Suche senden
Hochladen
2010-02 Building Security Architecture Framework
•
3 gefällt mir
•
1,844 views
Raleigh ISSA
Folgen
2010-02 Building Security Architecture Framework by Mark Whitteker, Cisco
Weniger lesen
Mehr lesen
Technologie
Melden
Teilen
Melden
Teilen
1 von 47
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Security models for security architecture
Security models for security architecture
Vladimir Jirasek
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
Security architecture
Security architecture
Duncan Unwin
Introduction to International Standardization
Introduction to International Standardization
Kris Kimmerle
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
pk4
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
Jeff Johnson
iCode Security Architecture Framework
iCode Security Architecture Framework
Mohamed Ridha CHEBBI, CISSP
Empfohlen
Security models for security architecture
Security models for security architecture
Vladimir Jirasek
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
Security architecture
Security architecture
Duncan Unwin
Introduction to International Standardization
Introduction to International Standardization
Kris Kimmerle
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
Maganathin Veeraragaloo
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1
pk4
Security Patterns How To Make Security Arch Easy To Consume
Security Patterns How To Make Security Arch Easy To Consume
Jeff Johnson
iCode Security Architecture Framework
iCode Security Architecture Framework
Mohamed Ridha CHEBBI, CISSP
Security services mind map
Security services mind map
David Kennedy
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
rbrockway
Enterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
The Open Group SA
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
Open Access Systems Corporation
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0
Oscar Ferreira
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
Bill Ross
Evolution of Security Management
Evolution of Security Management
Christophe Briguet
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Cohesive Networks
Enterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
CMMC Certification
CMMC Certification
ControlCase
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Certification Europe
Enterprise Architecture and Information Security
Enterprise Architecture and Information Security
John Macasio
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
Maganathin Veeraragaloo
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
Urogynics do you exert and squirt
Urogynics do you exert and squirt
WomensHealthFan
Weitere ähnliche Inhalte
Was ist angesagt?
Security services mind map
Security services mind map
David Kennedy
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
rbrockway
Enterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
The Open Group SA
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
Open Access Systems Corporation
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0
Oscar Ferreira
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
Bill Ross
Evolution of Security Management
Evolution of Security Management
Christophe Briguet
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Tripwire
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Cohesive Networks
Enterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Tripwire
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
CMMC Certification
CMMC Certification
ControlCase
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Certification Europe
Enterprise Architecture and Information Security
Enterprise Architecture and Information Security
John Macasio
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
Maganathin Veeraragaloo
Was ist angesagt?
(20)
Security services mind map
Security services mind map
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
Enterprise Security Architecture
Enterprise Security Architecture
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITIL
Cybersecurity domains-map-3.0
Cybersecurity domains-map-3.0
Security architecture analyses brief 21 april 2015
Security architecture analyses brief 21 april 2015
Evolution of Security Management
Evolution of Security Management
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Enterprise Security Architecture Design
Enterprise Security Architecture Design
Achieving Effective IT Security with Continuous ISO 27001 Compliance
Achieving Effective IT Security with Continuous ISO 27001 Compliance
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
CMMC Certification
CMMC Certification
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Enterprise Architecture and Information Security
Enterprise Architecture and Information Security
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
Andere mochten auch
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
Urogynics do you exert and squirt
Urogynics do you exert and squirt
WomensHealthFan
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
AlienVault
Campus jueves
Campus jueves
campus party
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
CSCJournals
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Phil Agcaoili
Summary-ECSM_4edition
Summary-ECSM_4edition
Ralf Braga
Iso2700
Iso2700
madunix
схемы по политике кибербезопасности
схемы по политике кибербезопасности
Dmitry Sanatov
Chapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businesses
cyrusone
Data Center Security
Data Center Security
devalnaik
Data Center Security
Data Center Security
Cisco Canada
The Security Framework for Workflow Management Systems
The Security Framework for Workflow Management Systems
Swanky Hsiao
Andere mochten auch
(14)
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Urogynics do you exert and squirt
Urogynics do you exert and squirt
Whats New in OSSIM v2.2?
Whats New in OSSIM v2.2?
Campus jueves
Campus jueves
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Information Technology (IT) Security Framework for Kenyan Small and Medium En...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Cloud Security Alliance, Atlanta Chapter Meeting Q1 2012 - SSAE16 SOC 1 2 3 I...
