Integration of Information Assurance (IA) into DoDAF Architectures. Annual Computer Security Applications Conference (ACSAC 04) 8 December 2004
|
|
- Arabella Brooks
- 8 years ago
- Views:
Transcription
1 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 1 Integration of Information Assurance (IA) into DoDAF Architectures Annual Computer Security Applications Conference (ACSAC 04) 8 December 2004 Edward Rodriguez Booz Allen Hamilton
2 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 2 Agenda Enterprise Architecture Overview Problem Statement & Solution Approach Candidate Techniques to Integrate IA into DoDAF architectures Final Thoughts
3 Architecture Defined "An architecture is the fundamental organization of a system embodied in its components, their relationships to each other, and to the environment, and the principles guiding its design and evolution. IEEE STD Architecture = Structure Structure of of Components Components Relationships Relationships + + Principles Principles & Guidelines Guidelines Slide courtesy of The MITRE Corporation Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 3
4 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 4 Purpose of the Enterprise Architecture Inform, guide, and constrain decisions for the enterprise Specifically: Capture facts in an understandable way to promote better planning and decision making (IT investments) Promote better communication (architectural views) Improve consistency, accuracy, timeliness, integrity, quality of information Achieve economies of scale, re-use, standardization, collaboration, shared services Expedite integration of legacy, transition, target systems Ensure legal and regulatory compliance
5 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 5 These Frameworks Are Focused on the Commercial, DoD/IC, and Federal Domains Zachman Framework Planner s View Owner s View Designer s View Builder s View Sub- Contractors View Data Function Network People Time Motivation List of Locations List of Things List of Processes the List of Organizations Important to Business Important to Business Business Performs Important to Business Entity=Class of Function=Class of Node=Major Business Business Thing Business Process Agent=Major Org Unit Location e.g., Function Flow e.g., Entity e.g., Logistics Network e.g., Organization Diagram Relationship e.g., Entity Chart Diagram Relationship Diagram Node=Business Location Ent=Business Entity Link=Business Agent=Org Unit Function=Business Rel=Business Ent=Business Rule Entity Linkage Work=Work Product Process Rel=Business Rule e.g., Data Model e.g., Human Interface e.g., Data Flow Diagram e.g., Distributed Architecture System Architecture Analyst Engineer Secretary Entity=Data Entity Funct=Appl Function Node=Info Sys Funct Relationship= Data Agent=Role Arg=User Views Link=Line Char Relationship Work=Deliverable e.g., Human/ e.g., Data Design e.g., Structure Chart e.g., System Technology Interface Architecture Analyst Engineer Secretary Entity=Segment/Row Funct=Computer Funct Node=Hardware/ Relationship=Pointer/ Arg=Screen/Device System Software Agent=User Key Formats Link=Line Specification Work=Job e.g., Data Definition e.g., Program e.g., Network e.g., Security Description Architecture Architecture Ent=Fields Funct=Language Stmts Node=Addresses Agent=Identity Rel=Addresses Arg=Control Blocks Link=Protocols Work=Transaction List of Events Significant to Business Time=Major Business Event e.g., Master Schedule Time= Business Event Cycle=Business Cycle e.g., Processing Structure Time=System Event Cycle=Processing Cycle e.g., Control Structure Time=Execute Cycle=Component Cycle e.g., Timing Definition Time=Interrupt Cycle=Machine Cycle List of Business Goals/Strategies End/Means=Major Business Goal/CSF e.g., Business Plan End=Business Objectives Means=Business Strategy Applicable View Applicable View Applicable View All Views All Views All Views All Views All Views All Views Technical Technical Technical Technical Technical Technical DoD Architecture Framework (DoDAF) e.g., Knowledge Architecture End=Criterion Means=Option e.g., Knowledge Design End=Condition Means=Action e.g., Knowledge Definition End=Subcondition Means=Step Framework Product Framework Product Framework Product AV-1 AV-1 AV-1 AV-2 AV-2 AV-2 OV-1 OV-1 OV-1 OV-2 OV-2 OV-2 OV-3 OV-3 OV-3 OV-4 OV-4 OV-4 OV-5 OV-5 OV-5 OV-6a, b, c OV-6a, b, c OV-6a, b, c OV-7 OV-7 OV-7 SV-1 SV-1 SV-1 SV-2 SV-2 SV-2 SV-3 SV-3 SV-3 SV-4 SV-4 SV-4 SV-5 SV-5 SV-5 SV-6 SV-6 SV-6 SV-7 SV-7 SV-7 SV-8 SV-8 SV-8 SV-9 SV-9 SV-9 SV-10a, b, c SV-10a, b, c SV-10a, b, c SV-11 SV-11 SV-11 TV-1 TV-1 TV-1 TV-2 TV-2 TV-2 Framework Product Name Framework Product Name Framework Product Name Overview and Summary Information Overview and Summary Information Overview and Summary Information Integrated Dictionary Integrated Dictionary Integrated Dictionary High-Level Concept Graphic High-Level Concept Graphic High-Level Concept Graphic Node Connectivity Description Node Connectivity Description Node Connectivity Description Information Exchange Matrix Information Exchange Matrix Information Exchange Matrix Organizational Relationships Chart Organizational Relationships Chart Organizational Relationships Chart Activity Model Activity Model Activity Model Activity Sequence and Timing Descriptions Activity Sequence and Timing Descriptions Activity Sequence and Timing Descriptions Logical Data Model Logical Data Model Logical Data Model Interface Description Interface Description Interface Description Communications Description Communications Description Communications Description - Matrix - Matrix - Matrix Functionality Description Functionality Description Functionality Description Activity to Function Traceability Matrix Activity to Function Traceability Matrix Activity to Function Traceability Matrix Data Exchange Matrix Data Exchange Matrix Data Exchange Matrix Performance Parameters Matrix Performance Parameters Matrix Performance Parameters Matrix Evolution Description Evolution Description Evolution Description Technology Forecast Technology Forecast Technology Forecast Functionality Sequence and Timing Descriptions Functionality Sequence and Timing Descriptions Functionality Sequence and Timing Descriptions Physical Schema Physical Schema Physical Schema Technical Standards Profile Technical Standards Profile Technical Standards Profile Technical Standards Forecast Technical Standards Forecast Technical Standards Forecast Federal Enterprise Architecture Framework (FEAF)
