Enviar pesquisa
Carregar
2010-02 Building Security Architecture Framework
•
3 gostaram
•
1,844 visualizações
Raleigh ISSA
Seguir
2010-02 Building Security Architecture Framework by Mark Whitteker, Cisco
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 47
Baixar agora
Baixar para ler offline
Recomendados
Security models for security architecture
Security models for security architecture
Vladimir Jirasek
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
Security architecture
Security architecture
Duncan Unwin
Introduction to International Standardization
Introduction to International Standardization
Kris Kimmerle
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
pk4
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
Jeff Johnson
iCode Security Architecture Framework
iCode Security Architecture Framework
Mohamed Ridha CHEBBI, CISSP
Recomendados
Security models for security architecture
Security models for security architecture
Vladimir Jirasek
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
Security architecture
Security architecture
Duncan Unwin
Introduction to International Standardization
Introduction to International Standardization
Kris Kimmerle
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
pk4
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
Jeff Johnson
iCode Security Architecture Framework
iCode Security Architecture Framework
Mohamed Ridha CHEBBI, CISSP
Security services mind map
Security services mind map
David Kennedy
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
rbrockway
Enterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
The Open Group SA
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
Open Access Systems Corporation
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0
Oscar Ferreira
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
Bill Ross
Evolution of Security Management
Evolution of Security Management
Christophe Briguet
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Cohesive Networks
Enterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
CMMC Certification
CMMC Certification
ControlCase
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Certification Europe
Enterprise Architecture and Information Security
Enterprise Architecture and Information Security
John Macasio
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
Maganathin Veeraragaloo
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
Urogynics do you exert and squirt
Urogynics do you exert and squirt
WomensHealthFan
Mais conteúdo relacionado
Mais procurados
Security services mind map
Security services mind map
David Kennedy
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
rbrockway
Enterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
The Open Group SA
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
Open Access Systems Corporation
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0
Oscar Ferreira
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
Bill Ross
Evolution of Security Management
Evolution of Security Management
Christophe Briguet
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Cohesive Networks
Enterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
CMMC Certification
CMMC Certification
ControlCase
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Certification Europe
Enterprise Architecture and Information Security
Enterprise Architecture and Information Security
John Macasio
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
Maganathin Veeraragaloo
Mais procurados
(20)
Security services mind map
Security services mind map
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
Enterprise Security Architecture
Enterprise Security Architecture
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
Evolution of Security Management
Evolution of Security Management
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Enterprise Security Architecture Design
Enterprise Security Architecture Design
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
CMMC Certification
CMMC Certification
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Enterprise Architecture and Information Security
Enterprise Architecture and Information Security
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
Destaque
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
Urogynics do you exert and squirt
Urogynics do you exert and squirt
WomensHealthFan
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
AlienVault
Campus jueves
Campus jueves
campus party
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
CSCJournals
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Phil Agcaoili
Summary-ECSM_4edition
Summary-ECSM_4edition
Ralf Braga
Iso2700
Iso2700
madunix
схемы по политике кибербезопасности
схемы по политике кибербезопасности
Dmitry Sanatov
Chapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businesses
cyrusone
Data Center Security
Data Center Security
devalnaik
Data Center Security
Data Center Security
Cisco Canada
The Security Framework for Workflow Management Systems
The Security Framework for Workflow Management Systems
Swanky Hsiao
Destaque
(14)
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Urogynics do you exert and squirt
Urogynics do you exert and squirt
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
Campus jueves
Campus jueves
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Summary-ECSM_4edition
Summary-ECSM_4edition
Iso2700
Iso2700
схемы по политике кибербезопасности
схемы по политике кибербезопасности
Chapter 3: Information Security Framework
Chapter 3: Information Security Framework
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businesses
Data Center Security
Data Center Security
Data Center Security
Data Center Security
The Security Framework for Workflow Management Systems