Summary-ECSM_4edition
Summary-ECSM_4edition
Iso2700
Iso2700
схемы по политике кибербезопасности
схемы по политике кибербезопасности
Chapter 3: Information Security Framework
Chapter 3: Information Security Framework
Data Center Security: Always a Main Concern for Businesses
Data Center Security: Always a Main Concern for Businesses
Data Center Security
Data Center Security
Data Center Security
Data Center Security
The Security Framework for Workflow Management Systems
The Security Framework for Workflow Management Systems
Ähnlich wie 2010-02 Building Security Architecture Framework
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
ControlCase
Posecco clustering meeting
Posecco clustering meeting
fcleary
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
Industry 4.0 Security
Industry 4.0 Security
Duncan Purves
Presentacion nac
Presentacion nac
Adriana Cardona
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Cisco Canada
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
Priyanka Aash
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy
NetworkCollaborators
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
Mukesh Chinta
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
turveycharlyn
Iio t security std
Iio t security std
Plantconnectiot
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Yusuf Hadiwinata Sutandar
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smb
Lalit Choudhary
PSOIOT-1151.pdf
PSOIOT-1151.pdf
AlekseySolomin
Cyber-Security Certifications
Cyber-Security Certifications
Nithin Sai
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
AlgoSec
Ähnlich wie 2010-02 Building Security Architecture Framework
(20)
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
Posecco clustering meeting
Posecco clustering meeting
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
Industry 4.0 Security
Industry 4.0 Security
Presentacion nac
Presentacion nac
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
Cisco Connect 2018 Singapore - Cybersecurity strategy
Cisco Connect 2018 Singapore - Cybersecurity strategy
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
Cisco cybersecurity essentials chapter - 6
Cisco cybersecurity essentials chapter - 6
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Tonight, March 5th – Class 7 (last class) your test” on ICS.docx
Iio t security std
Iio t security std
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smb
PSOIOT-1151.pdf
PSOIOT-1151.pdf
Cyber-Security Certifications
Cyber-Security Certifications
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Build and enforce defense in depth - an algo sec-cisco tetration webinar
Mehr von Raleigh ISSA
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-9
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-8
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-7
Raleigh ISSA
Raleigh issa chapter updates-slides-2014-6
Raleigh issa chapter updates-slides-2014-6
Raleigh ISSA
Managing privileged account security
Managing privileged account security
Raleigh ISSA
A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh ISSA
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh ISSA
April 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slides
Raleigh ISSA
March 2014 B2B - Breaking into info sec
March 2014 B2B - Breaking into info sec
Raleigh ISSA
March 2014 Raleigh ISSA chapter update slides
March 2014 Raleigh ISSA chapter update slides
Raleigh ISSA
February 2014 Raleigh Chapter ISSA Board update slides
February 2014 Raleigh Chapter ISSA Board update slides
Raleigh ISSA
2014-01 Raleigh ISSA Chapter Updates January 2014
2014-01 Raleigh ISSA Chapter Updates January 2014
Raleigh ISSA
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Raleigh ISSA
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-11 Raleigh ISSA Chapter Updates November 2013
Raleigh ISSA
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
Raleigh ISSA
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
Raleigh ISSA
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
Raleigh ISSA
2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues
Raleigh ISSA
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-07 Raleigh ISSA Chapter Updates July 2013
Raleigh ISSA
2013-06 Raleigh ISSA Chapter Updates June 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
Raleigh ISSA
Mehr von Raleigh ISSA
(20)
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-9
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-8
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-7
Raleigh issa chapter updates-slides-2014-6
Raleigh issa chapter updates-slides-2014-6
Managing privileged account security
Managing privileged account security
A10 issa d do s 5-2014
A10 issa d do s 5-2014
Raleigh issa chapter april meeting - managing a security & privacy governan...
Raleigh issa chapter april meeting - managing a security & privacy governan...
April 2014 Raleigh ISSA chapter update slides
April 2014 Raleigh ISSA chapter update slides
March 2014 B2B - Breaking into info sec
March 2014 B2B - Breaking into info sec
March 2014 Raleigh ISSA chapter update slides
March 2014 Raleigh ISSA chapter update slides
February 2014 Raleigh Chapter ISSA Board update slides
February 2014 Raleigh Chapter ISSA Board update slides
2014-01 Raleigh ISSA Chapter Updates January 2014
2014-01 Raleigh ISSA Chapter Updates January 2014
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-11 Raleigh ISSA Chapter Updates November 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-10 Raleigh ISSA Chapter Updates October 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-09 Raleigh ISSA Chapter Updates September 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-08 Raleigh ISSA Chapter Updates August 2013
2013-07 How to Win with Customers - Keith Pigues
2013-07 How to Win with Customers - Keith Pigues
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-07 Raleigh ISSA Chapter Updates July 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
2013-06 Raleigh ISSA Chapter Updates June 2013
Kürzlich hochgeladen
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Hervé Boutemy
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Kürzlich hochgeladen
(20)
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
2010-02 Building Security Architecture Framework
1.
