SlideShare ist ein Scribd-Unternehmen logo

Solution Security Architecture

Alan McSweeney
Alan McSweeney

Solution architects must be aware of the need for solution security and of the need to have enterprise-level controls that solutions can adopt. The sets of components that comprise the extended solution landscape, including those components that provide common or shared functionality, are located in different zones, each with different security characteristics. The functional and operational design of any solution and therefore its security will include many of these components, including those inherited by the solution or common components used by the solution. The complete solution security view should refer explicitly to the components and their controls. While each individual solution should be able to inherit the security controls provided by these components, the solution design should include explicit reference to them for completeness and to avoid unvalidated assumptions. There is a common and generalised set of components, many of which are shared, within the wider solution topology that should be considered when assessing overall solution architecture and solution security. Individual solutions must be able to inherit security controls, facilities and standards from common enterprise-level controls, standards, toolsets and frameworks. Individual solutions must not be forced to implement individual infrastructural security facilities and controls. This is wasteful of solution implementation resources, results in multiple non-standard approaches to security and represents a security risk to the organisation. The extended solution landscape potentially consists of a large number of interacting components and entities located in different zones, each with different security profiles, requirements and concerns. Different security concerns and therefore controls apply to each of these components. Solution security is not covered by a single control. It involves multiple overlapping sets of controls providing layers of security.