6 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 6 DoDAF Overview Technical
7 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 7 DoDAF Architecture Views DOD Large & Small Businesses Standards APIs ANSI X12 ICs EDIFACT HL7 XML HTML Proprietary (rare) Warfighters Congress Services & Agencies Infrastructure Services JTA IT Standards View View EAI/ETL Data Repositories GCSS-AF Functional Functional (operational) (operational) requirements requirements Processes Processes and and relationships relationships Information Information needs needs (content, (content, form, form, protection) protection) User User functions functions Performance Performance bounds bounds Applications Perimeter Security Mechanisms Smart Firewall Card VPN COTS Products DII COE View View System System functional functional descriptions descriptions System System interfaces interfaces and and connections connections Operations-to Operations-to to system system traceability traceability Technical Technical View View Technical Technical Architecture Architecture Profile Profile Standards Standards and and Technology Technology Forecast Forecast
8 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 8 Problem Statement DoD System Development Efforts Require Development Of DoDAF Architecture Early in the Life Cycle + Secure systems are developed most effectively by considering & integrating security early in the development life cycle How do you integrate security architecture guidance into C4ISR/DoDAF architectural products?
9 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 9 Approach to Solving Problem How do you integrate security architecture guidance into C4ISR/DoDAF architectural products? What best practices exist that address the integration of Information Assurance (IA) into C4ISR/DoDAF architectures? If best practices do not exist, develop candidate strategies for integrating IA into C4ISR/DoDAF architectures.
10 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 10 Approach to Solving Problem Search for examples of efforts to integrate IA into C4ISR/DoDAF compliant architectures in public domain Search for guidance from DoDAF and C4ISR architecture government documentation Intra-company & community search for feedback on this topic Draw from personal exposure to assignments related to C4ISR/DoDAF products
11 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 11 Initial Findings Very limited information found via Web searches In some instances IA is important but that was all Search through DoDAF also yielded limited information/guidance OV-2/3: Security/IA attributes included for needlines TV-1: Inclusion of Security/IA standards OV6b/c: Capture security activities & events
12 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 12 Initial Findings (cont.) One approach was to develop stand-alone narrative documents that describe the application of security services to the architecture and the identification of security oriented components Not integrated into DoDAF framework Another employed approach was to identify some security services (SV-4), some limited OV-5 activities, and some security components (SV-1/2) One framework, TEAF (Treasury Enterprise Architecture Framework), includes some security constructs
13 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 13 So the question remains Applicable Applicable View Applicable View View All All Views All Views Views All All Views All Views Views Technical Technical Technical Technical Technical Technical Framework Framework Product Framework Product Product AV-1 AV-1 AV-1 AV-2 AV-2 AV-2 OV-1 OV-1 OV-1 OV-2 OV-2 OV-2 OV-3 OV-3 OV-3 OV-4 OV-4 OV-4 OV-5 OV-5 OV-5 OV-6a, OV-6a, b, c OV-6a, b, b, cc OV-7 OV-7 OV-7 SV-1 SV-1 SV-1 SV-2 SV-2 SV-2 SV-3 SV-3 SV-3 SV-4 SV-4 SV-4 SV-5 SV-5 SV-5 SV-6 SV-6 SV-6 SV-7 SV-7 SV-7 SV-8 SV-8 SV-8 SV-9 SV-9 SV-9 SV-10a, SV-10a, b, b, c SV-10a, b, cc SV-11 SV-11 SV-11 TV-1 TV-1 TV-1 TV-2 TV-2 TV-2 Framework Framework Product Name Framework Product Product Name Name Overview Overview and Summary Information Overview and and Summary Summary Information Information Integrated Integrated Dictionary Integrated Dictionary Dictionary High-Level High-Level Concept Graphic High-Level Concept Concept Graphic Graphic Node Connectivity Description Node Node Connectivity Connectivity Description Description Information Exchange Matrix Information Information Exchange Exchange Matrix Matrix Organizational Organizational Relationships Chart Organizational Relationships Relationships Chart Chart Activity Model Activity Activity Model Model Activity Sequence and Timing Descriptions Activity Activity Sequence Sequence and and Timing Timing Descriptions Descriptions Logical Logical Data Model Logical Data Data Model Model Interface Description Interface Interface Description Description Communications Description Communications Communications Description Description - - Matrix - Matrix Matrix Functionality Functionality Description Functionality Description Description Activity Activity to to Function Function Traceability Traceability Matrix Activity to Function Traceability Matrix Matrix Data Data Exchange Exchange Matrix Data Exchange Matrix Matrix Performance Performance Parameters Parameters Matrix Performance Parameters Matrix Matrix Evolution Evolution Description Evolution Description Description Technology Technology Forecast Technology Forecast Forecast Functionality Functionality Sequence Sequence and and Timing Timing Descriptions Functionality Sequence and Timing Descriptions Descriptions Physical Physical Schema Physical Schema Schema Technical Technical Standards Standards Profile Technical Standards Profile Profile Technical Technical Standards Standards Forecast Technical Standards Forecast Forecast + =?