Building a Comprehensive
Security Architecture Framework Mark Whitteker, MSIA, CISSP Security Architect / Information Systems Security Officer Cisco Systems, Inc.
2.
Mark Whitteker, MSIA,
CISSP, GSNA, GCFA Security Architect and Information Systems Security Officer at Cisco Systems, Inc. 15+ years of experience in secure solutions development, systems and network auditing, forensic discovery, vulnerability assessments, and security management. Extensive background in the application of commercial and US government regulations and requirements Can be reached at: mwhittek@cisco.com http://www.linkedin.com/pub/mark-whitteker/3/480/68b © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
3.
Agenda The Problem
The Solution The Dirty Details Q&A © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
4.
Why do I
need a security framework? Here’s a house built on a planned framework… Framework Finished Product The result: an efficient and elegant home! © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
5.
Why do I
need a security framework? Here’s a house built without a planned framework… The result: I haven’t seen my wife and children in days! © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
6.
The Problem
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
7.
Problem Description Few
of us have the luxury of building our organization’s security architecture from the ground up Some security services already exist (hopefully) Your organization must comply with one or more industry standards ISO 27001/27002 NIST SP 800-53 SOX PCI You need to demonstrate to auditors your compliance with the resulting requirements © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
8.
Compliance with Requirements Can
you say “Checkbox Security”?!? Auditors validate that all the checkboxes are complete Security professionals know (or should know) that: Compliance != Security Security is achieved by understanding the organization’s risks and implementing mitigation steps to reduce them to within management’s tolerance level So how do you show auditors compliance with requirements while actually improving your security posture? © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
9.
If you keep
going how you’ve always gone, you’ll end up where you’ve always been. © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
10.
The Solution
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
11.
Bring it all
together! Map security services to industry standards through a comprehensive, end-to-end security framework Shows auditors how you are complying with industry standards Demonstrates to management the value of security services Industry Security Standards Services © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
12.
The Dirty Details
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential
13.
Comprehensive Framework Diagram
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
14.
Implementation Phases
Phase 3 Phase 1 Measure Define Success Requirements Rinse and Repeat Phase 2 Implement Requirements © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
15.
Phase 1 -
Define Requirements © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
16.
Industry Standards
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
17.
Industry Standards Build a
Requirements Crosswalk Matrix Most industry standards, while different, are based on the same security principles/requirements Determine where similarities exist and group them together Industry Standard A Password Complexity Requirement Organizational Password Complexity Requirement Industry Standard B Password Complexity Requirement © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
18.
Crosswalk Example –
Audit Logging Company must comply with ISO 27001/27002 A business unit within the company provides government services and must comply with NIST SP 800-53 (per FISMA) Crosswalk matrix developed to integrate both sets of requirements into a single framework ISO 27001 A.10.10.1 Organizational Audit Logging Requirements NIST SP 800-53 AU-1-5, 8, 11, 12 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
19.
Crosswalk Example –
Continued ISO 27001/27002 – A.10.10.1 Audit logs recording user activities, exceptions, and information security events should be produced and kept for an agreed period to assist in future investigations and access control monitoring. Includes a list of 12 relevant event types NIST SP 800-53 AU-1-AU-5, AU-8, AU-11, AU-12 Audit and Accountability Policy and Procedures, Auditable Events, Content of Audit Records, Audit Storage Capacity, Response to Audit Processing Failures, Time Stamps, Audit Record Retention, and Audit Generation © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
20.
Crosswalk Example –
Continued Organizational Audit Logging Requirements Combines requirements from both standards into a single set of organizational standards Where there are differences between the level of implementation/stringency, the most stringent requirement prevails Example: 3 year log retention vs. 5 year log retention Organizational Requirement – 5 year retention Where there are conflicts, the organization must determine which industry standard has precedence May require the involvement of the legal department © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
21.
Organizational Policies
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
22.
Organizational Policies Once
the organizational requirements have been determined, the organization must now develop security policies Developing policies and obtaining executive approval can be a cumbersome and time consuming process Keep policies high-level and solution agnostic Helps to ensure successful collaboration efforts among policy contributors Minimizes need to revisit policies as technology changes 2 year review cycle is usually sufficient Create as few policies as possible, but keep them domain specific © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
23.