The Security Framework for Workflow Management Systems
Semelhante a 2010-02 Building Security Architecture Framework
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
ControlCase
Posecco clustering meeting
Posecco clustering meeting
fcleary
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
Industry 4.0 Security
Industry 4.0 Security
Duncan Purves
Presentacion nac
Presentacion nac
Adriana Cardona
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Cisco Canada
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
Priyanka Aash
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy
NetworkCollaborators
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
Mukesh Chinta
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
turveycharlyn
Iio t security std
Iio t security std
Plantconnectiot
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Yusuf Hadiwinata Sutandar
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smb
Lalit Choudhary
PSOIOT-1151.pdf
PSOIOT-1151.pdf
AlekseySolomin
Cyber-Security Certifications
Cyber-Security Certifications
Nithin Sai
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
AlgoSec
Semelhante a 2010-02 Building Security Architecture Framework
(20)
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
Posecco clustering meeting
Posecco clustering meeting
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
Industry 4.0 Security
Industry 4.0 Security
Presentacion nac
Presentacion nac
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Iio t security std
Iio t security std
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smb
PSOIOT-1151.pdf
PSOIOT-1151.pdf
Cyber-Security Certifications
Cyber-Security Certifications
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Mais de Raleigh ISSA
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-9
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-8
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-7
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-6
Raleigh issa chapter updates-slides-2014-6
Raleigh ISSA
Managing privileged account security
Managing privileged account security
Raleigh ISSA
A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh ISSA
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh ISSA
April 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slides
Raleigh ISSA
March 2014 B2B - Breaking into info sec
March 2014 B2B - Breaking into info sec
Raleigh ISSA
March 2014 Raleigh ISSA chapter update slides
March 2014 Raleigh ISSA chapter update slides
Raleigh ISSA
February 2014 Raleigh Chapter ISSA Board update slides
February 2014 Raleigh Chapter ISSA Board update slides
Raleigh ISSA
2014-01 Raleigh ISSA Chapter Updates January 2014
2014-01 Raleigh ISSA Chapter Updates January 2014
Raleigh ISSA
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Raleigh ISSA
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-11 Raleigh ISSA Chapter Updates November 2013
Raleigh ISSA
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
Raleigh ISSA
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
Raleigh ISSA
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
Raleigh ISSA
2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues
Raleigh ISSA
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-07 Raleigh ISSA Chapter Updates July 2013
Raleigh ISSA
2013-06 Raleigh ISSA Chapter Updates June 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
Raleigh ISSA
Mais de Raleigh ISSA
(20)
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-6
Raleigh issa chapter updates-slides-2014-6
Managing privileged account security
Managing privileged account security
A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
April 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slides
March 2014 B2B - Breaking into info sec
March 2014 B2B - Breaking into info sec
March 2014 Raleigh ISSA chapter update slides
March 2014 Raleigh ISSA chapter update slides
February 2014 Raleigh Chapter ISSA Board update slides
February 2014 Raleigh Chapter ISSA Board update slides
2014-01 Raleigh ISSA Chapter Updates January 2014
2014-01 Raleigh ISSA Chapter Updates January 2014
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
Último
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
gurkirankumar98700
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
BookNet Canada
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
Último
(20)
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
2010-02 Building Security Architecture Framework
1.
Building a Comprehensive
Security Architecture Framework Mark Whitteker, MSIA, CISSP Security Architect / Information Systems Security Officer Cisco Systems, Inc.
2.
Mark Whitteker, MSIA,
CISSP, GSNA, GCFA Security Architect and Information Systems Security Officer at Cisco Systems, Inc. 15+ years of experience in secure solutions development, systems and network auditing, forensic discovery, vulnerability assessments, and security management. Extensive background in the application of commercial and US government regulations and requirements Can be reached at: mwhittek@cisco.com http://www.linkedin.com/pub/mark-whitteker/3/480/68b © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
3.
Agenda The Problem
The Solution The Dirty Details Q&A © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
4.
Why do I
need a security framework? Here’s a house built on a planned framework… Framework Finished Product The result: an efficient and elegant home! © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
5.
Why do I
need a security framework? Here’s a house built without a planned framework… The result: I haven’t seen my wife and children in days! © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
6.
The Problem
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
7.