14 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 14 Proposed Practices for IA Integration into C4ISR/DoDAF Architectures Definition of IA influenced SV-4 hierarchy System Functions Inclusion of IA activities at the Context level for the OV-5 Extension of DoDAF to include a SV-12 Use of IA narrative documentation Activities Security Overlay System View Standalone Documentation
15 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 15 IA Influenced SV-4 Hierarchy The DoD Information Assurance Technical Framework (IATF) construct for Defense in Depth (DiD) used to organize the required functions Defend the Network & Infrastructure Defend the Enclave Boundary Defend the Computing Environment Supporting Infrastructures Foundational Information Assurance (IA) Security Management Mission Information Assurance (IA)
16 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 16 IA Influenced OV-5 Construct Inclusion of IA activities at the Context level Major Activity 1 Influenced by the three major groups of users End user (focused on core mission) Security manager System manager / Privileged users Major Activity 2 Candidate grouping of activities Prevent Unauthorized Disclosure Prevent Unauthorized Modifications Manage User Access Maintain Secure Operations Perform IA
17 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 17 Extension of DoDAF to include a SV-12 DoDAF allows the definition of additional views SV-12, Security Overlay, is a supplemental view focused on IA specific characteristics of the system Uses only data elements currently defined by existing System Views Allow a security oriented view consistent with the rest of the DoDAF architecture Initially performed via Powerpoint Engineering Not an integrated architecture approach Therefore, arguably, not in compliance with DoD direction/guidance regarding the development of integrated architectures
18 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 18 Notional SV-12 User Login E-Business Public Node E-Business Backend Node Portal Web Server Application Server Business Infrastructure XYZ Corporate Server SV-1 View provides a perspective associated with the physical dimension of the system
19 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 19 Notional SV-12 User Login Authentication E-Business Public Node E-Business Backend Node Portal Authorization Business Infrastructure Web Server XYZ Application Server Corporate Server Data Store Access SV-4 functions used to accomplish a particular security related activity are overlay on the system elements where the functions are executed For some security functionality, it matters where the function is performed
20 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 20 Notional SV-12 User Login Authentication E-Business Public Node E-Business Backend Node Portal Authorization Business Infrastructure Web Server XYZ Application Server Corporate Server Data Store Access SV-4 data flows specifically used by the selected functions to accomplish the particular security related activity are added Where functions are fairly complex, it is important to define specific data flows Note: sequencing information not included Separate SV-10c diagram required
21 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 21 SV-12 Usage Useful to create views for the various topics that Certification and Accreditation (C&A) staff require information and knowledge on Authentication Login for General Users Login for Privileged Users System auditing Etc. Powerful to discuss these topics with artifacts that are consistent and integrated with the overall architecture and underlying data models Also helps to explain how the security requirements are to be met Refinement of SV-12 concept likely as feedback from various stakeholders is received and lessons learned applied
22 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 22 Use of IA Narrative Documentation Narrative documentation may still be required for those stakeholders that are uncomfortable with C4ISR/DoDAF views May be required to support C&A documentation requirements Nonetheless, opportunity to couple Security documents (e.g., Security CONOPS) to key C4ISR artifacts
23 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 23 Final Thoughts Why hasn t Security Been More Integrated Into Enterprise Architecture Frameworks? Historically, security awareness has lagged behind emphasis on functionality and performance The importance / business value of security is not easily quantifiable How do you calculate ROI? Other possible hypotheses Limited input by the security community in regards to what is important to capture from an architectural perspective Limited input by the security community in regards to how to capture what is important within the existing architectural frameworks