Organizational Policies Example
Business Contract Security Cryptographic Acceptable Use Continuity and for Information Data Classification Controls Disaster Recovery Systems Information Information System Information Incident Data Protection Security Authorization and Systems Auditing Management Management Account and Testing Management Personnel Physical and Security IT Operations Security for Environmental Risk Management Compliance Security Information Security Management Systems Standardized System Security Policy Security Training User Identification Glossary – Development Architecture and Awareness and Authentication Taxonomy Lifecycle Security Source: Cisco’s Global Government Solutions Group – IT (GGSG-IT) © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
24.
Organizational Policies Example
(cont) NIST SP 800-53 ISO 27001/27002 SECURITY POLICY Rev 2 07.01.03, 11.02.03, 11.03.01, 11.03.02, 11.03.03 PL-4, PS-6 Acceptable Use 14.01.02, 14.01.03, 14.01.04, 14.01.05 CP-(1-10) Business Continuity and Disaster Recovery Plan 06.01.04, 06.02.03, 12.01, 12.05, 15.01.02 SA-(1,6,9) Contract Security for Information 12.03.01, 12.03.02, 15.01.06 IA-7, SC-(8,9,12,13) Cryptographic Controls 07.02, 07.02.01, 07.02.02, 10.07.03 AC-16, MP-3 Data Classification 06, 07.02.02, 09.01, 10, 11, 12, 15 MP-1, SC-(8,9), SI-(1,7) Data Protection 06.01.05, 06.01.06, 13.01.01, 13.01.02, 13.02 IR-(1-7) Incident Management 06.01.01, 06.01.02, 06.01.07, 06.01.08 PL-1 Information Security Management 06.02.01, 07.01.03, 08.02.01, 10.02, 10.10.03, Information System Authorization and Account AC-(1,2) 11.01.01, 11.04, 11.05, 11.06.02 Management AU-(1-11), RA-(3-5), SA 06.02.01, 07.01.01, 10.01.03, 10.10.05, 15.02, 15.03 (5,11), CA-(1,2) AC-5, IR-3, Information Systems Auditing & Testing CP-4, SI-6 © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
25.
Organizational Policies Example
(cont) NIST SP 800-53 ISO 27001/27002 SECURITY POLICY Rev 2 06.01.03, 10, 11, 12, 15 SC-1, SI-1 IT Operations Security 06.01.03, 06.01.05, 08.01, 08.02, 08.03, 13.01, 15.01, 15.02.01 PS-(1-8) Personnel Security for Information Systems 09.01, 09.02, 13.01.02, 14.01.03 PE-(1-17) Physical and Environmental Security 14.01.02, 08.02.02 RA-1 Risk Management AC-1, AT-1, AU-1, CA-1, 10.10.01, 10.10.02, 13.01.01, 13.02.03, CM-1, CP-1, RA-1, MA-1, 15.01, 15.02.01, 15.02.02 MP-1, IA-1, IR-1, PE-1, PL-1, Security Compliance Management PS-(1,7), SA-(1,9), SC-1, SI-1 05.01.01, 05.01.02 PL-1 Security Policy Architecture 05.01.02, 06.02.03, 08.02.02 AT-(1-4) Security Training and Awareness 07.01.02 , 07.02, 07.02.01 Appendix B Standardized Glossary - Taxonomy 10.01.04, 10.03.02, 10.07.04, 12.01.01, 12.04.02, 12.04.03, 12.05.01, 12.05.03 SA-(3,8,11) System Development Lifecycle Security 11.02, 11.04.02, 11.05.02 IA-(1,2) User Identification and Authentication © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
26.
Policy Standards
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
27.
Policy Standards Specific
technical implementation requirements should be defined in policy standards The policies themselves contain hyperlinks and/or references to associated policy standards Policy standards do not require review/approval by senior management Defined by organizational Subject Matter Experts (SMEs) Doesn’t require modification of the overarching policy Standards can be modified/updated as technology advances Should be reviewed by the SMEs at least yearly to ensure standards stay current with industry trends © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
28.
Policy Standards Example
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
29.
Policy Standards Example
Cryptographic Controls policy states: Purpose: This policy governs the use of cryptographic controls and key management to protect the confidentiality & integrity of Cisco GGSG information assets, as well as to support non-repudiation. References multiple policy standards such as: Full disk encryption Mail, file and folder encryption Public Key Infrastructure (PKI) More than one policy may apply when defining standards Data Protection policy also closely related to CC policy © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
30.
