription
1 Enterprise Architecture Concepts and Practice Jim Whitmore Presentation to Open Group Oct 22, 2003 Enterprise Architecture
2 Abstract In the early 90 s IBM Global Services created a Consultancy to respond to the business opportunity for security services for IBM customers and in support of the IBM business. In 1999 there was an initiative in IBM to establish the security discipline within the IT Architect profession, along with related design methods and practitioner support materials. This presentation and discussion will offer a view of security architecture and security architecture methods. Topic Flow: Roles Methods, Models and Modeling for Elements of Enterprise Architecture 2
3 Roles in solution development projects Project Manager Consultant Architect Specialist A project manager is the person who leads and is accountable for the success of the project. A consultant is an agent of change, who advises and facilitates through: research, data collection, data analysis, preparation and presentation of recommendations, and project design. The IT Architect designs solutions to client business problems through the reasoned application of information technology. IT Specialists develop proof of concepts, design, develop, build, test and implement systems. IT Specialists are the hands on professionals. Business representation of architecture System representation of architecture Physical representation of architecture Stakeholder view Structural view User view Behavior view Environment view Implementation view specialist Operational view architect consultant Project timeline 3
4 in IBM Global Professions Architecture Architecture involves the design of inter- and intraenterprise security solutions to meet client business requirements in application and infrastructure areas. Architects performing Architecture work must be capable of defining detailed technical requirements for security, and designing, documenting and assuring al and operational architectures using appropriate security technology and process components, and validating that the solution meets the security requirements. 4
5 Methods, Models and Modeling 5
6 A design method requires a model and a systematic process with thoughtful constraints Models are developed and applied in several ways: (1) an example is a model with no claims of correctness; (2) a pattern is a model that represents a clear and detailed archetype or prototype; (3) an exemplar is a faultless standard that is the source of comparison; (4) an ideal is the best possible exemplification, either real or conceptual. What category of model is best practice? Modeling is that part of the design process that creates a new form (an instance) from the initial form (a model). It is common practice to iterate through the modeling process several times in order to consider all of the requirements, s and constraints before achieving a balanced solution. On a small scale, modeling can be a mental process for a single individual. Modeling expands dramatically when there are multiple designers and hundreds of diverse requirements that need to be reconciled. 6
7 Modeling lifecycle Custom Integrated sub-assemblies Mass Customization Plug-and-Play Each instance of architecture is one of a kind. Each overall architecture is one-of-a-kind, with recognizable elements. Basic tools and seasoned reference materials that lead to consistent and repeatable instances of architecture. Self-defining, self configuring technologies that can be integrated using intuitive tools. few artifacts or reliable models prototype models based upon artifacts archetype models vetted patterns Embedded Wireless networking Object oriented programming Wired networking Lifecycle timeline 7
8 Models for security 8
9 Depending upon your background, Information Technology may be expressed in various ways. Information Assurance (IA) Information Systems (INFOSEC) 9
10 Here is an alternate view that aligns knowledge and the responsibility to Application Development, Systems Operations and Network Operations organizations / departments. Authentication Authorization Access Control Callable Services Performance Availability Configuration Operations Application and Data System Network Firewalls Encryption Virtual Private Networks Intrusion Detection 10
11 However security is described, an effective Information strategy requires a broad understanding of the business landscape Authentication Authorization Access Control Callable Services Information Assurance (IA) Performance Availability Configuration Operations Application and Data System Network Corporate Information Officer perspective Information Systems (INFOSEC) Firewalls Encryption Virtual Private Networks Intrusion Detection 11
12 and knowledge of how to apply a wide range of security-related technologies. Authentication Authorization Access Control Callable Services Operating Systems Corporate Information Officer perspective Data Applications Application and Data Biometrics Hardware Business Driven Integrated solutions Middleware Cryptographic services Network Perimeters This is not a model! Services System Protocols Performance Availability Configuration Operations Anti-virus Firewalls Encryption Virtual Private Networks Intrusion Detection 12