24 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 24 Final Thoughts Just a few steps to hopefully move DoDAF community in a constructive direction in the area of integrating IA into C4ISR/DoDAF architectures If security knowledgeable professionals don t actively seek out opportunities to integrate the IA dimension into main stream system engineering processes then it won t naturally happen These ideas are not the product of any one individual, so thanks and acknowledgements are due: Tom Vander Vlis Barry Lewis Frank Kroll
25 Copyright (c) 2004 Booz Allen Hamilton. All rights reserved 25 Thanks Ed Rodriguez Senior Associate Booz Allen Hamilton Tel (301)
ARCHITECTURE DESIGN OF SECURITY SYSTEM
Trakia Journal of Sciences, Vol. 8, No. 3, pp 77-82, 2010 Copyright 2009 Trakia University Available online at: http://www.uni-sz.bg ISSN 1313-7050 (print) ISSN 1313-3551 (online) Review ARCHITECTURE DESIGN
More informationService Oriented Architectures Using DoDAF1
1 Service Oriented Architectures Using DoDAF1 Huei-Wan Ang, Fatma Dandashi, Michael McFarren The Mitre Corporation The MITRE Corp. 7515 Colshire Dr. McLean, VA 22102 hwang(at)mitre.org, dandashi(at)mitre.org,
More informationDoD Architecture Framework Version 1.5
DoD Architecture Framework Version 1.5 Technical Standards View Systems/Services View Operational View All View Core Architecture Data Model Volume II: Product Descriptions 23 April 2007 SECTION TABLE
More informationA COMPARISON OF ENTERPRISE ARCHITECTURE FRAMEWORKS
A COMPARISON OF ENTERPRISE ARCHITECTURE FRAMEWORKS Lise Urbaczewski, Eastern Michigan University, lurbacze@emich.edu Stevan Mrdalj, Eastern Michigan University, smrdalj@emich.edu ABSTRACT An Enterprise
More informationFederal Enterprise Architecture Using EA to Design Future-Ready Agencies and Implement Shared Services
Federal Enterprise Architecture Using EA to Design Future-Ready Agencies and Implement Shared Services Scott A. Bernard, Ph.D. Scott_Bernard@omb.eop.gov Federal Chief Enterprise Architect Executive Office
More informationEnterprise-Wide Audit-Data Management
Enterprise-Wide Audit-Data Management Enterprise Security Management Special Program Office (NSA/I5E) Lloyd E Lutz Jr Booz Allen Hamilton 27 October 2009 1 Enterprise Security Management Overview Enterprise
More informationSOA FOUNDATION DEFINITIONS
SOA FOUNDATION DEFINITIONS SOA Blueprint A structured blog by Yogish Pai The SOA foundation components are illustrated in the figure below. Figure 1: SOA Foundation Business Architecture Business architecture
More informationModelling the Management of Systems Engineering Projects
AEROSPACE CONCEPTS Modelling the Management of Systems Engineering Projects Daniel Spencer Shaun Wilson Aerospace Concepts Pty Ltd www.concepts.aero 28 November 2012 Model-Based Systems Engineering Symposium
More informationUS Department of Education Federal Student Aid Integration Leadership Support Contractor January 25, 2007
US Department of Education Federal Student Aid Integration Leadership Support Contractor January 25, 2007 Task 18 - Enterprise Data Management 18.002 Enterprise Data Management Concept of Operations i
More informationArchitecting the Cloud: Enterprise Architecture Patterns for Cloud Computing
Architecting the Cloud: Enterprise Architecture Patterns for Cloud Computing Prakash C. Rao VP/Chief Architect MMC Ltd Claudia Rose President/BBII Enterprises Faculty: FEAC Institute A tough place to be!
More informationDesign Document Version 0.0
Software Development Templates Design Document Version 0.0 Description of Project DOCUMENT NO: VERSION: CONTACT: EMAIL: Ivan Walsh DATE: 4/13/2004 Distribution is subject to copyright. Design Document
More informationTOGAF TO MODAF MAPPING
A part of BMT in Defence TOGAF TO MODAF MAPPING Reference: C370-EP-01 Date: 9th December 2010 We help deliver complex programmes through the integration of programme management and systems engineering.
More informationEnterprise Architecture Review
Enterprise Architecture Review Arquitectura multivapa mediante Ajax y ORM Héctor Arturo Flórez Fernández * Fecha de recepción: octubre 29 de 2010 Fecha de aceptación: noviembre 23 de 2010 Abstract Enterprise
More informationSuccessful Enterprise Architecture. Aligning Business and IT
Successful Enterprise Architecture Aligning Business and IT 1 Business process SOLUTIONS WHITE PAPER Executive Summary...3 An Integrated Business & IT Infrastructure...3 Benefits to Business and IT Go
More informationData- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc.
