Security Enterprise Architecture for Developers

Slide 1

Slide 1 text

Enterprise Security Architecture

Slide 2

Slide 2 text

The Ladder of Inference Argyris, C., 'Overcoming Organizational Defenses: Facilitating Organizational Learning,' 1st Edition, © 1990 confirmation bias Observable and tangible things Adding meaning to the selected data Problem Definition

Slide 3

Slide 3 text

Change the Language About Security From Negative to Positive Security is an enabler of business Value Definition Gartner case study G00270786 Paul Proctor https://www.gartner.com/doc/3072120/new-brunswick- uses-riskadjusted-value Security is aligned with strategic objectives Security helps business by providing trustworthy advice on meeting those objectives.

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

http://blogs.gartner.com/paul-proctor/2013/08/11/no-one-cares-about-your-security-metrics-and-you-are-to-blame/

Slide 6

Slide 6 text

Architecture and Risk Management ● What decision gets made/ action takes place? ● Why? ● When does happen? ● 2 aspects ● Who makes/does it? ● Actors human/machine ● Where?

Slide 7

Slide 7 text

RTIPPA/PIPEDA CASL PCI-DSS OSFI CIP Constraints Sales Cust Support Admins Developers Employees Buy Stuff Option s Select Pay Deliver Name Street Apt Postal Code CHD Customer info https://msdn.microsoft.com/en- us/library/ee823878(v=cs.20).aspx Spoofing Tampering Repudiation Info disclosure Denial of service Elevation of privilege Laws Regulations Contractual Obligations Safety Threats

Slide 8

Slide 8 text

Logical Interface Category 16

Slide 9

Slide 9 text

http://ec.europa.eu/energy/sites/ener/files/documents/xpert_group1_reference_architecture.pdf

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

Legal, regulatory, contractual requirements, organizational policies O u t p u t s I n p u t s Constraints Enablers Requirement s Application Security Physical & Environmenta l Portfolio Management Identity & Access Incident Handling Network Security Strategy & Policy Compliance & Exceptions Cyber Security Management Value Chain Assurance Enterprise Cyber Security Architecture Asset Classification Monitoring & Reporting Platform Security Cyber Security Management Program Human Element Data Security

Slide 12

Slide 12 text

Jamie Rees @securees ca.linkedin.com/in/jamierees