13 In support of IBM security practitioners, a conceptual model for s has been developed from Common Criteria Functional Requirements. Subsystems Common Criteria Functional Requirements classes Audit (FAU) Communication (FCO) Cryptographic support (FCS) User data protection (FDP) Identification and authentication (FIA) management (FMT) Privacy (FPR) Protection of s (FPT) Resource utilization (FRU) TOE access (FTA) Trusted path/channels (FTP) Patent Pending # Credential Subsystem Access Control Subsystem Information Flow Control Subsystem Audit Subsystem Solution Integrity Subsystem 13 Method for Designing Secure Solutions, IBM Systems Journal, September 2001 (see References page)
14 The model provides a bridge between multiple views of Information Systems and Management tasks of policy definition, enforcement and review. Subsystems Authentication Authorization Access Control Callable Services Performance Availability Configuration Operations Credential Subsystem Applications Data Business Driven Integrated solutions Middleware Services Access Control Subsystem Operating Systems Corporate Information Officer perspective Application and Data Biometrics Hardware Cryptographic services Network Perimeters System Protocols Anti-virus Firewalls Encryption Virtual Private Networks Intrusion Detection Information Flow Control Subsystem Audit Subsystem Solution Integrity Subsystem 14
15 When combined with a thoughtful constraints, this system model can provide a starting point for design as well as a baseline for evaluating the completeness of a design. Output of the design process: 1. Stakeholder view 2. Structural view 3. User view 4. Behavior view 5. Environment view 6. Implementation view 7. Operational view Subsystems Credential Subsystem Access Control Subsystem Some thoughtful constraints: 1. All five subsystems exist in every design 2. All five subsystems are interdependent 3. The strength of security mechanisms and services helps determine trustworthiness of solution 4. The integration of security mechanisms and services with business processes helps determine trustworthiness of solution 5. Some security mechanisms and services may necessarily exist in non-security components Information Flow Control Subsystem Audit Subsystem Solution Integrity Subsystem 15
16 Modeling for security 16
17 Functional modeling vs. Pattern-based modeling Custom Each instance of architecture is one of a kind. Design Traceability via documentation Integrated sub-assemblies Each overall architecture is one-of-a-kind, with recognizable elements. Design by best practice? Mass Customization Basic tools and seasoned reference materials that lead to consistent and repeatable instances of architecture. Plug-and-Play Self-defining, self configuring technologies that can be integrated using Design intuitive Traceability tools. via certification Functional / Operational modeling Pattern-based modeling few artifacts or reliable models prototype models based upon artifacts archetype models vetted patterns Embedded Wireless networking Object oriented programming Wired networking Lifecycle timeline 17
18 Directory -white pages -entitlements ID / passwd JAAS AznAPI Domains Intrusion Detection Biometrics Perimeters Operation practices Service level agreements Storage backup Capacity plan Failover configuration VPN Services -Managed -Emergency Response H/W crypto 4758, TPM -PCIA / PCIC -Tokens/smartcards Monitor - Device - Component - System Testing -Ethical hack Recovery -Disaster plan IBM Functional / Operational Modeling for Credential lifecycle Credential Validation Credential Distribution Enrollment Credential (example) Authorization Authentication Identification Access Control Functional: Technology independent abstraction of security components Attachment Transfer protocol Domain Boundary Flow Control Structural view User view Behavior view Report Analysis Correlation Collection Audit Recovery s Tests Physical and logical Protections Solution Integrity Administration and Policy Mgmt Symmetric and Asymmetric Cryptography Business Driven Solution Packages Middleware Applications Public Key Infrastructure Protocols Privacy Federated Identity Web Services RACF - SAF Identity Mgmt Operational: Technology related mapping of security components Firewalls (example) Kerberos Proxy Access Mgmt Flow Control Environment view Implementation view Operational view Digital Signature Event Mgmt Anti-virus Operational Resilience 18