Data- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc. May 2012 (Updated) About the Author Gregory G. Jackson is a senior cyber
More informationRT 24 - Architecture, Modeling & Simulation, and Software Design
RT 24 - Architecture, Modeling & Simulation, and Software Design Dennis Barnabe, Department of Defense Michael zur Muehlen & Anne Carrigy, Stevens Institute of Technology Drew Hamilton, Auburn University
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationBackground: Business Value of Enterprise Architecture TOGAF Architectures and the Business Services Architecture
Business Business Services Services and Enterprise and Enterprise This Workshop Two parts Background: Business Value of Enterprise TOGAF s and the Business Services We will use the key steps, methods and
More informationUnderstanding changes to the Trust Services Principles for SOC 2 reporting
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding changes to the Trust Services Principles for SOC 2 reporting
More informationCISSP Common Body of Knowledge Review: Security Architecture & Design Domain Version: 5.10
CISSP Common Body of Knowledge Review: Security Architecture & Design Domain Version: 5.10 CISSP Common Body of Knowledge Review by Alfred Ouyang is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike
More informationLessons Learned in Security Measurement. Nadya Bartol & Brian Bates Booz Allen Hamilton
Lessons Learned in Security Measurement Nadya Bartol & Brian Bates Booz Allen Hamilton Contents Overview Lessons Learned Case Studies Summary Reasons Behind Security Metrics Information security measurement
More informationDisparate Data, Disparate Systems, Disparate User Groups (How to Architect The Enterprise Business Needs) Robert Schork, General Dynamics IT
Disparate Data, Disparate Systems, Disparate User Groups (How to Architect The Enterprise Business Needs) Robert Schork, General Dynamics IT April 27, 2011 2011 Waters North American Trading Architecture
More informationPHASE 5: DESIGN PHASE
PHASE 5: DESIGN PHASE During the Design Phase, the system is designed to satisfy the requirements identified in the previous phases. The requirements identified in the Requirements Analysis Phase are transformed
More informationUS Department of Education Federal Student Aid Integration Leadership Support Contractor June 1, 2007
US Department of Education Federal Student Aid Integration Leadership Support Contractor June 1, 2007 Draft Enterprise Data Management Data Policies Final i Executive Summary This document defines data
More informationEnterprise Architectures Survey of Practices and Initiatives
1 Enterprise Architectures Survey of Practices and Initiatives Frank Lillehagen and Dag Karlsen Computas AS, Norway, fli@computas.com and dk@computas.com ABSTRACT: This paper presents an overview of current
More informationGovernment-wide Enterprise Architecture In KOREA. National Computerization Agency
Government-wide Enterprise Architecture In KOREA Content 1. About NCA 2. Works on Enterprise Architecture 3. Government-wide Enterprise Archtecture Framework 4. Comparison with TOGAF 5. Future Work 2 About
More informationResearch on Framework of Product Health Management Center Based on DoDAF
A publication of CHEMICAL ENGINEERING TRANSACTIONS VOL. 33, 2013 Guest Editors: Enrico Zio, Piero Baraldi Copyright 2013, AIDIC Servizi S.r.l., ISBN 978-88-95608-24-2; ISSN 1974-9791 The Italian Association
More informationArchitecture Modeling Approach for Net-Centric Enterprise Services (C4ISR/C2 Architecture Track)
A Paper submitted to the 10th International Command and Control Research and Technology Symposium "The Future of C2" Architecture Modeling Approach for Net-Centric Enterprise s (C4ISR/C2 Architecture Track)
More informationThe Role of the Software Architect
IBM Software Group The Role of the Software Architect Peter Eeles peter.eeles@uk.ibm.com 2004 IBM Corporation Agenda Architecture Architect Architecting Requirements Analysis and design Implementation
More informationThe Perusal and Review of Different Aspects of the Architecture of Information Security
The Perusal and Review of Different Aspects of the Architecture of Information Security Vipin Kumar Research Scholar, CMJ University, Shillong, Meghalaya (India) Abstract The purpose of the security architecture
More informationFuture Multi-Mission Satellite Operations Centers Based on an Open System Architecture and Compatible Framework
Future Multi-Mission Satellite Operations Centers Based on an Open System Architecture and Compatible Framework GSAW 2014 Thomas J. Sullivan, Aerospace Ground Systems Lab Rico Espindola, MMSOC Flight Operations
More informationDepartment of Defense Information Enterprise Architecture (DoD IEA) Version 2.0
Department of Defense Information Enterprise Architecture (DoD IEA) Version 2.0 Volume I Management Overview of the DoD IEA July 2012 Prepared by: Department of Defense Office of the Chief Information
More informationSoftware Development in the Large!
Software Development in the Large! Peter Eeles Executive IT Architect, IBM peter.eeles@uk.ibm.com IBM Rational Software Development Conference 2007 2007 IBM Corporation Agenda IBM Rational Software Development
More informationCommercial Practices in IA Testing Panel
Commercial Practices in IA Testing Panel March 22, 2001 Albuquerque, New Mexico First Information Assurance Testing Conference Sponsored by: Director, Operational Test and Evaluation Panel Members! Dr.
