User:AlexMazaltov/Enterprise Security Architecture

Goal of ESA
It represents a simple, long-term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a flexible approach to current and future threats, and also the needs of core functions.

Lifecycle for developing security architecture (LDSA)
A holistic lifecycle for developing security architecture (LDSA) that begins with assessing business requirements and subsequently creating a ‘chain of traceability’ through phases of strategy, concept, design, implementation, and metrics.

Frameworks related to `LDSA`

 * 1) Zachman
 * 2) Sherwood Applied Business Security Architecture ( SABSA )
 * 3) NZISM Protective Security Requirements (PSR)
 * 4) The Open Group Architecture Framework (TOGAF)

How to capture detailed security requirements
The following can be used to capture detailed security requirements:


 * 1) Threat modeling, covert channels, and data classification.
 * 2) Data classification, risk assessments, and covert channels.
 * 3) Risk assessments, covert channels, and threat modeling.
 * 4) Threat modeling, data classification, and risk assessments.

Whereas according to OWASP, «Threat modeling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value.»

Internationally recognized security standards
The following security standards are internationally recognized for sound security practices:


 * 1) ISO 15408
 * 2) ISO 27018
 * 3) ISO 12207
 * 4) ISO 25010
 * 5) ISO 31000
 * 6) ISO 27001
 * 7) ISO 27036-2

The standard ISO 31000 is focused on the standardization and certification of an organization's Information Security Management System (ISMS).

Some properties used in ISMS

 * 1) Simple property
 * 2) (star) property
 * 3) Invocation property
 * 4) Invocation property is unique to the Biba Integrity Model.
 * 5) Strong * (star) property

__________________________________________________

Certified Information Systems Security Professional (CISSP). 