Technologie
1 von 1
Downloaden Sie, um offline zu lesen
Solution Security Architecture Zones Security Controls Solution Landscape Individual solutions must be able to inherit security controls, facilities and standards from common enterprise-level controls, standards, toolsets and frameworks. Individual solutions must not be forced to implement individual infrastructural security facilities and controls. This is wasteful of solution implementation resources, results in multiple non-standard approaches to security and represents a security risk to the organisation. Solution architects must be aware of the need for solution security and of the need to have enterprise-level controls that solutions can adopt. The extended solution landscape potentially consists of a large number of interacting components and entities located in different zones, each with different security profiles, requirements and concerns. Different security concerns and therefore controls apply to each of these components. Solution security is not covered by a single control. It involves multiple overlapping sets of controls providing layers of security. Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Design, implement and operate infrastructure, facilities and processes to ensure the availability of the solution, resilience against component failure and recovery in the event of failure Design, implement and operate tools and processes to manage the security aspects of developed, acquired or externally hosted solutions to identify, prevent, detect and resolve security weaknesses and vulnerabilities Design, implement and operate tools and processes to monitor, analyse and report on the usage of a solution and its constituent components including resource consumption and performance Design, implement and operate tools and processes to collect, store, analyse, alert, review audit logs of solution activity events that to facilitate the detection, understanding and recovery from an attack Design, implement and operate tools and processes for the creation, assignment, management and revocation of access credentials and privileges for solution and data access to administrator, user and service accounts Design, implement and operate tools and processes to monitor, analyse, detect and act-on email-based attacks and email vulnerabilities Design, implement and operate tools and processes to prevent the installation, spread, and execution of malicious applications, code or scripts Design, implement and operate tools and processes to manage solution data and establish data backup and recovery including integrity of backup data Design, implement and operate tools and processes to manage and control the infrastructure and software assets that comprise the totality of solutions in order to actively manage those assets Design, implement and operate tools and processes to assign and manage authorisation to and assignment of credentials for service, administrator and user accounts, including administrator accounts Design, implement and operate tools and processes to ensure the security of infrastructure and software assets through active asset inventory management Design, implement and operate tools and processes to monitor network infrastructure, ensuring only authorised software can be installed and run, and provide defense against security threats and attacks Design, implement and operate tools and processes to test solutions and their infrastructure to identify and resolve vulnerabilities and weaknesses in their design, implementation and operation through the simulation of attacks Design, implement and operate tools and processes to monitor, analyse, detect and act-on browser-based attacks and browser vulnerabilities Design, implement and operate tools and processes to initially assess and continually monitor the security arrangements of solution component suppliers and service providers and the components and services they provide Design, implement and operate tools and processes to design, implement, operate and manage the security of network infrastructure and facilities including their vulnerability Design, implement and operate tools and processes to continuously assess and track vulnerabilities on all solution components in order to identify, response to, remediate and minimise attacks Design, implement and operate tools and processes to identify, classify, securely handle, manage access to, manage regulatory compliance, appropriately retain and dispose of solution data Sets Of Security Controls Different Controls Apply To Solution Components Solution Zone Data Zone Workstation Zone Central Solutions and Access Organisation Remote Business Unit Solutions and Access Co-Located Solutions and Access Outsourced Service Provider Solutions and Access Cloud Service Provider Solutions and Access Secure External Organisation Access Insecure External Organisation Presentation And Access Insecure External Organisation Presentation And Access Where publicly accessible or accessing entities reside. These entities are regarded as insecure and/or untrusted. Secure External Organisation Participation and Collaboration Outside the physical organisation boundary where entities that are provided by or to trusted external parties reside Secure External Organisation Participation and Collaboration Secure External Organisation Access Contain entities that enable secure access or are securely accessible from outside the organisation Organisation Contain the entities within the organisation boundary and contains all the locations, business units and functions within it Remote Business Unit Solutions and Access Remotely located organisation business unit or location and the entities it contains Workstation Zone Zone within the organisation where users accessing data and solutions are segregated for security Co-Located Solutions and Access Contains solutions the organisation has located in facilities provided by co-location providers Central Solutions and Access Contains the solution entities and their data Solution Zone Contains the solution entities Data Zone Zone within the organisation where data is segregated for security Outsourced Service Provider Solutions and Access Contains solutions provided by and located in facilities provided by outsourced partners Cloud Service Provider Solutions and Access Contains solutions - platform, infrastructure and service - provided by and located in cloud service providers Solution Components External Data Telemetry Devices External Public Interacting Parties External Data Sources External Telecommand Devices Private Access Groups External Private Interacting Parties Externally Located Employees Mobile Employees Data Access, Exchange and Service Gateway Secure Communications Access Externally Accessible Solutions Publicly Accessible Solutions Business Continuity and Disaster Recovery Network Monitoring Access and Activity Logging Externally Accessible Infrastructure Deployed Solutions Identity, Access and Authentication Internally Accessible Infrastructure Deployed Solutions Internally Accessible Infrastructure Deployed Solutions Data Stores Publicly Accessible Infrastructure Deployed Solutions Anti-Virus, Malware Defense Threat Protection and Vulnerability Checking Cloud Service Provider Connectivity and Access Cloud Service Provider Access and Authentication Externally Accessible Infrastructure Deployed Solutions Data Stores Publicly Accessible Infrastructure Deployed Solutions Data Stores Backup and Recovery Identity, Access and Authentication Mail Solution Unstructured Data Stores Solution Structured Data Stores Solution Access Groups Business Unit Solution Access Group Co-Located Solutions Co-Located Solution Data Stores Co-Location Identity, Access and Authentication Hosted Shared Solutions Hosted Shared Solution Data Stores Hosted Dedicated Solutions Hosted Dedicated Solution Data Stores Internally Accessible Solutions Externally Accessible Platform Deployed Solutions Internally Accessible Platform Deployed Solutions Publicly Accessible Platform Deployed Solutions Externally Accessible Service Deployed Solutions Internally Accessible Service Deployed Solutions Publicly Accessible Service Deployed Solutions Co-Location Provider Connectivity and Access Outsourced Service Provider Connectivity and Access Outsourced Service Provider Access and Authentication Platform Deployed Solutions Data Stores Service Deployed Solutions Data Stores Data sources outside the organisation boundary providing data to the organisation Public solution consumers outside the organisation and outside the control of the organisation Component providing common facilities for identity and access management and consumer authorisation and authentication Component within cloud service provider for secure connectivity and access to cloud-located solutions and data Component within cloud service providing facilities for identity and access management and consumer authorisation and authentication Solutions deployed in an IaaS pattern designed for use within the organisation Devices owned by the organisation in public locations and from which solutions receive data Devices owned by the organisation in public locations and to which solutions send commands Solution consumers external to the organisation and with whom the organisation has a relationship and who may have authenticated access Employees accessing organisation solutions from outside the organisation’s security boundary Employees accessing organisation solutions outside the organisation but within the organisation’s extended security boundary Interaction areas for secure collaboration with third-parties with authenticated access Solutions hosted on organisation on- premises infrastructure that are publicly accessible without authentication Solutions hosted on organisation on- premises infrastructure that are publicly accessible with authentication Facility to allow the access to organisation data and services and to enable the exchange and transfer of data Component that provides common secure communications facilities to solutions Component that provides facilities to log resource accesses, activities and events Provides protection against viruses and other malware Provides facilities to monitor network access, usage and performance Provides protection against vulnerabilities contained in solutions and any components they use or incorporate Organisation email facility Component that provides common secure identity, authentication and access control facilities to solutions Organisation data backup and recovery facility Set of solution consumers located within a separately located business unit Solutions deployed on on-premises infrastructure designed to be used by internal solution consumers Database-oriented data stores for solutions deployed on on-premises infrastructure Document-oriented data stores for solutions deployed on on-premises infrastructure Set of solution consumers located within the central organisation Component that provides common secure business continuity and disaster recovery facilities to solutions Solutions deployed in an IaaS pattern designed for use outside the organisation Data stores for solutions deployed in an IaaS pattern designed for use within the organisation Solutions deployed in a PaaS pattern designed for use within the organisation Data stores for solutions deployed in an IaaS pattern designed for use outside the organisation by designated external consumers Solutions deployed in a PaaS pattern designed for use outside the organisation by designated external consumers Solutions deployed in a PaaS pattern designed for use outside the organisation by public consumers Solutions deployed in an IaaS pattern designed for use outside the organisation by public consumers Data stores for solutions deployed in an IaaS pattern designed for use outside the organisation by public consumers Data stores for solutions deployed in a PaaS pattern Solutions deployed in a SaaS pattern designed for use outside the organisation by designated external consumers Solutions deployed in a SaaS pattern designed for use outside the organisation by public consumers Solutions deployed in a SaaS pattern designed for use within the organisation Data stores for solutions deployed in a SaaS pattern Component within outsourced service provider for secure connectivity and access to outsourced solutions and data Facility within outsourced service provider for identity and access management and consumer authorisation and authentication Solutions on a shared platform hosted by within outsourced service provider Data stores for solutions on a shared platform deployed within outsourced service provider Solutions on a dedicated platform hosted by within outsourced service provider Data stores for solutions on a dedicated platform deployed within outsourced service provider Component within a co-location service provider for secure connectivity and access to co-located solutions and data Facility within a co-location service provider for identity and access management and consumer authorisation and authentication Solutions hosted by within a co- location service provider Facility within a co-location service provider for identity and access management and consumer authorisation and authentication Access Control Management Inventory and Control of Assets Data Protection Penetration Testing Continuous Vulnerability Management External Data Telemetry Devices External Public Interacting Parties External Data Sources External Telecommand Devices Account Management Access Control Management Data Protection Malware Defense Penetration Testing Continuous Vulnerability Management Account Management Access Control Management Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Account Management Access Control Management Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Private Access Groups External Private Interacting Parties Externally Located Employees Mobile Employees Access Control Management Data Protection Audit Log Management Browser Protection Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Inventory and Control of Assets Data Protection Audit Log Management Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Inventory and Control of Assets Data Protection Audit Log Management Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Access Control Management Data Protection Audit Log Management Penetration Testing Continuous Vulnerability Management Data Access, Exchange and Service Gateway Secure Communications Access Externally Accessible Solutions Publicly Accessible Solutions Business Continuity and Disaster Recovery Data Management and Backup and Recovery Network Monitoring Access and Activity Logging Identity, Access and Authentication Mail Solution Unstructured Data Stores Solution Structured Data Stores Solution Access Groups Business Unit Solution Access Group Externally Accessible Infrastructure Deployed Solutions Co-Located Solutions Co-Located Solution Data Stores Co-Location Identity, Access and Authentication Hosted Shared Solutions Hosted Shared Solution Data Stores Identity, Access and Authentication Internally Accessible Infrastructure Deployed Solutions Internally Accessible Infrastructure Deployed Solutions Data Stores Hosted Dedicated Solutions Hosted Dedicated Solution Data Stores Publicly Accessible Infrastructure Deployed Solutions Anti-Virus, Malware Defense Threat Protection and Vulnerability Checking Internally Accessible Solutions Externally Accessible Platform Deployed Solutions Internally Accessible Platform Deployed Solutions Publicly Accessible Platform Deployed Solutions Externally Accessible Service Deployed Solutions Internally Accessible Service Deployed Solutions Publicly Accessible Service Deployed Solutions Cloud Service Provider Connectivity and Access Co-Location Provider Connectivity and Access Outsourced Service Provider Connectivity and Access Account Management Access Control Management Audit Log Management Inventory and Control of Assets Audit Log Management Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Access Control Management Data Protection Audit Log Management Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Solution Monitoring Audit Log Management Solution Monitoring Audit Log Management Browser Protection Email Protection Malware Defense Inventory and Control of Assets Continuous Vulnerability Management Network Management Inventory and Control of Assets Continuous Vulnerability Management Solution Availability, Resilience, Fault Tolerance and Recovery Data Management and Backup and Recovery Outsourced Service Provider Access and Authentication Inventory and Control of Assets Audit Log Management Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Account Management Access Control Management Audit Log Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Platform Deployed Solutions Data Stores Service Deployed Solutions Data Stores Cloud Service Provider Access and Authentication Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Solution Zone Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Data Zone Asset Security Access Control Management Solution Monitoring Inventory and Control of Assets Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Workstation Zone Central Solutions and Access Organisation Asset Security Access Control Management Solution Monitoring Inventory and Control of Assets Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Remote Business Unit Solutions and Access Co-Located Solutions and Access Outsourced Service Provider Solutions and Access Externally Accessible Infrastructure Deployed Solutions Data Stores Publicly Accessible Infrastructure Deployed Solutions Data Stores Inventory and Control of Assets Audit Log Management Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Access Control Management Audit Log Management Email Protection Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Cloud Service Provider Solutions and Access Secure External Organisation Access Secure External Organisation Participation and Collaboration Insecure External Organisation Presentation And Access Audit Log Management Audit Log Management Access Control Management Network Management Account Management Account Management The functional and operational design of any solution and therefore its security will include many of these components, including those inherited by the solution or common components used by the solution. The complete solution security view should refer explicitly to the components and their controls. While each individual solution should be able to inherit the security controls provided by these components, the solution design should include explicit reference to them for completeness and to avoid unvalidated assumptions. There is a common and generalised set of components, many of which are shared, within the wider solution topology that should be considered when assessing overall solution security. Solution Components Solution Landscape Solution Component Zones The sets of components that comprise the extended solution landscape, including those components that provide common or shared functionality, are located in different zones, each with different security characteristics.