19 Here is a sample e-business architecture (see reference page) Reporting Event Alerting Audit Event Analyze Event Logging Component logging Enterprise Architecture Flow Control Access Control Trusted Credential E-Business Community Uncontrolled Controlled Restricted Secured External Community External Attachment SSL Gateway Browser Application Client User/group enrollment Controlled Zone Boundary SSL Gateway User/group approval Managed Community Static Attachment Web Portal Static Attachment SSO Portal Authorizations Credenti Storag Credential Creation Restricted Zone Boundary Managed Community Managed Attachment Secured Application Client Authorizations Credential Distribution Storag Authorizations Credential Storage Secured Zone Boundary Static Attachment SSO Services User/system admin Closed Community Static Attachment Secured Application Server Other userid / pswd SSO Digital Sig Solution Integrity System Integrity Software Integrity Data Integrity Availability Management Policy Audit Service Management 19
20 Patterns-based modeling a starting point for architecture IBM Patterns for e-business* Business patterns Composite patterns Integration patterns Examples Self service Collaboration Information Aggregation Extended Enterprise e-commerce Portal Account Access Trading Exchange Sell-side hub Buy-side hub Access Integration Application Integration Web Presence Business-to-Consumer Business-to-Business * 20
21 Patterns-based modeling for IBM Patterns for e-business* Business patterns Composite patterns Integration patterns IBM Business Patterns** Business System Mgmt Self service Collaboration Information Aggregation Extended Enterprise e-commerce Portal Account Access Trading Exchange Sell-side hub Buy-side hub Access Integration Application Integration Integration Web Presence Business-to- Consumer Business-to- Business Operational High Assurance - work in progress * ** 21
22 Patterns-based Modeling Business representation Example Business System using Web Presence model Stakeholder view Business behavior view Information Aggregation Users Users Aggregator Users Data Self Service User Enterprise Systems and Databases Example Business System using Web Presence model System representation with security Business System Management Knowledge processes Policy enforcement processes Structural view System behavior view Information Aggregation Users Users Aggregator Users Data Policy Self Service User Enterprise Systems and Databases Policy 22
23 Patterns-based Modeling Business pattern: Self-service; Application pattern: Stand-Alone Single Channel Application Services: Access Mgmt with Self-service Identity Mgmt Outside world Demilitarized zone Internal Network Runtime View External Application domain Public Key Infrastructure Access Mgmt Service Mgmt domain User Identity Mgmt Service User view Environment view Implementation view Operational view (example) Domain Name Server User Business application Client Internet Application pattern 1: channel authorization encrypt Protocol firewall Packet filter Reverse proxy Server Mgmt domain Authenticate Relay encrypt Domain firewall Connection filter Web Application Server Presentation Database Directory Service Identity Mgmt App Service Application domain Application Legend Business flow flow Business application Client encrypt Application pattern 1a: channel & content authorization Packet filter Authenticate Relay encrypt Connection filter Presentation Authorize Application Approve integration flow policy or rule application Client Identity Mgmt Application pattern: self-service encrypt Packet filter Authenticate Relay encrypt Connection filter Presentation Authorize ID mgmt app ID mgmt Approve 23
24 Summary Architecture has multiple views. A design method requires a model and a systematic process with thoughtful constraints The effective practice of security architecture is dependent upon many aspects of the design process. More work needs to be done in the area of architecture representation and visualization. Business representation of architecture System representation of architecture Physical representation of architecture Stakeholder view Structural view User view Behavior view Environment view Implementation view Operational view 24
25 Selected Resource Links Common Criteria International Telecommunications Union International Organization for Standardisation Internet Engineering Task Force Open Group (TOGAF) IBM Patterns for e-business IBM Systems Journal: Design Method Enterprise Architecture Redbook 25
Data Security and Healthcare
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
More informationEUCIP - IT Administrator. Module 5 IT Security. Version 2.0
EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single
More informationMobile, Cloud, Advanced Threats: A Unified Approach to Security
Mobile, Cloud, Advanced Threats: A Unified Approach to Security David Druker, Ph.D. Senior Security Solution Architect IBM 1 Business Security for Business 2 Common Business Functions Manufacturing or
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationSAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT
SAP SECURITY AND AUTHORIZATIONS - RISK MANAGEMENT AND COMPLIANCE WITH LEGAL REGULATIONS IN THE SAP ENVIRONMENT Foreword by Prof. Wolfgang Lassmann... 15 Foreword by Dr. Sachar Paulus... 17 1 Introduction...