Policy Standards Reality
Check Often times there isn’t simply a 1:1 mapping between policies and standards In many cases multiple policies reference the same standards Cryptographic Controls Policy Data Acceptable Protection Use Policy Policy Email Encryption Standard © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
31.
Phase 2 -
Implement Requirements © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
32.
Policy Implementation Procedures
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
33.
Policy Implementation Procedures
While Policy Standards specify the technical implementation requirements necessary to comply with policies, Policy Implementation Procedures document the step-by-step instructions for implementing those standards They are: Specific Repeatable Thorough Validated Approved Assists in improving an organization’s CMM level © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
34.
Procedures Example Installing the
Secure Print Client (Windows XP): 1. Open Windows Explorer. 2. In the Address field, type (or cut & paste) Rtp-filer09awg-gggsg- appsPublishedSecure-Print and press <Enter>. 3. Double-click on the spxpinstall.bat script from the folder you just opened. 4. Enter your CEC credentials (if prompted). 5. Click Open (if prompted). 6. If necessary, click Yes on the Cisco Security Agent window to allow the script to run. 7. A command window will open and display the installation progress. 8. When the software is done installing, click OK. © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
35.
Security Services
© 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
36.
Security Services Security
Services is the most ambiguous area of the framework It can be very simple (1-3 services), or very complex (dozens of services), depending on the size and scope of your organization Don’t reinvent the wheel! There are existing industry sources that can be used as a baseline SSE-CMM: Secure Systems Engineering Capability Maturity Model NIST SP 800-35: Guide to Information Technology Security Services © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
37.
Security Services Example Systems
Security Engineering Capability Maturity Model Includes 11 security services: Administer Security Controls Assess Impact Assess Security Risks Assess Threats Assess Vulnerabilities Build Assurance Argument Coordinate Security Monitor Security Posture Provide Security Input Specify Security Needs Verify and Validate Security © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
38.
Security Services Example NIST
SP 800-35: Guide to Information Technology Security Services Includes 3 categories of services: Management, Operational and Technical Management Services Security Program, Security Policy, Risk Management, Security Architecture, Certification and Accreditation, and Security Evaluation of IT Projects Operational Services Contingency Planning, Incident Handling, Testing, and Training Technical Services Firewalls, Intrusion Detection/Prevention, and Public Key Infrastructure © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
39.
Phase 3 –
Measure Success © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
40.
Measure Success How
do you know if your security program is successful? © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
41.
Risk Assessments Perform
a risk assessment! There are 2 types of risk assessments: Qualitative A subjective assessment of the organization’s risk, typically achieved through personnel interviews and surveys. Quantitative A non-subjective assessment of the organization’s risk based on mathematical calculations using security metrics and monetary values of assets. Which one is right for your organization? © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
42.
Qualitative Risk Assessments
Pros Calculations are simple Not necessary to determine monetary value or threat frequency Not necessary to estimate cost of risk mitigation measures General indication of significant risks is provided Cons Subjective in both process and metrics Perception of asset/resource value may not reflect actual value No basis is provided for cost/benefit analysis Not possible to track risk management performance Although this method is very subjective in nature, it can be very beneficial when an organization is young and still maturing © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
43.
Quantitative Risk Assessments
Pros Based on independently objective processes and metrics Value of information expressed in monetary terms is better understood Credible basis for cost/benefit assessment is provided Risk management performance can be tracked and evaluated Results are derived and expressed in management’s language Cons Calculations are complex Not practical to execute without automated tool and associated knowledge bases A substantial amount of information must be gathered Appropriate once an organization has reached a higher level of maturity, and now requires an assessment against standardized, objective measures © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
44.
Other Items to
Consider Establish a Compliance Management Program Configuration Management Develop standard configurations Infrastructure Devices (network, hosts, etc.) Data (databases, NAS, SAN, etc.) Applications (web server, programming languages, protocols) Change Management Any proposed change to your production environment should be recorded, reviewed and approved by an SME from each domain: Security, Infrastructure, Data, Application, Operations, Support Release Management Any changes that impact, or could potentially impact, the availability of a production service, should be released at scheduled intervals: Weekly, Monthly, Quarterly, etc. © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
45.
Visual Representation • All
systems must Configuration comply with configuration Management management standards • All changes must be submitted and performed through change management Change Management • Those changes that impact the availability of production systems or Release Management services must be bundled into a scheduled release © 2010 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
46.
Q&A © 2010 Cisco
Systems, Inc. All rights reserved. Cisco Confidential
Jetzt herunterladen