Empfohlen

Solution Architecture And Solution Security
Solution Architecture And Solution SecuritySolution Architecture And Solution Security
Solution Architecture And Solution SecurityAlan McSweeney
 
Structured Approach to Solution Architecture
Structured Approach to Solution ArchitectureStructured Approach to Solution Architecture
Structured Approach to Solution ArchitectureAlan McSweeney
 
Solution Architecture – Approach to Rapidly Scoping The Initial Solution Options
Solution Architecture – Approach to Rapidly Scoping The Initial Solution OptionsSolution Architecture – Approach to Rapidly Scoping The Initial Solution Options
Solution Architecture – Approach to Rapidly Scoping The Initial Solution OptionsAlan McSweeney
 
Why Solutions Fail and the Business Value of Solution Architecture
Why Solutions Fail and the Business Value of Solution ArchitectureWhy Solutions Fail and the Business Value of Solution Architecture
Why Solutions Fail and the Business Value of Solution ArchitectureAlan McSweeney
 
Integrated Project and Solution Delivery And Business Engagement Model
Integrated Project and Solution Delivery And Business Engagement ModelIntegrated Project and Solution Delivery And Business Engagement Model
Integrated Project and Solution Delivery And Business Engagement ModelAlan McSweeney
 
Agile Solution Architecture and Design
Agile Solution Architecture and DesignAgile Solution Architecture and Design
Agile Solution Architecture and DesignAlan McSweeney
 
Business capability mapping and business architecture
Business capability mapping and business architectureBusiness capability mapping and business architecture
Business capability mapping and business architectureSatyaIluri
 
An Introduction into the design of business using business architecture
An Introduction into the design of business using business architectureAn Introduction into the design of business using business architecture
An Introduction into the design of business using business architectureCraig Martin
 

Empfohlen

Solution Architecture And Solution Security
Solution Architecture And Solution SecuritySolution Architecture And Solution Security
Solution Architecture And Solution SecurityAlan McSweeney
 
Structured Approach to Solution Architecture
Structured Approach to Solution ArchitectureStructured Approach to Solution Architecture
Structured Approach to Solution ArchitectureAlan McSweeney
 
Solution Architecture – Approach to Rapidly Scoping The Initial Solution Options
Solution Architecture – Approach to Rapidly Scoping The Initial Solution OptionsSolution Architecture – Approach to Rapidly Scoping The Initial Solution Options
Solution Architecture – Approach to Rapidly Scoping The Initial Solution OptionsAlan McSweeney
 
Why Solutions Fail and the Business Value of Solution Architecture
Why Solutions Fail and the Business Value of Solution ArchitectureWhy Solutions Fail and the Business Value of Solution Architecture
Why Solutions Fail and the Business Value of Solution ArchitectureAlan McSweeney
 
Integrated Project and Solution Delivery And Business Engagement Model
Integrated Project and Solution Delivery And Business Engagement ModelIntegrated Project and Solution Delivery And Business Engagement Model
Integrated Project and Solution Delivery And Business Engagement ModelAlan McSweeney
 
Agile Solution Architecture and Design
Agile Solution Architecture and DesignAgile Solution Architecture and Design
Agile Solution Architecture and DesignAlan McSweeney
 
Business capability mapping and business architecture
Business capability mapping and business architectureBusiness capability mapping and business architecture
Business capability mapping and business architectureSatyaIluri
 
An Introduction into the design of business using business architecture
An Introduction into the design of business using business architectureAn Introduction into the design of business using business architecture
An Introduction into the design of business using business architectureCraig Martin
 
The Need For Effective Early Engagement In Solution Architecture And Design
The Need For Effective Early Engagement In Solution Architecture And DesignThe Need For Effective Early Engagement In Solution Architecture And Design
The Need For Effective Early Engagement In Solution Architecture And DesignAlan McSweeney
 