More informationInformation Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100
Information Technology Career Cluster Introduction to Cybersecurity Course Number: 11.48100 Course Description: Introduction to Cybersecurity is designed to provide students the basic concepts and terminology
More information70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network
70 299 Implementing and Administering Security in a Microsoft Windows Server 2003 Network Course Number: 70 299 Length: 1 Day(s) Course Overview This course is part of the MCSA training.. Prerequisites
More informationInformation Technology Security Guideline. Network Security Zoning
Information Technology Security Guideline Network Security Zoning Design Considerations for Placement of s within Zones ITSG-38 This page intentionally left blank. Foreword The Network Security Zoning
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationHow To Write An Architecture For An Bm Security Framework
Security Reference Architecture James (Jimmy) Darwin James.Darwin@au.ibm.com 2010 IBM Corporation 0 Reference Architectures As part of the Time-to-Value Initiative, Reference Architectures have been identified
More informationBuilding Reference Security Architecture
Information Security, Privacy and Compliance Building Reference Security Architecture Bob Steadman, Sr. Director Predrag Zivic, Sr. Security Architect Information Security Too many organizations still
More informationHow To Protect Your Network From Attack
Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de
More informationMASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY
MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY HTTP://SCIENCE.HAMPTONU.EDU/COMPSCI/ The Master of Science in Information Assurance focuses on providing
More informationCommon Criteria. Introduction 2014-02-24. Magnus Ahlbin. Emilie Barse 2014-02-25. Emilie Barse Magnus Ahlbin
Common Criteria Introduction 2014-02-24 Emilie Barse Magnus Ahlbin 1 Magnus Ahlbin Head of EC/ITSEF Information and Security Combitech AB SE-351 80 Växjö Sweden magnus.ahlbin@combitech.se www.combitech.se
More informationSecurity Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP belka@att.net
Security Frameworks An Enterprise Approach to Security Robert Belka Frazier, CISSP belka@att.net Security Security is recognized as essential to protect vital processes and the systems that provide those
More informationTable of Contents. Page 1 of 6 (Last updated 30 July 2015)
Table of Contents What is Connect?... 2 Physical Access Controls... 2 User Access Controls... 3 Systems Architecture... 4 Application Development... 5 Business Continuity Management... 5 Other Operational
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationApproach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera
Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help
More informationTable of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.
Table of Contents PART I. IS Audit Process. CHAPTER 1. Technology and Audit. Technology and Audit. Batch and On-Line Systems. CHAPTER 2. IS Audit Function Knowledge. Information Systems Auditing. What
More informationCH ENSA EC-Council Network Security Administrator Detailed Course Outline
CH ENSA EC-Council Network Security Administrator Detailed Course Outline Summary Duration Vendor Audience 5 Days hands-on training EC-Council Security Professionals Level Technology Category Advance Ethical
More informationAPPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST
APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST Application Name: Vendor Name: Briefly describe the purpose of the application. Include an overview of the application architecture, and identify the data
More informationModule 1: e- Learning
Module 1: e- Learning SECTION 1: OVERVIEW... 2 PRIMER ON INFORMATION TECHNOLOGY, IS INFRASTRUCTURE AND EMERGING TECHNOLOGIES (12%) E-LEARNING... 2 Objective Objective:... 2 Task Statements... 2 Knowledge
More informationEntrust IdentityGuard Comprehensive
Entrust IdentityGuard Comprehensive Entrust IdentityGuard Comprehensive is a five-day, hands-on overview of Entrust Course participants will gain experience planning, installing and configuring Entrust
More informationEleventh Hour Security+
Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.