Problem Description Few
of us have the luxury of building our organization’s security architecture from the ground up Some security services already exist (hopefully) Your organization must comply with one or more industry standards ISO 27001/27002 NIST SP 800-53 SOX PCI You need to demonstrate to auditors your compliance with the resulting requirements © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
8.
Compliance with Requirements Can
you say “Checkbox Security”?!? Auditors validate that all the checkboxes are complete Security professionals know (or should know) that: Compliance != Security Security is achieved by understanding the organization’s risks and implementing mitigation steps to reduce them to within management’s tolerance level So how do you show auditors compliance with requirements while actually improving your security posture? © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
9.
If you keep
going how you’ve always gone, you’ll end up where you’ve always been. © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
10.
The Solution
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
11.
Bring it all
together! Map security services to industry standards through a comprehensive, end-to-end security framework Shows auditors how you are complying with industry standards Demonstrates to management the value of security services Industry Security Standards Services © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
12.
The Dirty Details
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
13.
Comprehensive Framework Diagram
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
14.
Implementation Phases
Phase 3 Phase 1 Measure Define Success Requirements Rinse and Repeat Phase 2 Implement Requirements © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
15.
Phase 1 -
Define Requirements © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
16.
Industry Standards
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
17.
Industry Standards Build a
Requirements Crosswalk Matrix Most industry standards, while different, are based on the same security principles/requirements Determine where similarities exist and group them together Industry Standard A Password Complexity Requirement Organizational Password Complexity Requirement Industry Standard B Password Complexity Requirement © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
18.
Crosswalk Example –
Audit Logging Company must comply with ISO 27001/27002 A business unit within the company provides government services and must comply with NIST SP 800-53 (per FISMA) Crosswalk matrix developed to integrate both sets of requirements into a single framework ISO 27001 A.10.10.1 Organizational Audit Logging Requirements NIST SP 800-53 AU-1-5, 8, 11, 12 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
19.
Crosswalk Example –
Continued ISO 27001/27002 – A.10.10.1 Audit logs recording user activities, exceptions, and information security events should be produced and kept for an agreed period to assist in future investigations and access control monitoring. Includes a list of 12 relevant event types NIST SP 800-53 AU-1-AU-5, AU-8, AU-11, AU-12 Audit and Accountability Policy and Procedures, Auditable Events, Content of Audit Records, Audit Storage Capacity, Response to Audit Processing Failures, Time Stamps, Audit Record Retention, and Audit Generation © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
20.
Crosswalk Example –
Continued Organizational Audit Logging Requirements Combines requirements from both standards into a single set of organizational standards Where there are differences between the level of implementation/stringency, the most stringent requirement prevails Example: 3 year log retention vs. 5 year log retention Organizational Requirement – 5 year retention Where there are conflicts, the organization must determine which industry standard has precedence May require the involvement of the legal department © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
21.
Organizational Policies
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
22.
Organizational Policies Once
the organizational requirements have been determined, the organization must now develop security policies Developing policies and obtaining executive approval can be a cumbersome and time consuming process Keep policies high-level and solution agnostic Helps to ensure successful collaboration efforts among policy contributors Minimizes need to revisit policies as technology changes 2 year review cycle is usually sufficient Create as few policies as possible, but keep them domain specific © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
23.
Organizational Policies Example
Business Contract Security Cryptographic Acceptable Use Continuity and for Information Data Classification Controls Disaster Recovery Systems Information Information System Information Incident Data Protection Security Authorization and Systems Auditing Management Management Account and Testing Management Personnel Physical and Security IT Operations Security for Environmental Risk Management Compliance Security Information Security Management Systems Standardized System Security Policy Security Training User Identification Glossary – Development Architecture and Awareness and Authentication Taxonomy Lifecycle Security Source: Cisco’s Global Government Solutions Group – IT (GGSG-IT) © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
24.