Shadow IT And The Failure Of IT Architecture
Shadow IT And The Failure Of IT ArchitectureShadow IT And The Failure Of IT Architecture
Shadow IT And The Failure Of IT ArchitectureAlan McSweeney
 
Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Alan McSweeney
 
Digital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureDigital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureAlan McSweeney
 
Solution Architecture And User And Customer Experience
Solution Architecture And User And Customer ExperienceSolution Architecture And User And Customer Experience
Solution Architecture And User And Customer ExperienceAlan McSweeney
 
Managed it services
Managed it servicesManaged it services
Managed it servicesGss America
 
Solution Architecture Framework
Solution Architecture FrameworkSolution Architecture Framework
Solution Architecture FrameworkFirmansyahIrma1
 
Integrated Project Management And Solution Delivery Process
Integrated Project Management And Solution Delivery ProcessIntegrated Project Management And Solution Delivery Process
Integrated Project Management And Solution Delivery ProcessAlan McSweeney
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 
Managed Services Balanced Scorecard Presentation By Sourcing Gurus
Managed Services Balanced Scorecard Presentation By Sourcing GurusManaged Services Balanced Scorecard Presentation By Sourcing Gurus
Managed Services Balanced Scorecard Presentation By Sourcing GurusSystems Plus Solutions
 
A Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkA Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkPaul Sullivan
 
Data Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesData Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesDATAVERSITY
 
Solution Architecture and Solution Complexity
Solution Architecture and Solution ComplexitySolution Architecture and Solution Complexity
Solution Architecture and Solution ComplexityAlan McSweeney
 
Re-Positioning the value of the architecture practice
Re-Positioning the value of the architecture practiceRe-Positioning the value of the architecture practice
Re-Positioning the value of the architecture practiceCraig Martin
 
Business Architecture and Enterprise Planning
Business Architecture and Enterprise PlanningBusiness Architecture and Enterprise Planning
Business Architecture and Enterprise Planningi3 Technologies, Inc
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs
 
Enterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubEnterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubRichardNowack
 
From Business model to Capability Map
From Business model to Capability Map From Business model to Capability Map
From Business model to Capability Map COMPETENSIS
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of HadoopDatabricks
 
How to develop and govern a Technology Strategy in 10 weeks
How to develop and govern a Technology Strategy in 10 weeksHow to develop and govern a Technology Strategy in 10 weeks
How to develop and govern a Technology Strategy in 10 weeksLeo Barella
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Need For Effective Early Engagement In Solution Architecture And Design
The Need For Effective Early Engagement In Solution Architecture And DesignThe Need For Effective Early Engagement In Solution Architecture And Design
The Need For Effective Early Engagement In Solution Architecture And DesignAlan McSweeney
 
Shadow IT And The Failure Of IT Architecture
Shadow IT And The Failure Of IT ArchitectureShadow IT And The Failure Of IT Architecture
Shadow IT And The Failure Of IT ArchitectureAlan McSweeney
 
Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Alan McSweeney
 
Digital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureDigital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureAlan McSweeney
 
Solution Architecture And User And Customer Experience
Solution Architecture And User And Customer ExperienceSolution Architecture And User And Customer Experience
Solution Architecture And User And Customer ExperienceAlan McSweeney
 
Managed it services
Managed it servicesManaged it services
Managed it servicesGss America
 
Solution Architecture Framework
Solution Architecture FrameworkSolution Architecture Framework
Solution Architecture FrameworkFirmansyahIrma1
 
Integrated Project Management And Solution Delivery Process
Integrated Project Management And Solution Delivery ProcessIntegrated Project Management And Solution Delivery Process
Integrated Project Management And Solution Delivery ProcessAlan McSweeney
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 
Managed Services Balanced Scorecard Presentation By Sourcing Gurus
Managed Services Balanced Scorecard Presentation By Sourcing GurusManaged Services Balanced Scorecard Presentation By Sourcing Gurus
Managed Services Balanced Scorecard Presentation By Sourcing GurusSystems Plus Solutions
 
A Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkA Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkPaul Sullivan
 
Data Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesData Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesDATAVERSITY
 
Solution Architecture and Solution Complexity
Solution Architecture and Solution ComplexitySolution Architecture and Solution Complexity
Solution Architecture and Solution ComplexityAlan McSweeney
 
Re-Positioning the value of the architecture practice
Re-Positioning the value of the architecture practiceRe-Positioning the value of the architecture practice
Re-Positioning the value of the architecture practiceCraig Martin
 
Business Architecture and Enterprise Planning
Business Architecture and Enterprise PlanningBusiness Architecture and Enterprise Planning
Business Architecture and Enterprise Planningi3 Technologies, Inc
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs
 
Enterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubEnterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubRichardNowack
 
From Business model to Capability Map
From Business model to Capability Map From Business model to Capability Map
From Business model to Capability Map COMPETENSIS
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of HadoopDatabricks
 
How to develop and govern a Technology Strategy in 10 weeks
How to develop and govern a Technology Strategy in 10 weeksHow to develop and govern a Technology Strategy in 10 weeks
How to develop and govern a Technology Strategy in 10 weeksLeo Barella
 

Was ist angesagt? (20)

The Need For Effective Early Engagement In Solution Architecture And Design
The Need For Effective Early Engagement In Solution Architecture And DesignThe Need For Effective Early Engagement In Solution Architecture And Design
The Need For Effective Early Engagement In Solution Architecture And Design
 
Shadow IT And The Failure Of IT Architecture
Shadow IT And The Failure Of IT ArchitectureShadow IT And The Failure Of IT Architecture
Shadow IT And The Failure Of IT Architecture
 
Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...Enterprise Architecture Implementation And The Open Group Architecture Framew...
Enterprise Architecture Implementation And The Open Group Architecture Framew...
 