More informationUnifying IT Vision Through Enterprise Architecture
Unifying IT Vision Through Enterprise Architecture A model for Strategic Alignment Northeast Ohio Information Technology & Enterprise Architects (NEO-ITEA) Presentation To: Integrate 2010: Uniting the
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationICANWK602A Plan, configure and test advanced server based security
ICANWK602A Plan, configure and test advanced server based security Release: 1 ICANWK602A Plan, configure and test advanced server based security Modification History Release Release 1 Comments This Unit
More informationTivoli Access Manager for e-business 6.1.1 FP4 with Tivoli Federated Identity Manager 6.2.1 FP2 Security Target
Tivoli Access Manager for e-business 6.1.1 FP4 with Tivoli Federated Identity Manager 6.2.1 FP2 Security Target Document Version Number 1.30 Document Update Date: 2012-05-16 Authors: Scott Chapman, David
More informationH.I.P.A.A. Compliance Made Easy Products and Services
H.I.P.A.A Compliance Made Easy Products and Services Provided by: Prevare IT Solutions 100 Cummings Center Suite 225D Beverly, MA 01915 Info-HIPAA@prevare.com 877-232-9191 Dear Health Care Professional,
More informationFirewall Environments. Name
Complliiance Componentt DEEFFI INITION Description Rationale Firewall Environments Firewall Environment is a term used to describe the set of systems and components that are involved in providing or supporting
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationMcAfee Next Generation Firewall (NGFW) Administration Course
McAfee Product Education McAfee Next Generation Firewall (NGFW) Administration Course The McAfee NGFW Administration course from Education Services provides attendees with hands-on training on the design,
More informationEC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led
EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led Certification: ENSA Exam 312-38 Course Description This course looks at the network security in defensive view.
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationPractitioner Certificate in Information Assurance Architecture (PCiIAA)
Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationEnabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1
Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1 Agenda Introduction PAGE 2 Organization Speakers Security Spectrum Information Security Spectrum Oracle Identity Management
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationThis research note is restricted to the personal use of christine_tolman@byu.edu
Burton IT1 Research G00234483 Identity Management Published: 9 July 2012 Analyst(s): Ian Glazer, Bob Blakley Identity management (IdM) has become a distinct aggregation of functions for the maintenance
More informationICAWEB423A Ensure dynamic website security
ICAWEB423A Ensure dynamic website security Release: 1 ICAWEB423A Ensure dynamic website security Modification History Release Release 1 Comments This Unit first released with ICA11 Information and Communications
More informationCompany Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.
Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationVidder PrecisionAccess
Vidder PrecisionAccess Security Architecture February 2016 910 E HAMILTON AVENUE. SUITE 410 CAMPBELL, CA 95008 P: 408.418.0440 F: 408.706.5590 WWW.VIDDER.COM Table of Contents I. Overview... 3 II. Components...
More informationVendor Audit Questionnaire
Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be
More informationThis course is intended for IT professionals who are responsible for the Exchange Server messaging environment in an enterprise.
10233A: Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Course Number: 10233A Course Length: 5 Day Course Overview This instructor-led course provides you with the knowledge
More informationSimplify Your Network Security with All-In-One Unified Threat Management
Singtel Business Product Factsheet Brochure Managed Defense Unified Services Management Simplify Your Network Security with All-In-One Unified Management Singtel Managed Unified Management (UTM) Services,
More informationE-commerce Revision. Typical e-business Architecture. Routing and Addressing. E-Commerce Web Sites. Infrastructure- Packets, Routing and Addressing
E-Commerce Web Sites E-commerce Revision Companies create Web sites for very different reasons: simple proof-of concept sites Intranets (internal information) information-only sites for customers business-to-business
More informationChapter 12. Security Policy Life Cycle. Network Security 8/19/2010. Network Security
Chapter 12 Network Security Security Policy Life Cycle A method for the development of a comprehensive network security policy is known as the security policy development life cycle (SPDLC). Network Security
More informationATTPS Publication: Trustworthy ICT Taxonomy
Publication: worthy ICT Taxonomy Roger Berkley worthy ICT Taxonomy Research Cybersecurity technology is a considerably large subdomain of ICT. Technology experts like Gartner have identified at least 94
More informationLync SHIELD Product Suite
Lync SHIELD Product Suite The Natural Solution For Securing Lync Connectivity For today s mobile enterprise, the need to connect smartphones to the corporate network has become a vital business requirement.