Organizational Policies Example
(cont) NIST SP 800-53 ISO 27001/27002 SECURITY POLICY Rev 2 07.01.03, 11.02.03, 11.03.01, 11.03.02, 11.03.03 PL-4, PS-6 Acceptable Use 14.01.02, 14.01.03, 14.01.04, 14.01.05 CP-(1-10) Business Continuity and Disaster Recovery Plan 06.01.04, 06.02.03, 12.01, 12.05, 15.01.02 SA-(1,6,9) Contract Security for Information 12.03.01, 12.03.02, 15.01.06 IA-7, SC-(8,9,12,13) Cryptographic Controls 07.02, 07.02.01, 07.02.02, 10.07.03 AC-16, MP-3 Data Classification 06, 07.02.02, 09.01, 10, 11, 12, 15 MP-1, SC-(8,9), SI-(1,7) Data Protection 06.01.05, 06.01.06, 13.01.01, 13.01.02, 13.02 IR-(1-7) Incident Management 06.01.01, 06.01.02, 06.01.07, 06.01.08 PL-1 Information Security Management 06.02.01, 07.01.03, 08.02.01, 10.02, 10.10.03, Information System Authorization and Account AC-(1,2) 11.01.01, 11.04, 11.05, 11.06.02 Management AU-(1-11), RA-(3-5), SA 06.02.01, 07.01.01, 10.01.03, 10.10.05, 15.02, 15.03 (5,11), CA-(1,2) AC-5, IR-3, Information Systems Auditing & Testing CP-4, SI-6 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
25.
Organizational Policies Example
(cont) NIST SP 800-53 ISO 27001/27002 SECURITY POLICY Rev 2 06.01.03, 10, 11, 12, 15 SC-1, SI-1 IT Operations Security 06.01.03, 06.01.05, 08.01, 08.02, 08.03, 13.01, 15.01, 15.02.01 PS-(1-8) Personnel Security for Information Systems 09.01, 09.02, 13.01.02, 14.01.03 PE-(1-17) Physical and Environmental Security 14.01.02, 08.02.02 RA-1 Risk Management AC-1, AT-1, AU-1, CA-1, 10.10.01, 10.10.02, 13.01.01, 13.02.03, CM-1, CP-1, RA-1, MA-1, 15.01, 15.02.01, 15.02.02 MP-1, IA-1, IR-1, PE-1, PL-1, Security Compliance Management PS-(1,7), SA-(1,9), SC-1, SI-1 05.01.01, 05.01.02 PL-1 Security Policy Architecture 05.01.02, 06.02.03, 08.02.02 AT-(1-4) Security Training and Awareness 07.01.02 , 07.02, 07.02.01 Appendix B Standardized Glossary - Taxonomy 10.01.04, 10.03.02, 10.07.04, 12.01.01, 12.04.02, 12.04.03, 12.05.01, 12.05.03 SA-(3,8,11) System Development Lifecycle Security 11.02, 11.04.02, 11.05.02 IA-(1,2) User Identification and Authentication © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
26.
Policy Standards
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
27.
Policy Standards Specific
technical implementation requirements should be defined in policy standards The policies themselves contain hyperlinks and/or references to associated policy standards Policy standards do not require review/approval by senior management Defined by organizational Subject Matter Experts (SMEs) Doesn’t require modification of the overarching policy Standards can be modified/updated as technology advances Should be reviewed by the SMEs at least yearly to ensure standards stay current with industry trends © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
28.
Policy Standards Example
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
29.
Policy Standards Example
Cryptographic Controls policy states: Purpose: This policy governs the use of cryptographic controls and key management to protect the confidentiality & integrity of Cisco GGSG information assets, as well as to support non-repudiation. References multiple policy standards such as: Full disk encryption Mail, file and folder encryption Public Key Infrastructure (PKI) More than one policy may apply when defining standards Data Protection policy also closely related to CC policy © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
30.
Policy Standards Reality
Check Often times there isn’t simply a 1:1 mapping between policies and standards In many cases multiple policies reference the same standards Cryptographic Controls Policy Data Acceptable Protection Use Policy Policy Email Encryption Standard © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
31.
Phase 2 -
Implement Requirements © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
32.
Policy Implementation Procedures
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
33.