Digital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureDigital Transformation And Solution Architecture
Digital Transformation And Solution Architecture
 
Solution Architecture And User And Customer Experience
Solution Architecture And User And Customer ExperienceSolution Architecture And User And Customer Experience
Solution Architecture And User And Customer Experience
 
Managed it services
Managed it servicesManaged it services
Managed it services
 
Solution Architecture Framework
Solution Architecture FrameworkSolution Architecture Framework
Solution Architecture Framework
 
Integrated Project Management And Solution Delivery Process
Integrated Project Management And Solution Delivery ProcessIntegrated Project Management And Solution Delivery Process
Integrated Project Management And Solution Delivery Process
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And Architecture
 
Managed Services Balanced Scorecard Presentation By Sourcing Gurus
Managed Services Balanced Scorecard Presentation By Sourcing GurusManaged Services Balanced Scorecard Presentation By Sourcing Gurus
Managed Services Balanced Scorecard Presentation By Sourcing Gurus
 
A Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability FrameworkA Summary of TOGAF's Architecture Capability Framework
A Summary of TOGAF's Architecture Capability Framework
 
Data Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & ApproachesData Lake Architecture – Modern Strategies & Approaches
Data Lake Architecture – Modern Strategies & Approaches
 
Solution Architecture and Solution Complexity
Solution Architecture and Solution ComplexitySolution Architecture and Solution Complexity
Solution Architecture and Solution Complexity
 
Re-Positioning the value of the architecture practice
Re-Positioning the value of the architecture practiceRe-Positioning the value of the architecture practice
Re-Positioning the value of the architecture practice
 
Business Architecture and Enterprise Planning
Business Architecture and Enterprise PlanningBusiness Architecture and Enterprise Planning
Business Architecture and Enterprise Planning
 
Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services Marlabs Capabilities Overview: Application Maintenance Support Services
Marlabs Capabilities Overview: Application Maintenance Support Services
 
Enterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHubEnterprise Architecture Management (EAM) I Best Practices I NuggetHub
Enterprise Architecture Management (EAM) I Best Practices I NuggetHub
 
From Business model to Capability Map
From Business model to Capability Map From Business model to Capability Map
From Business model to Capability Map
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
 
How to develop and govern a Technology Strategy in 10 weeks
How to develop and govern a Technology Strategy in 10 weeksHow to develop and govern a Technology Strategy in 10 weeks
How to develop and govern a Technology Strategy in 10 weeks
 

Ähnlich wie Solution Security Architecture

Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnairePriyanka Aash
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At MicrosoftMark J. Feldman
 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Under Controls
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
A&I for Security Overview
A&I for Security OverviewA&I for Security Overview
A&I for Security OverviewA&I Solutions
 
A&I for Security
A&I for SecurityA&I for Security
A&I for SecurityJerry Recht
 
Different Types Of Network Security Devices And Tools.docx
Different Types Of Network Security Devices And Tools.docxDifferent Types Of Network Security Devices And Tools.docx
Different Types Of Network Security Devices And Tools.docxSameerShaik43
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperMohd Anwar Jamal Faiz
 
OpenText Security Health Check Service
OpenText Security Health Check ServiceOpenText Security Health Check Service
OpenText Security Health Check ServiceMarc St-Pierre
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxSharumathiR1
 
e-Zest Remote Infrastructure Management Services (RIM) Services
e-Zest Remote Infrastructure Management Services (RIM) Servicese-Zest Remote Infrastructure Management Services (RIM) Services
e-Zest Remote Infrastructure Management Services (RIM) Servicese-Zest Solutions
 
Specialist Security Engineer
Specialist Security EngineerSpecialist Security Engineer
Specialist Security EngineerMark Long
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityKaran Patel
 
Specialist security enigneer
Specialist security enigneerSpecialist security enigneer
Specialist security enigneerMark Long
 

Ähnlich wie Solution Security Architecture (20)

Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnaire
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
Stay Ahead of Data Security Risks_ How ISO 27001 Compliance Software Can Help...
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
SDET UNIT 5.pptx
SDET UNIT 5.pptxSDET UNIT 5.pptx
SDET UNIT 5.pptx
 
A&I for Security Overview
A&I for Security OverviewA&I for Security Overview
A&I for Security Overview
 
A&I for Security
A&I for SecurityA&I for Security
A&I for Security
 
Different Types Of Network Security Devices And Tools.docx
Different Types Of Network Security Devices And Tools.docxDifferent Types Of Network Security Devices And Tools.docx
Different Types Of Network Security Devices And Tools.docx
 
Security is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White PaperSecurity is our duty and we shall deliver it - White Paper
Security is our duty and we shall deliver it - White Paper
 
OpenText Security Health Check Service
OpenText Security Health Check ServiceOpenText Security Health Check Service
OpenText Security Health Check Service
 
Unit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptxUnit - 4 Security in information system .pptx
Unit - 4 Security in information system .pptx
 
AGSL brochure
AGSL brochureAGSL brochure
AGSL brochure
 
e-Zest Remote Infrastructure Management Services (RIM) Services
e-Zest Remote Infrastructure Management Services (RIM) Servicese-Zest Remote Infrastructure Management Services (RIM) Services
e-Zest Remote Infrastructure Management Services (RIM) Services
 
Specialist Security Engineer
Specialist Security EngineerSpecialist Security Engineer
Specialist Security Engineer
 
Penetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber SecurityPenetration Testing Services - Redfox Cyber Security
Penetration Testing Services - Redfox Cyber Security
 
Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30Defense In Depth Using NIST 800-30
Defense In Depth Using NIST 800-30
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
 
Specialist security enigneer
Specialist security enigneerSpecialist security enigneer
Specialist security enigneer
 

Mehr von Alan McSweeney

Data Architecture for Solutions.pdf
Data Architecture for Solutions.pdfData Architecture for Solutions.pdf
Data Architecture for Solutions.pdfAlan McSweeney
 
Solution Architecture and Solution Estimation.pdf
Solution Architecture and Solution Estimation.pdfSolution Architecture and Solution Estimation.pdf
Solution Architecture and Solution Estimation.pdfAlan McSweeney
 
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...Alan McSweeney
 
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...Alan McSweeney
 
IT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfIT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfAlan McSweeney
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Alan McSweeney
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Alan McSweeney
 
Solution Architecture And (Robotic) Process Automation Solutions
Solution Architecture And (Robotic) Process Automation SolutionsSolution Architecture And (Robotic) Process Automation Solutions
Solution Architecture And (Robotic) Process Automation SolutionsAlan McSweeney
 
Data Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationData Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationAlan McSweeney
 
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...Alan McSweeney
 
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...Alan McSweeney
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureAlan McSweeney
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Alan McSweeney
 
Ireland 2019 and 2020 Compared - Individual Charts
Ireland 2019 and 2020 Compared - Individual ChartsIreland 2019 and 2020 Compared - Individual Charts
Ireland 2019 and 2020 Compared - Individual ChartsAlan McSweeney
 