More informationDesigning a Windows Server 2008 Applications Infrastructure
Designing a Windows Server 2008 Applications Infrastructure Course Number: 6437A Course Length: 3 Days Course Overview This three day course will prepare IT professionals for the role of Enterprise Administrator.
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationICANWK406A Install, configure and test network security
ICANWK406A Install, configure and test network security Release: 1 ICANWK406A Install, configure and test network security Modification History Release Release 1 Comments This Unit first released with
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationSecuring Data on Microsoft SQL Server 2012
Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to
More informationHow Reflection Software Facilitates PCI DSS Compliance
Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit
More informationThe Bomgar Appliance in the Network
The Bomgar Appliance in the Network The architecture of the Bomgar application environment relies on the Bomgar Appliance as a centralized routing point for all communications between application components.
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More information2003, Rainbow Technologies, Inc.
Expertise Corporate 25 Years of Security SMB to Fortune 30 Access Control 28 Million Hardware Keys 50% Token market share 6 Years of ikey Web Security 10 Years of SSL Secure > 50% of the Data NetSwift
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationClick to edit Master title style Mastertitelformat bearbeiten. Modeling Security Functional Requirements
Click to edit Master title style Click to edit Master text styles Second Mastertextformat level bearbeiten Third Zweite level Fifth Vierte level Fünfte Helmut Kurth Modeling Security Functional Requirements
More informationAgenda. How to configure
dlaw@esri.com Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context of ArcGIS Server/Portal for ArcGIS Access Authentication Authorization: securing web services
More information---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---
---Information Technology (IT) Specialist (GS-2210) IT Security Model--- TECHNICAL COMPETENCIES Computer Forensics Knowledge of tools and techniques pertaining to legal evidence used in the analysis of
More informationWeb Foundations Series Internet Business Associate
Web Foundations Series Internet Business Associate Internet Business Associate prepares students to work effectively in today's business environment. In this course, you will learn about the tasks involved
More informationInformation and Communications Technology Courses at a Glance
Information and Communications Technology Courses at a Glance Level 1 Courses ICT121 Introduction to Computer Systems Architecture This is an introductory course on the architecture of modern computer
More informationSecurity as Architecture A fine grained multi-tiered containment strategy
1 Security as Architecture A fine grained multi-tiered containment strategy Andras R. Szakal IBM Distinguished Engineer Chief Software Architect, U.S. Federal SWG aszakal@us.ibm.com 2 Objectives Cybersecurity
More informationCybersecurity Definitions and Academic Landscape
Cybersecurity Definitions and Academic Landscape Balkrishnan Dasarathy, PhD Program Director, Information Assurance Graduate School University of Maryland University College (UMUC) Email: Balakrishnan.Dasarathy@umuc.edu
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationSSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.
SSL-TLS VPN 3.0 Certification Report For: Array Networks, Inc. Prepared by: ICSA Labs 1000 Bent Creek Blvd., Suite 200 Mechanicsburg, PA 17050 USA http://www.icsalabs.com SSL-TLS VPN 3.0 Certification
More informationINFORMATION TECHNOLOGY
INFORMATION TECHNOLOGY Scope These program criteria apply to Information Technology, Computer Engineering Technology, and specialities therein, such as computer programming, computer systems analysis,
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software powered by Calibrate www.medallionlearning.com
More informationFBLA Cyber Security aligned with Common Core 6.14. FBLA: Cyber Security RST.9-10.4 RST.11-12.4 RST.9-10.4 RST.11-12.4 WHST.9-10.4 WHST.11-12.