More informationArchitecture and System Design Issues of Contemporary Web-based Information Systems
> 1 Architecture and System Design Issues of Contemporary Web-based Information Systems B. Molnár, Á. Tarcsi Abstract The rapid changes of information technology led to the proliferation of Web-based Information
More informationGuide to the (Evolving) Enterprise Architecture Body of Knowledge. Draft. 6 February 2004 EABOK. A Project of The MITRE Corporation
Public release approved; distribution unlimited Case No. 04-0104, 04-0105 Guide to the (Evolving) Enterprise Architecture Body of Knowledge Draft 6 February 2004 EABOK A Project of The MITRE Corporation
More informationCore Data Center Reference Architecture
Core Data Center Reference Architecture DoD Enterprise Architecture Conference 2012 Office of the Chief Information Officer Topics Background DoD CIO Vision for Core Data Centers Core Data Center Reference
More informationThe Architecture of a Modern Military Health Information System
The Architecture of a Modern Military Health Information System by Raj j Mukherji, PhD, and Csaba J. Egyhazy, PhD Abstract This article describes a melding of a government-sponsored architecture for complex
More informationStrategic Information Security. Attacking and Defending Web Services
Security PS Strategic Information Security. Attacking and Defending Web Services Presented By: David W. Green, CISSP dgreen@securityps.com Introduction About Security PS Application Security Assessments
More informationA Practical Guide to. Federal Enterprise Architecture
A Practical Guide to Federal Enterprise Architecture Chief Information Officer Council Version 1.0 Preface An enterprise architecture (EA) establishes the Agency-wide roadmap to achieve an Agency s mission
More informationArchitecture Frameworks in System Design: Motivation, Theory, and Implementation
Architecture Frameworks in System Design: Motivation, Theory, and Implementation Matthew Richards Research Assistant, SEARI Daniel Hastings Professor, Engineering Systems Division Professor, Dept. of Aeronautics
More informationImproved Mapping and Modeling of Defense Domain Architectures Backup slides
Improved Mapping and Modeling of Defense Domain Architectures Backup slides Benton Ben K Bovée Senior Enterprise Architect Principal, Patterndigm 26 Apr 2012, 11:15-12:00 DM2 on IDEF0 Slide 2 Reference:
More informationA013 - Final Technical Report SERC-2012-TR-024
Integration of M&S (Modeling and Simulation), Software Design and DoDAF (Department of Defense Architecture Framework (RT 24) A013 - Final Technical Report SERC-2012-TR-024 Principal Investigator Dr. Michael
More informationSystem Requirements Specification (SRS) (Subsystem and Version #)
of the (Subsystem and Version #) () (Document Revision Number) Contract (No.) Task (No.) GSA Contract (No.) Prepared for: The United States Department of Agriculture Food & Nutrition Service (FNS)/ Information
More informationAn Overview of Enterprise Architecture Framework Deliverables
An Overview of Enterprise Architecture Framework Deliverables A study of existing literature on architectures Frank Goethals - SAP-leerstoel Abstract: A number of enterprise architecture frameworks do
More informationEnterprise SOA Strategy, Planning and Operations with Agile Techniques, Virtualization and Cloud Computing
Enterprise SOA Strategy, Planning and Operations with Agile Techniques, Virtualization and Cloud Computing Presented by : Ajay Budhraja, Chief, Enterprise Services ME (Engg), MS (Mgmt), PMP, CICM, CSM,
More informationIT2404 Systems Analysis and Design (Compulsory)
Systems Analysis and Design (Compulsory) BIT 1 st YEAR SEMESTER 2 INTRODUCTION This is one of the 4 courses designed for Semester 1 of Bachelor of Information Technology Degree program. CREDITS: 04 LEARNING
More informationA pragmatic approach to modeling large systems
Theodore Kahn Ian Sturken NASA Ames Research Center Moffett Field, CA NASA/Army Systems and Software Engineering Forum May 11 & 12, 2010 University of Alabama, Huntsville theodore.e.kahn@nasa.gov ian.b.sturken@nasa.gov
More informationGovernment of Canada Directory Services Architecture. Presentation to the Architecture Framework Advisory Committee November 4, 2013
Government of Canada Directory Services Architecture Presentation to the Architecture Framework Advisory Committee November 4, 2013 1 Agenda TIME TOPICS PRESENTERS 9:00 9:15 Opening Remarks Objective for
More informationPractice Overview. REQUIREMENTS DEFINITION Issue Date: <mm/dd/yyyy> Revision Date: <mm/dd/yyyy>
DEPARTMENT OF HEALTH AND HUMAN SERVICES ENTERPRISE PERFORMANCE LIFE CYCLE FRAMEWORK PRACTIICES GUIIDE REQUIREMENTS DEFINITION Issue Date: Revision Date: Document
More informationInternal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.
Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms
More informationUsing EAI in the Defense Integrated Military Human Resources System
Using EAI in the Defense Integrated Military Human Resources System COL Lawrence Sweeney, USAF DIMHRS Joint Program Manager SPAWAR ITC University of New Orleans Research and Technology Park Agenda DIMHRS
More informationProject Type Guide. Project Planning and Management (PPM) V2.0. Custom Development Version 1.1 January 2014. PPM Project Type Custom Development
Project Planning and Management (PPM) V2.0 Project Type Guide Custom Development Version 1.1 January 2014 Last Revision: 1/22/2014 Page 1 Project Type Guide Summary: Custom Development Custom software
More informationThe following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
More information8. Master Test Plan (MTP)
8. Master Test Plan (MTP) The purpose of the Master Test Plan (MTP) is to provide an overall test planning and test management document for multiple levels of test (either within one project or across