Analysis of Irish Mortality Using Public Data Sources 2014-2020
Analysis of Irish Mortality Using Public Data Sources 2014-2020Analysis of Irish Mortality Using Public Data Sources 2014-2020
Analysis of Irish Mortality Using Public Data Sources 2014-2020Alan McSweeney
 
Ireland – 2019 And 2020 Compared In Data
Ireland – 2019 And 2020 Compared In DataIreland – 2019 And 2020 Compared In Data
Ireland – 2019 And 2020 Compared In DataAlan McSweeney
 
Review of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability ModelsReview of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability ModelsAlan McSweeney
 
Critical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureCritical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureAlan McSweeney
 
Analysis of Possible Excess COVID-19 Deaths in Ireland From Jan 2020 to Jun 2020
Analysis of Possible Excess COVID-19 Deaths in Ireland From Jan 2020 to Jun 2020Analysis of Possible Excess COVID-19 Deaths in Ireland From Jan 2020 to Jun 2020
Analysis of Possible Excess COVID-19 Deaths in Ireland From Jan 2020 to Jun 2020Alan McSweeney
 
Solution Architecture and Solution Acquisition
Solution Architecture and Solution AcquisitionSolution Architecture and Solution Acquisition
Solution Architecture and Solution AcquisitionAlan McSweeney
 

Mehr von Alan McSweeney (20)

Data Architecture for Solutions.pdf
Data Architecture for Solutions.pdfData Architecture for Solutions.pdf
Data Architecture for Solutions.pdf
 
Solution Architecture and Solution Estimation.pdf
Solution Architecture and Solution Estimation.pdfSolution Architecture and Solution Estimation.pdf
Solution Architecture and Solution Estimation.pdf
 
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
Validating COVID-19 Mortality Data and Deaths for Ireland March 2020 – March ...
 
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
Analysis of the Numbers of Catholic Clergy and Members of Religious in Irelan...
 
IT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdfIT Architecture’s Role In Solving Technical Debt.pdf
IT Architecture’s Role In Solving Technical Debt.pdf
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
 
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
Data Privatisation, Data Anonymisation, Data Pseudonymisation and Differentia...
 
Solution Architecture And (Robotic) Process Automation Solutions
Solution Architecture And (Robotic) Process Automation SolutionsSolution Architecture And (Robotic) Process Automation Solutions
Solution Architecture And (Robotic) Process Automation Solutions
 
Data Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata HarmonisationData Profiling, Data Catalogs and Metadata Harmonisation
Data Profiling, Data Catalogs and Metadata Harmonisation
 
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
Comparison of COVID-19 Mortality Data and Deaths for Ireland March 2020 – Mar...
 
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
Analysis of Decentralised, Distributed Decision-Making For Optimising Domesti...
 
Operational Risk Management Data Validation Architecture
Operational Risk Management Data Validation ArchitectureOperational Risk Management Data Validation Architecture
Operational Risk Management Data Validation Architecture
 
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
Data Integration, Access, Flow, Exchange, Transfer, Load And Extract Architec...
 
Ireland 2019 and 2020 Compared - Individual Charts
Ireland 2019 and 2020 Compared - Individual ChartsIreland 2019 and 2020 Compared - Individual Charts
Ireland 2019 and 2020 Compared - Individual Charts
 
Analysis of Irish Mortality Using Public Data Sources 2014-2020
Analysis of Irish Mortality Using Public Data Sources 2014-2020Analysis of Irish Mortality Using Public Data Sources 2014-2020
Analysis of Irish Mortality Using Public Data Sources 2014-2020
 
Ireland – 2019 And 2020 Compared In Data
Ireland – 2019 And 2020 Compared In DataIreland – 2019 And 2020 Compared In Data
Ireland – 2019 And 2020 Compared In Data
 
Review of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability ModelsReview of Information Technology Function Critical Capability Models
Review of Information Technology Function Critical Capability Models
 
Critical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference ArchitectureCritical Review of Open Group IT4IT Reference Architecture
Critical Review of Open Group IT4IT Reference Architecture
 
Analysis of Possible Excess COVID-19 Deaths in Ireland From Jan 2020 to Jun 2020
Analysis of Possible Excess COVID-19 Deaths in Ireland From Jan 2020 to Jun 2020Analysis of Possible Excess COVID-19 Deaths in Ireland From Jan 2020 to Jun 2020
Analysis of Possible Excess COVID-19 Deaths in Ireland From Jan 2020 to Jun 2020
 
Solution Architecture and Solution Acquisition
Solution Architecture and Solution AcquisitionSolution Architecture and Solution Acquisition
Solution Architecture and Solution Acquisition
 