Competency: Defend and Attack (virus, spam, spyware, Trojans, hijackers, worms) 1. Identify basic security risks and issues to computer hardware, software, and data. 2. Define the various virus types and
More informationCESG Certification of Cyber Security Training Courses
CESG Certification of Cyber Security Training Courses Supporting Assessment Criteria for the CESG Certified Training (CCT) Scheme Portions of this work are copyright The Institute of Information Security
More informationInformation Technology Branch Access Control Technical Standard
Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationTop-Down Network Design
Top-Down Network Design Chapter Five Designing a Network Topology Copyright 2010 Cisco Press & Priscilla Oppenheimer Topology A map of an internetwork that indicates network segments, interconnection points,
More informationSecuring the Cloud through Comprehensive Identity Management Solution
Securing the Cloud through Comprehensive Identity Management Solution Millie Mak Senior IT Specialist What is Cloud Computing? A user experience and a business model Cloud computing is an emerging style
More informationThe Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions
The Weakest Link : Securing large, complex, global Oracle ebusiness Suite solutions Radomir Vranesevic Director and IT Architect Oracle Certified Master, CISSP Fusion Professionals 1 Agenda Introduction
More informationBuilding A Secure Microsoft Exchange Continuity Appliance
Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building
More informationConfiguring User Identification via Active Directory
Configuring User Identification via Active Directory Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be User Identification Overview User Identification allows you to create security policies based
More informationCERN, Information Technology Department alberto.pace@cern.ch
Identity Management Alberto Pace CERN, Information Technology Department alberto.pace@cern.ch Computer Security The present of computer security Bugs, Vulnerabilities, Known exploits, Patches Desktop Management
More informationMCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring
MCSA Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange
More informationMS-55096: Securing Data on Microsoft SQL Server 2012
MS-55096: Securing Data on Microsoft SQL Server 2012 Description The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationRaising Awareness of Issues by Adapting the NIST IT Security Services Model to E-Business Systems. Robert L. Probert, Victor Sawma¹
E-Commerce Security Raising Awareness of Issues by Adapting the NIST IT Security Services Model to E-Business Systems Robert L. Probert, Victor Sawma¹ School of Information Technology and Engineering University
More informationEnsuring the Security of Your Company s Data & Identities. a best practices guide
a best practices guide Ensuring the Security of Your Company s Data & Identities Symplified 1600 Pearl Street, Suite 200» Boulder, CO, 80302» www.symplified.com» @Symplified Safe and Secure Identity Management
More informationCASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES
CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES PROTECTIVE MONITORING SERVICE In a world where cyber threats are emerging daily, often from unknown sources, information security is something
More informationDIGIPASS Authentication for Citrix Access Gateway VPN Connections
DIGIPASS Authentication for Citrix Access Gateway VPN Connections With VASCO Digipass Pack for Citrix 2006 VASCO Data Security. All rights reserved. Page 1 of 31 Integration Guideline Disclaimer Disclaimer
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2008 Vol. 7 No. 7, September-October 2008 Applications At Your Service Mahesh H. Dodani, IBM,
More informationExtended Package for Mobile Device Management Agents
Extended Package for Mobile Device Management Agents 31 December 2014 Version 2.0 REVISION HISTORY Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 February 2014 Typographical changes
More informationMarimba Client and Server Management from BMC Software Release 6.0.3
Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...
More information000-609. IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>>
000-609 IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP Version: Demo Page 1. Which of the following is an advantage of using WS-Security instead of SSL? A. Provides assured message
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationMCSE Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring
MCSE Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange
More informationSecurity Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing
More informationData Security and Governance with Enterprise Enabler
Copyright 2014 Stone Bond Technologies, L.P. All rights reserved. The information contained in this document represents the current view of Stone Bond Technologies on the issue discussed as of the date
More information