Main Page

From The Secure Arc Wiki

(Difference between revisions)
Jump to: navigation, search
(Added the simple 'what we do' statement to the beginning)
m (Added useful hyperlinks to the images)
Line 1: Line 1:
-
Secure Arc provide IDM & Security Architecture [[Consulting_Services|consulting services]].
+
<imagemap>
 +
Image:RiskMatrix-350px.png|right
-
[[Image:RiskMatrix-350px.png|right]]Very few organisations have the resources to achieve absolute security and when customers are involved there is typically more to be gained from usability with some margin for risk anyway.
+
rect 22 6 343 208 [[Threat_Model|Threat Modelling]]
 +
 
 +
desc none
 +
</imagemap>Secure Arc provide IDM & Security Architecture [[Consulting_Services|consulting services]].
 +
 
 +
Very few organisations have the resources to achieve absolute security and when customers are involved there is typically more to be gained from usability with some margin for risk anyway.
Security Architecture is all about weighing up the cost to secure vs the potential cost of a breach.
Security Architecture is all about weighing up the cost to secure vs the potential cost of a breach.
Line 12: Line 18:
The underlying principle simply requires the architect to “pick a box” for a node and then assess and abide by the rules associated with that decision. Where the rules can’t be adhered to, the associated threats should be identified and assessed.
The underlying principle simply requires the architect to “pick a box” for a node and then assess and abide by the rules associated with that decision. Where the rules can’t be adhered to, the associated threats should be identified and assessed.
 +
<imagemap>
 +
Image:ZoneModel-350.png|left
 +
 +
rect 37 5 347 248 [[Logical_Security_Zone_Pattern|Logical Zone Model]]
-
[[Image:ZoneModel-350.png|left]]The [[Logical_Security_Zone_Pattern|Logical Zone Model]] represents the server and network segmentation created in a typical enterprise architecture. The basic rules define what a node is allowed to communicate with, which can be summarised as “other nodes within the same or adjacent Zones.”
+
desc none
 +
</imagemap>The [[Logical_Security_Zone_Pattern|Logical Zone Model]] represents the server and network segmentation created in a typical enterprise architecture. The basic rules define what a node is allowed to communicate with, which can be summarised as “other nodes within the same or adjacent Zones.”
With this model adopted, it is relatively simple to identify where [[Information_Asset_Classification|Information Assets]] are transferred to and from and where they are stored. If it’s sensitive information, it should be stored in the right-most trusted Zone and the rest of the architecture should be designed to support that. If it must pass through the Staff Intranet (the Internally Uncontrolled Zone) it should be thoroughly protected from the associated [[Threat_Model|risks]] associated with such an exposure.
With this model adopted, it is relatively simple to identify where [[Information_Asset_Classification|Information Assets]] are transferred to and from and where they are stored. If it’s sensitive information, it should be stored in the right-most trusted Zone and the rest of the architecture should be designed to support that. If it must pass through the Staff Intranet (the Internally Uncontrolled Zone) it should be thoroughly protected from the associated [[Threat_Model|risks]] associated with such an exposure.
This model can be used to identify existing threats in your current architecture as well as provide guidance for new solutions. Both old and new solutions can co-exist and associated threats will be clearly visible and assessable.
This model can be used to identify existing threats in your current architecture as well as provide guidance for new solutions. Both old and new solutions can co-exist and associated threats will be clearly visible and assessable.

Revision as of 10:15, 25 September 2008

Threat Modelling
Secure Arc provide IDM & Security Architecture consulting services.

Very few organisations have the resources to achieve absolute security and when customers are involved there is typically more to be gained from usability with some margin for risk anyway.

Security Architecture is all about weighing up the cost to secure vs the potential cost of a breach.

The key is to identify what you need to protect, where it needs protecting, how much is at stake if it’s compromised and consequently how much you should spend on securing it to reduce the risk.

The processes required to thoroughly achieve this are exhaustive, time consuming and to a large extent require specialist assessment and input.

The Secure Arc Security Reference Architecture, while thorough, is built on a very simple model for laying out an enterprise architecture.

The underlying principle simply requires the architect to “pick a box” for a node and then assess and abide by the rules associated with that decision. Where the rules can’t be adhered to, the associated threats should be identified and assessed.

Logical Zone Model
The Logical Zone Model represents the server and network segmentation created in a typical enterprise architecture. The basic rules define what a node is allowed to communicate with, which can be summarised as “other nodes within the same or adjacent Zones.”

With this model adopted, it is relatively simple to identify where Information Assets are transferred to and from and where they are stored. If it’s sensitive information, it should be stored in the right-most trusted Zone and the rest of the architecture should be designed to support that. If it must pass through the Staff Intranet (the Internally Uncontrolled Zone) it should be thoroughly protected from the associated risks associated with such an exposure.

This model can be used to identify existing threats in your current architecture as well as provide guidance for new solutions. Both old and new solutions can co-exist and associated threats will be clearly visible and assessable.

Personal tools