Kürzlich hochgeladen

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 

Kürzlich hochgeladen (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 

Solution Security Architecture

  • 1. Solution Security Architecture Zones Security Controls Solution Landscape Individual solutions must be able to inherit security controls, facilities and standards from common enterprise-level controls, standards, toolsets and frameworks. Individual solutions must not be forced to implement individual infrastructural security facilities and controls. This is wasteful of solution implementation resources, results in multiple non-standard approaches to security and represents a security risk to the organisation. Solution architects must be aware of the need for solution security and of the need to have enterprise-level controls that solutions can adopt. The extended solution landscape potentially consists of a large number of interacting components and entities located in different zones, each with different security profiles, requirements and concerns. Different security concerns and therefore controls apply to each of these components. Solution security is not covered by a single control. It involves multiple overlapping sets of controls providing layers of security. Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Design, implement and operate infrastructure, facilities and processes to ensure the availability of the solution, resilience against component failure and recovery in the event of failure Design, implement and operate tools and processes to manage the security aspects of developed, acquired or externally hosted solutions to identify, prevent, detect and resolve security weaknesses and vulnerabilities Design, implement and operate tools and processes to monitor, analyse and report on the usage of a solution and its constituent components including resource consumption and performance Design, implement and operate tools and processes to collect, store, analyse, alert, review audit logs of solution activity events that to facilitate the detection, understanding and recovery from an attack Design, implement and operate tools and processes for the creation, assignment, management and revocation of access credentials and privileges for solution and data access to administrator, user and service accounts Design, implement and operate tools and processes to monitor, analyse, detect and act-on email-based attacks and email vulnerabilities Design, implement and operate tools and processes to prevent the installation, spread, and execution of malicious applications, code or scripts Design, implement and operate tools and processes to manage solution data and establish data backup and recovery including integrity of backup data Design, implement and operate tools and processes to manage and control the infrastructure and software assets that comprise the totality of solutions in order to actively manage those assets Design, implement and operate tools and processes to assign and manage authorisation to and assignment of credentials for service, administrator and user accounts, including administrator accounts Design, implement and operate tools and processes to ensure the security of infrastructure and software assets through active asset inventory management Design, implement and operate tools and processes to monitor network infrastructure, ensuring only authorised software can be installed and run, and provide defense against security threats and attacks Design, implement and operate tools and processes to test solutions and their infrastructure to identify and resolve vulnerabilities and weaknesses in their design, implementation and operation through the simulation of attacks Design, implement and operate tools and processes to monitor, analyse, detect and act-on browser-based attacks and browser vulnerabilities Design, implement and operate tools and processes to initially assess and continually monitor the security arrangements of solution component suppliers and service providers and the components and services they provide Design, implement and operate tools and processes to design, implement, operate and manage the security of network infrastructure and facilities including their vulnerability Design, implement and operate tools and processes to continuously assess and track vulnerabilities on all solution components in order to identify, response to, remediate and minimise attacks Design, implement and operate tools and processes to identify, classify, securely handle, manage access to, manage regulatory compliance, appropriately retain and dispose of solution data Sets Of Security Controls Different Controls Apply To Solution Components Solution Zone Data Zone Workstation Zone Central Solutions and Access Organisation Remote Business Unit Solutions and Access Co-Located Solutions and Access Outsourced Service Provider Solutions and Access Cloud Service Provider Solutions and Access Secure External Organisation Access Insecure External Organisation Presentation And Access Insecure External Organisation Presentation And Access Where publicly accessible or accessing entities reside. These entities are regarded as insecure and/or untrusted. Secure External Organisation Participation and Collaboration Outside the physical organisation boundary where entities that are provided by or to trusted external parties reside Secure External Organisation Participation and Collaboration Secure External Organisation Access Contain entities that enable secure access or are securely accessible from outside the organisation Organisation Contain the entities within the organisation boundary and contains all the locations, business units and functions within it Remote Business Unit Solutions and Access Remotely located organisation business unit or location and the entities it contains Workstation Zone Zone within the organisation where users accessing data and solutions are segregated for security Co-Located Solutions and Access Contains solutions the organisation has located in facilities provided by co-location providers Central Solutions and Access Contains the solution entities and their data Solution Zone Contains the solution entities Data Zone Zone within the organisation where data is segregated for security Outsourced Service Provider Solutions and Access Contains solutions provided by and located in facilities provided by outsourced partners Cloud Service Provider Solutions and Access Contains solutions - platform, infrastructure and service - provided by and located in cloud service providers Solution Components External Data Telemetry Devices External Public Interacting Parties External Data Sources External Telecommand Devices Private Access Groups External Private Interacting Parties Externally Located Employees Mobile Employees Data Access, Exchange and Service Gateway Secure Communications Access Externally Accessible Solutions Publicly Accessible Solutions Business Continuity and Disaster Recovery Network Monitoring Access and Activity Logging Externally Accessible Infrastructure Deployed Solutions Identity, Access and Authentication Internally Accessible Infrastructure Deployed Solutions Internally Accessible Infrastructure Deployed Solutions Data Stores Publicly Accessible Infrastructure Deployed Solutions Anti-Virus, Malware Defense Threat Protection and Vulnerability Checking Cloud Service Provider Connectivity and Access Cloud Service Provider Access and Authentication Externally Accessible Infrastructure Deployed Solutions Data Stores Publicly Accessible Infrastructure Deployed Solutions Data Stores Backup and Recovery Identity, Access and Authentication Mail Solution Unstructured Data Stores Solution Structured Data Stores Solution Access Groups Business Unit Solution Access Group Co-Located Solutions Co-Located Solution Data Stores Co-Location Identity, Access and Authentication Hosted Shared Solutions Hosted Shared Solution Data Stores Hosted Dedicated Solutions Hosted Dedicated Solution Data Stores Internally Accessible Solutions Externally Accessible Platform Deployed Solutions Internally Accessible Platform Deployed Solutions Publicly Accessible Platform Deployed Solutions Externally Accessible Service Deployed Solutions Internally Accessible Service Deployed Solutions Publicly Accessible Service Deployed Solutions Co-Location Provider Connectivity and Access Outsourced Service Provider Connectivity and Access Outsourced Service Provider Access and Authentication Platform Deployed Solutions Data Stores Service Deployed Solutions Data Stores Data sources outside the organisation boundary providing data to the organisation Public solution consumers outside the organisation and outside the control of the organisation Component providing common facilities for identity and access management and consumer authorisation and authentication Component within cloud service provider for secure connectivity and access to cloud-located solutions and data Component within cloud service providing facilities for identity and access management and consumer authorisation and authentication Solutions deployed in an IaaS pattern designed for use within the organisation Devices owned by the organisation in public locations and from which solutions receive data Devices owned by the organisation in public locations and to which solutions send commands Solution consumers external to the organisation and with whom the organisation has a relationship and who may have authenticated access Employees accessing organisation solutions from outside the organisation’s security boundary Employees accessing organisation solutions outside the organisation but within the organisation’s extended security boundary Interaction areas for secure collaboration with third-parties with authenticated access Solutions hosted on organisation on- premises infrastructure that are publicly accessible without authentication Solutions hosted on organisation on- premises