The Secure Arc Reference Architecture

From The Secure Arc Wiki

(Difference between revisions)
Jump to: navigation, search
m (Formatted the category better)
Line 42: Line 42:
* [[The_Secure_Arc_Methodology |On to The Secure Arc Methodology]]
* [[The_Secure_Arc_Methodology |On to The Secure Arc Methodology]]
[[Category:Reference Architecturev.1.0]]
[[Category:Reference Architecture v.1.0]]

Revision as of 03:13, 28 May 2008

Secure Arc provide a basic conceptual framework aimed at helping to solve complex security architectural design and decision making issues. Refer to The Secure Arc Methodology to see how to leverage these concepts and tools as part of a typical software development life-cycle.

Each of the concepts making up the Secure Arc Framework are identified below.

Concept Description
Information Asset Classification Ultimately, the goal of a Security Reference Architecture is to protect the Assets of an organisation. The Information Asset Classification of these assets form the basis of what needs to be protected, how and to what level.
Security Principles Almost all aspects of the reference architecture are driven by the fundamental Security Principles.
Security Policies and Standards Most Security Policies and Standards that corporations need to adhere to are driven by these principles.
Design Patterns Design Patterns ultimately provide proven approaches for satisfying the Security Principles and consequently the associated Policies and Standards.
Logical Security Zone Model The Logical Security Zones provide an intuitive means of laying out an appropriately partitioned infrastructure based on the Levels of Trust and a concisely defined set of rules for how Nodes are allowed to communicate across Zones.
Threat Model By systematically identifying and classifying threats, we can clarify risk, and focus effort on the areas that need it most, with a goal to prevent loss.
Architectural Decisions The process of identifying and assessing the risk of potential threats to the Information Assets exposed in a system will ultimately result in a number of Architectural Decisions driven by the Value at Risk, the Level of Risk, the Cost of the Countermeasures proposed to mitigate those Risks and the Residual Risk remaining after the Countermeasures have been applied.


Personal tools