Security Enterprise Architecture for Developers

Enterprise Security Architecture

The Ladder of Inference Argyris, C., 'Overcoming Organizational Defenses: Facilitating
Organizational Learning,' 1st Edition, © 1990 confirmation bias Observable and tangible things Adding meaning to the selected data Problem Definition

Change the Language About Security From Negative to Positive Security
is an enabler of business Value Definition Gartner case study G00270786 Paul Proctor https://www.gartner.com/doc/3072120/new-brunswick- uses-riskadjusted-value Security is aligned with strategic objectives Security helps business by providing trustworthy advice on meeting those objectives.

http://blogs.gartner.com/paul-proctor/2013/08/11/no-one-cares-about-your-security-metrics-and-you-are-to-blame/

Architecture and Risk Management • What decision gets made/ action
takes place? • Why? • When does happen? • 2 aspects • Who makes/does it? • Actors human/machine • Where?

RTIPPA/PIPEDA CASL PCI-DSS OSFI CIP Constraints Sales Cust Support Admins
Developers Employees Buy Stuff Option s Select Pay Deliver Name Street Apt Postal Code CHD Customer info https://msdn.microsoft.com/en- us/library/ee823878(v=cs.20).aspx Spoofing Tampering Repudiation Info disclosure Denial of service Elevation of privilege Laws Regulations Contractual Obligations Safety Threats

Logical Interface Category 16

http://ec.europa.eu/energy/sites/ener/files/documents/xpert_group1_reference_architecture.pdf

Legal, regulatory, contractual requirements, organizational policies O u t p
u t s I n p u t s Constraints Enablers Requirement s Application Security Physical & Environmenta l Portfolio Management Identity & Access Incident Handling Network Security Strategy & Policy Compliance & Exceptions Cyber Security Management Value Chain Assurance Enterprise Cyber Security Architecture Asset Classification Monitoring & Reporting Platform Security Cyber Security Management Program Human Element Data Security

Jamie Rees @securees ca.linkedin.com/in/jamierees

Security Enterprise Architecture for Developers

Security Enterprise Architecture for Developers

Moncton Developer User Group

More Decks by Moncton Developer User Group

Other Decks in Programming

Featured

Transcript

Enterprise Security Architecture

The Ladder of Inference Argyris, C., 'Overcoming Organizational Defenses: Facilitating

Change the Language About Security From Negative to Positive Security

http://blogs.gartner.com/paul-proctor/2013/08/11/no-one-cares-about-your-security-metrics-and-you-are-to-blame/

Architecture and Risk Management • What decision gets made/ action

RTIPPA/PIPEDA CASL PCI-DSS OSFI CIP Constraints Sales Cust Support Admins

Logical Interface Category 16

http://ec.europa.eu/energy/sites/ener/files/documents/xpert_group1_reference_architecture.pdf

Legal, regulatory, contractual requirements, organizational policies O u t p

Jamie Rees @securees ca.linkedin.com/in/jamierees