infrastructure that are publicly accessible with authentication Facility to allow the access to organisation data and services and to enable the exchange and transfer of data Component that provides common secure communications facilities to solutions Component that provides facilities to log resource accesses, activities and events Provides protection against viruses and other malware Provides facilities to monitor network access, usage and performance Provides protection against vulnerabilities contained in solutions and any components they use or incorporate Organisation email facility Component that provides common secure identity, authentication and access control facilities to solutions Organisation data backup and recovery facility Set of solution consumers located within a separately located business unit Solutions deployed on on-premises infrastructure designed to be used by internal solution consumers Database-oriented data stores for solutions deployed on on-premises infrastructure Document-oriented data stores for solutions deployed on on-premises infrastructure Set of solution consumers located within the central organisation Component that provides common secure business continuity and disaster recovery facilities to solutions Solutions deployed in an IaaS pattern designed for use outside the organisation Data stores for solutions deployed in an IaaS pattern designed for use within the organisation Solutions deployed in a PaaS pattern designed for use within the organisation Data stores for solutions deployed in an IaaS pattern designed for use outside the organisation by designated external consumers Solutions deployed in a PaaS pattern designed for use outside the organisation by designated external consumers Solutions deployed in a PaaS pattern designed for use outside the organisation by public consumers Solutions deployed in an IaaS pattern designed for use outside the organisation by public consumers Data stores for solutions deployed in an IaaS pattern designed for use outside the organisation by public consumers Data stores for solutions deployed in a PaaS pattern Solutions deployed in a SaaS pattern designed for use outside the organisation by designated external consumers Solutions deployed in a SaaS pattern designed for use outside the organisation by public consumers Solutions deployed in a SaaS pattern designed for use within the organisation Data stores for solutions deployed in a SaaS pattern Component within outsourced service provider for secure connectivity and access to outsourced solutions and data Facility within outsourced service provider for identity and access management and consumer authorisation and authentication Solutions on a shared platform hosted by within outsourced service provider Data stores for solutions on a shared platform deployed within outsourced service provider Solutions on a dedicated platform hosted by within outsourced service provider Data stores for solutions on a dedicated platform deployed within outsourced service provider Component within a co-location service provider for secure connectivity and access to co-located solutions and data Facility within a co-location service provider for identity and access management and consumer authorisation and authentication Solutions hosted by within a co- location service provider Facility within a co-location service provider for identity and access management and consumer authorisation and authentication Access Control Management Inventory and Control of Assets Data Protection Penetration Testing Continuous Vulnerability Management External Data Telemetry Devices External Public Interacting Parties External Data Sources External Telecommand Devices Account Management Access Control Management Data Protection Malware Defense Penetration Testing Continuous Vulnerability Management Account Management Access Control Management Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Account Management Access Control Management Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Private Access Groups External Private Interacting Parties Externally Located Employees Mobile Employees Access Control Management Data Protection Audit Log Management Browser Protection Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Inventory and Control of Assets Data Protection Audit Log Management Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Inventory and Control of Assets Data Protection Audit Log Management Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Access Control Management Data Protection Audit Log Management Penetration Testing Continuous Vulnerability Management Data Access, Exchange and Service Gateway Secure Communications Access Externally Accessible Solutions Publicly Accessible Solutions Business Continuity and Disaster Recovery Data Management and Backup and Recovery Network Monitoring Access and Activity Logging Identity, Access and Authentication Mail Solution Unstructured Data Stores Solution Structured Data Stores Solution Access Groups Business Unit Solution Access Group Externally Accessible Infrastructure Deployed Solutions Co-Located Solutions Co-Located Solution Data Stores Co-Location Identity, Access and Authentication Hosted Shared Solutions Hosted Shared Solution Data Stores Identity, Access and Authentication Internally Accessible Infrastructure Deployed Solutions Internally Accessible Infrastructure Deployed Solutions Data Stores Hosted Dedicated Solutions Hosted Dedicated Solution Data Stores Publicly Accessible Infrastructure Deployed Solutions Anti-Virus, Malware Defense Threat Protection and Vulnerability Checking Internally Accessible Solutions Externally Accessible Platform Deployed Solutions Internally Accessible Platform Deployed Solutions Publicly Accessible Platform Deployed Solutions Externally Accessible Service Deployed Solutions Internally Accessible Service Deployed Solutions Publicly Accessible Service Deployed Solutions Cloud Service Provider Connectivity and Access Co-Location Provider Connectivity and Access Outsourced Service Provider Connectivity and Access Account Management Access Control Management Audit Log Management Inventory and Control of Assets Audit Log Management Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Access Control Management Data Protection Audit Log Management Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Asset Security Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Solution Monitoring Audit Log Management Solution Monitoring Audit Log Management Browser Protection Email Protection Malware Defense Inventory and Control of Assets Continuous Vulnerability Management Network Management Inventory and Control of Assets Continuous Vulnerability Management Solution Availability, Resilience, Fault Tolerance and Recovery Data Management and Backup and Recovery Outsourced Service Provider Access and Authentication Inventory and Control of Assets Audit Log Management Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Account Management Access Control Management Audit Log Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Platform Deployed Solutions Data Stores Service Deployed Solutions Data Stores Cloud Service Provider Access and Authentication Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Solution Zone Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Data Zone Asset Security Access Control Management Solution Monitoring Inventory and Control of Assets Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Workstation Zone Central Solutions and Access Organisation Asset Security Access Control Management Solution Monitoring Inventory and Control of Assets Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Remote Business Unit Solutions and Access Co-Located Solutions and Access Outsourced Service Provider Solutions and Access Externally Accessible Infrastructure Deployed Solutions Data Stores Publicly Accessible Infrastructure Deployed Solutions Data Stores Inventory and Control of Assets Audit Log Management Malware Defense Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Access Control Management Audit Log Management Email Protection Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Asset Security Account Management Access Control Management Solution Availability, Resilience, Fault Tolerance and Recovery Solution Monitoring Inventory and Control of Assets Data Protection Audit Log Management Application Solution Security Browser Protection Email Protection Malware Defense Data Management and Backup and Recovery Network Monitoring Penetration Testing Continuous Vulnerability Management Network Management Supplier and Service Provider Management Cloud Service Provider Solutions and Access Secure External Organisation Access Secure External Organisation Participation and Collaboration Insecure External Organisation Presentation And Access Audit Log Management Audit Log Management Access Control Management Network Management Account Management Account Management The functional and operational design of any solution and therefore its security will include many of these components, including those inherited by the solution or common components used by the solution. The complete solution security view should refer explicitly to the components and their controls. While each individual solution should be able to inherit the security controls provided by these components, the solution design should include explicit reference to them for completeness and to avoid unvalidated assumptions. There is a common and generalised set of components, many of which are shared, within the wider solution topology that should be considered when assessing overall solution security. Solution Components Solution Landscape Solution Component Zones The sets of components that comprise the extended solution landscape, including those components that provide common or shared functionality, are located in different zones, each with different security characteristics.