More informationEnterprise Architecture (EA) is the blueprint
SETLabs Briefings VOL 6 NO 4 2008 Building Blocks for Enterprise Business Architecture By Eswar Ganesan and Ramesh Paturi A unified meta-model of elements can lead to effective business analysis Enterprise
More informationDeveloping an Enterprise Architecture
21234 21234 21234 21234 21234 21234 21234 21234 21234 21234 21234 21234 21234 BUSINESS PROCESS TRENDS 21234 21234 21234 WHITEPAPER January 2003 Author: Paul Harmon Executive Editor Process Trends Developing
More informationEnterprise Management Solutions Protection Profiles
Enterprise Management Solutions Protection Profiles Eric Winterton, Booz Allen Hamilton Joshua Brickman, CA Inc. September 2008 Copyright 2008 CA, Inc. and Booz Allen Hamilton. All rights reserved. All
More informationCORPORATE CAPABILITIES. DOD RDT&E Services Enterprise Architecture & Portfolio Management Training & Logistics
CORPORATE CAPABILITIES DOD RDT&E Services Enterprise Architecture & Portfolio Management Training & Logistics Droidan is a Certified 8(a), Minority, Veteran-Owned Small Business providing professional
More informationSABSA A Brief Introduction
SABSA A Brief Introduction Mark Battersby 2013-05-15 Agenda SABSA Overview SABSA Security Architecture SABSA Security Architecture Matrix Operational Security Architecture Matrix SABSA Business Attributes
More informationPractical meta data solutions for the large data warehouse
K N I G H T S B R I D G E Practical meta data solutions for the large data warehouse PERFORMANCE that empowers August 21, 2002 ACS Boston National Meeting Chemical Information Division www.knightsbridge.com
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationAdventures in Estimating Open Source, Component Systems, Agile, and SOA Projects
Open Source, Component Systems, Agile, and SOA Projects Terry Vogt Lead Associate Booz Allen Hamilton Sept 13, 2011 Ready for what s next 1 Booz Allen Hamilton 1 Agenda Background Open Source Component
More informationDesign Specification for IEEE Std 1471 Recommended Practice for Architectural Description IEEE Architecture Working Group 0 Motivation
Design Specification for IEEE Std 1471 Recommended Practice for Architectural Description IEEE Architecture Working Group 0 Motivation Despite significant efforts to improve engineering practices and technologies,
More informationSACWIS PLANNING FOR DEPARTMENT OF HUMAN SERVICES DRAFT - STRATEGIC IMPLEMENTATION PLAN: MILESTONES & TIMELINES FOR A FULL IMPLEMENTATION
STATE OF MICHIGAN SACWIS PLANNING FOR DEPARTMENT OF HUMAN SERVICES DRAFT - STRATEGIC IMPLEMENTATION PLAN: MILESTONES & TIMELINES FOR A FULL IMPLEMENTATION September 13, 2010 DRAFT -Strategic Plan: Key
More informationJOURNAL OF OBJECT TECHNOLOGY
JOURNAL OF OBJECT TECHNOLOGY Online at http://www.jot.fm. Published by ETH Zurich, Chair of Software Engineering JOT, 2008 Vol. 7, No. 8, November-December 2008 From The Business Motivation Model (BMM)
More informationDepartment of Defense End-to-End Business Process Integration Framework
Department of Defense End-to-End Business Process Integration Framework May 17, 2013 Table of Contents 1 Overview... 3 2 End-to-End Business Processes... 6 3 Applying the End-to-End Framework to the DoD
More informationThe Cornwell Enterprise Architecture Maturity Dashboard
The Cornwell Enterprise Architecture Maturity Dashboard Ian Bailey This paper outlines Cornwell s approach to assessing the maturity of an organisation s Enterprise Architecture. The method uses standard
More informationHow To Develop An Enterprise Architecture
OSI Solution Architecture Framework Enterprise Service Center April 2008 California Health and Human Services Agency Revision History REVISION HISTORY REVISION/WORKSITE # DATE OF RELEASE OWNER SUMMARY
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationFor <Project> Version 1.0
Oklahoma Department of Human Services Data Services Division Service-Oriented Architecture (SOA) For Version 1.0 Table of Contents 1. Service Oriented Architecture (SOA) Scope...
More informationDoDAF Work Products Adapted for the Federal Enterprise Architecture Framework
DoDAF Work Products Adapted for the Federal Enterprise Architecture Framework 1 Context During the past decade the Federal government has identified effective management practices that have been incorporated
More informationA Design Technique: Data Integration Modeling
C H A P T E R 3 A Design Technique: Integration ing This chapter focuses on a new design technique for the analysis and design of data integration processes. This technique uses a graphical process modeling
More informationER/Studio Enterprise Portal 1.0.2 User Guide
ER/Studio Enterprise Portal 1.0.2 User Guide Copyright 1994-2008 Embarcadero Technologies, Inc. Embarcadero Technologies, Inc. 100 California Street, 12th Floor San Francisco, CA 94111 U.S.A. All rights
More informationEnterprise Architecture Modeling PowerDesigner 16.1
Enterprise Architecture Modeling PowerDesigner 16.1 Windows DOCUMENT ID: DC00816-01-1610-01 LAST REVISED: November 2011 Copyright 2011 by Sybase, Inc. All rights reserved. This publication pertains to
More informationRETRATOS: Requirement Traceability Tool Support
RETRATOS: Requirement Traceability Tool Support Gilberto Cysneiros Filho 1, Maria Lencastre 2, Adriana Rodrigues 2, Carla Schuenemann 3 1 Universidade Federal Rural de Pernambuco, Recife, Brazil g.cysneiros@gmail.com
More informationAutomating Attack Analysis Using Audit Data. Dr. Bruce Gabrielson (BAH) CND R&T PMO 28 October 2009
Automating Attack Analysis Using Audit Data Dr. Bruce Gabrielson (BAH) CND R&T PMO 28 October 2009 2 Introduction Audit logs are cumbersome and traditionally used after the fact for forensics analysis.