Policy Implementation Procedures
While Policy Standards specify the technical implementation requirements necessary to comply with policies, Policy Implementation Procedures document the step-by-step instructions for implementing those standards They are: Specific Repeatable Thorough Validated Approved Assists in improving an organization’s CMM level © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
34.
Procedures Example Installing the
Secure Print Client (Windows XP): 1. Open Windows Explorer. 2. In the Address field, type (or cut & paste) Rtp-filer09awg-gggsg- appsPublishedSecure-Print and press <Enter>. 3. Double-click on the spxpinstall.bat script from the folder you just opened. 4. Enter your CEC credentials (if prompted). 5. Click Open (if prompted). 6. If necessary, click Yes on the Cisco Security Agent window to allow the script to run. 7. A command window will open and display the installation progress. 8. When the software is done installing, click OK. © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
35.
Security Services
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
36.
Security Services Security
Services is the most ambiguous area of the framework It can be very simple (1-3 services), or very complex (dozens of services), depending on the size and scope of your organization Don’t reinvent the wheel! There are existing industry sources that can be used as a baseline SSE-CMM: Secure Systems Engineering Capability Maturity Model NIST SP 800-35: Guide to Information Technology Security Services © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
37.
Security Services Example Systems
Security Engineering Capability Maturity Model Includes 11 security services: Administer Security Controls Assess Impact Assess Security Risks Assess Threats Assess Vulnerabilities Build Assurance Argument Coordinate Security Monitor Security Posture Provide Security Input Specify Security Needs Verify and Validate Security © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
38.
Security Services Example NIST
SP 800-35: Guide to Information Technology Security Services Includes 3 categories of services: Management, Operational and Technical Management Services Security Program, Security Policy, Risk Management, Security Architecture, Certification and Accreditation, and Security Evaluation of IT Projects Operational Services Contingency Planning, Incident Handling, Testing, and Training Technical Services Firewalls, Intrusion Detection/Prevention, and Public Key Infrastructure © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
39.
Phase 3 –
Measure Success © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
40.
Measure Success How
do you know if your security program is successful? © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
41.
Risk Assessments Perform
a risk assessment! There are 2 types of risk assessments: Qualitative A subjective assessment of the organization’s risk, typically achieved through personnel interviews and surveys. Quantitative A non-subjective assessment of the organization’s risk based on mathematical calculations using security metrics and monetary values of assets. Which one is right for your organization? © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
42.
Qualitative Risk Assessments
Pros Calculations are simple Not necessary to determine monetary value or threat frequency Not necessary to estimate cost of risk mitigation measures General indication of significant risks is provided Cons Subjective in both process and metrics Perception of asset/resource value may not reflect actual value No basis is provided for cost/benefit analysis Not possible to track risk management performance Although this method is very subjective in nature, it can be very beneficial when an organization is young and still maturing © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
43.
Quantitative Risk Assessments
Pros Based on independently objective processes and metrics Value of information expressed in monetary terms is better understood Credible basis for cost/benefit assessment is provided Risk management performance can be tracked and evaluated Results are derived and expressed in management’s language Cons Calculations are complex Not practical to execute without automated tool and associated knowledge bases A substantial amount of information must be gathered Appropriate once an organization has reached a higher level of maturity, and now requires an assessment against standardized, objective measures © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
44.
Other Items to
Consider Establish a Compliance Management Program Configuration Management Develop standard configurations Infrastructure Devices (network, hosts, etc.) Data (databases, NAS, SAN, etc.) Applications (web server, programming languages, protocols) Change Management Any proposed change to your production environment should be recorded, reviewed and approved by an SME from each domain: Security, Infrastructure, Data, Application, Operations, Support Release Management Any changes that impact, or could potentially impact, the availability of a production service, should be released at scheduled intervals: Weekly, Monthly, Quarterly, etc. © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
45.
Visual Representation • All
systems must Configuration comply with configuration Management management standards • All changes must be submitted and performed through change management Change Management • Those changes that impact the availability of production systems or Release Management services must be bundled into a scheduled release © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
46.
Q&A © 2010 Cisco
Systems, Inc. All rights reserved. Cisco Confidential
Baixar agora