More informationHow To Understand The Role Of Enterprise Architecture In The Context Of Organizational Strategy
Enterprise Architecture in the Context of Organizational Strategy Sundararajan Vaidyanathan Senior Enterprise Architect, Unisys Introduction The Presidential Management Agenda (PMA) 1 is geared towards
More informationIntroduction to the Analysis and Management Framework
Introduction to the Analysis and Management Framework Project Team: Don Kranz, Tom Gullion, Neal Saito, Gary Marchiny Project Monitor: Steve Husty 1 Agenda Problem Space The NASA IV&V AMF N Tier Architectures
More informationThe Information Assurance Process: Charting a Path Towards Compliance
The Information Assurance Process: Charting a Path Towards Compliance A white paper on a collaborative approach to the process and activities necessary to attain compliance with information assurance standards.
More informationSoftware Design Document (SDD) Template
(SDD) Template Software design is a process by which the software requirements are translated into a representation of software components, interfaces, and data necessary for the implementation phase.
More informationThe Bureau of the Fiscal Service. Privacy Impact Assessment
The Bureau of the Fiscal Service Privacy Impact Assessment The mission of the Bureau of the Fiscal Service (Fiscal Service) is to promote the financial integrity and operational efficiency of the federal
More informationProject Management Planning
Develop Project Tasks One of the most important parts of a project planning process is the definition of activities that will be undertaken as part of the project. Activity sequencing involves dividing
More informationEnterprise Security Architecture
Enterprise Architecture -driven security April 2012 Agenda Facilities and safety information Introduction Overview of the problem Introducing security architecture The SABSA approach A worked example architecture
More informatione-gateway SOLUTION OVERVIEW Financials HCM ERP e-gateway Web Applications Mobile Devices SharePoint Portal
e-gateway SOLUTION OVERVIEW In an effort to manage mission critical information better, perform their daily tasks more efficiently, share information to key stakeholders more effectively, and ensure that
More informationDepartment of Defense INSTRUCTION. SUBJECT: Information Assurance (IA) in the Defense Acquisition System
Department of Defense INSTRUCTION NUMBER 8580.1 July 9, 2004 SUBJECT: Information Assurance (IA) in the Defense Acquisition System ASD(NII) References: (a) Chapter 25 of title 40, United States Code (b)
More informationRole of Reference Architectures
Role of Reference Architectures Steven J. Ring sring@mitre.org Principal Information Engineer Enterprise Architecture Certificate, NDU Chief Information Officer Certificate, NDU March 5, 2015 MITRE Approved
More informationCommon Operating Environment (COE) and Global Information Grid (GIG) Enterprise Services (GES) Mr. Rob Walker 24 September 2003
Common Operating Environment (COE) and Global Information Grid (GIG) Enterprise (GES) Mr. Rob Walker 24 September 2003 Common Operating Environment COE is mission-application independent - A basis for
More informationConcept of Operations for Line of Business Initiatives
Concept of Operations for Line of Business Initiatives Version 1.0 Office of E-Gov and IT, OMB March 2006 Table of Contents FOREWORD...2 1 OBJECTIVES OF THE LINES OF BUSINESS CONCEPT OF OPERATIONS...3
More informationPractitioner Certificate in Information Assurance Architecture (PCiIAA)
Practitioner Certificate in Information Assurance Architecture (PCiIAA) 15 th August, 2015 v2.1 Course Introduction 1.1. Overview A Security Architect (SA) is a senior-level enterprise architect role,
More informationGovernment's Adoption of SOA and SOA Examples
Government's Adoption of SOA and SOA Examples Presented by : Ajay Budhraja, Chief of Enterprise Services ME (Engg), MS (Management), PMP, CICM, CSM, ECM (Master) AIIM, ITIL-F Copyright 2008 Ajay Budhraja
More informationImproving your Data Warehouse s IQ
Improving your Data Warehouse s IQ Derek Strauss Gavroshe USA, Inc. Outline Data quality for second generation data warehouses DQ tool functionality categories and the data quality process Data model types
More informationGround Systems Architectures Workshop (GSAW) 2011
Ground Systems Architectures Workshop (GSAW) NASA Space Network (SN) Ground Segment Sustainment (SGSS) Architecture based on DoD Architecture Framework Alan Jeffries (Jeffries Technology Solutions, Inc)
More informationA Process for Evaluating and Selecting a Development Environment. Jim Odrowski ComponentWave, Inc. jodrowski@componentwave.com
A Process for Evaluating and Selecting a Development Environment Jim Odrowski ComponentWave, Inc. jodrowski@componentwave.com Abstract This paper describes experiences in evaluating and selecting integrated
More informationCase Study EPA. Agency-Wide Governance of Reusable Components
Case Study EPA Agency-Wide Governance of Reusable Components Lico Galindo, PMP IT Specialist Data Standards Branch Office of Environmental Information Case Study EPA: Agency-Wide Governance of Reusable
More informationAccess Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL
AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical
More informationStudent Background Personal Background & Learning Objectives
Systems Engineering Program (SYSE) Integrated Workshop Portfolio Student Background Personal Background & Learning Objectives Version 1.0 Tam Nguyen 1 The following section describes the student s personal
More informationCOURSE OUTLINE. Track 1 Advanced Data Modeling, Analysis and Design
COURSE OUTLINE Track 1 Advanced Data Modeling, Analysis and Design TDWI Advanced Data Modeling Techniques Module One Data Modeling Concepts Data Models in Context Zachman Framework Overview Levels of Data
More information