Security review using SABSA
-
Upload
maganathin-veeraragaloo -
Category
Documents
-
view
145 -
download
16
description
Transcript of Security review using SABSA
1
2
3
4
5
a
6
7
8
9 Physical Architecture
Attribute - Opportunities and Enablement
Contextual Architecture
Conceptual Architecture
Logical Architecture
Security Threat
Index - Security Review (Generic)
Business Drivers
Business Attributes
Attribute Profile
Attribute - Risks and Controls
Index - Security Review (Generic)
Driver # Business Drivers
BD1
BD2
BD3
BD4
BD5
BD6
BD7
BD8
BD9
BD10
BD11
BD12
BD13
BD14
BD15
BD16
Business Drivers
Protecting the reputation of the Organization, ensuring that it is perceived as competent in
its sector
Preventing losses through financial fraud
Providing the ability to prosecute those who attempt to defraud the Organization
Providing support to the claims made by the Organization about its competence to carry out
its intended functions
Protecting the trust that exists in business relationships and propagating that trust across
remote electronic business communications links and distributed information systems
Maintaining the confidence of other key parties in their relationships with the Organization
Maintaining the operational capability of the Organization’s systems
Maintaining the continuity of service delivery, including the ability to meet the requirements
of service level agreements where these exist
Maintaining the accuracy of information
Maintaining the ability to govern
Detecting attempted financial fraud
Providing and maintaining the ability to ensure that the solutions provided for securing
electronic business services provide a clear and unambiguous definition of responsibilities
and liabilities for all parties at every stage of the transaction.
Providing and maintaining the ability to resolve disputes between the Organization and any
other parties, quickly, efficiently and with minimum cost
Ensuring that information processed in the Organization’s systems can be brought to a court
of law as evidence in support of both criminal and civil proceedings and that the court will
admit the evidence, and that the evidence will withstand hostile criticism by the other side’s
expert witnesses
Ensuring that the information security approaches used in the systems directly support
compliance by the Organization with commercial contracts to which the Organization is a
party
Ensuring that the Organization is at all times compliant with the laws and sectoral
regulations, and that the information security approach in the systems directly and indirectly
supports legal compliance
BD17
BD18
BD19
BD20
BD21
BD22
BD23
BD24
BD25
BD26
BD27
BD28
BD29
BD30
BD31
BD32
BD33
BD34
BD35
BD36
Maintaining the privacy of personal and business information that is stored, processed and
communicated by the Organization’s systems
Protecting against the deliberate, accidental or negligent corruption of personal and
business information that is stored, processed and communicated by the systems
Ensuring that an entity that makes a business transaction cannot later deny having made the
transaction, and that the entity will be bound by the contractual obligations associated with
making the transaction
Ensuring that all users can be held accountable for the actions that they take in making use
of their access privileges
Ensuring that access privileges are designed and implemented in such a way as to minimize
the risk of a single individual having excessive power that could be abused without easily
being detected
Providing a means by which the Organization can monitor compliance with its various
information security policies and can detect, investigate and remedy any attempted
violations of those policies
Providing assurance of the correct functioning of the Organization’s systems and sub-
systems
Providing for the setting of policy and the control and monitoring of compliance with policy
by the authorities vested with responsibility for corporate governance in the system
environment
Protecting other parties with whom the Organization has business dealings from abuse, loss
of business or personal information
Ensuring that employees using the system are only granted authorized access within need to
know and need to use privileges
Ensuring the system security solution is cost effective and provides good value for money
Ensuring that the security of the Organization’s information is dependent only upon its
system security measures and not on the security competence of any other organization
Ensuring that the granularity of system security services is appropriate to business need
Preserving the ability of authorized business users to maintain a high level of productivity
Ensuring that information security interfaces are easy and simple to use
Utilizing, where possible, commercial- off-the- shelf products to build information security
solutionsEnsuring that security services can be extended to all user locations, to all interface types
and across all network types that will be used to support delivery
Maximize the economic advantage of the Enterprise Security Architecture
Security services to be supported through electronic communications, without the need for
physical transfer of documents or storage media.System security solutions should as far as possible comply with internal and external
standards and best practices
BD37
BD38
BD39
BD40
BD41
BD42
BD43
Ensure that the required internal and external cultural shift is achieved to support the
Security Architecture
Ensuring accurate information is available when needed
Minimise the risk of loss of key customer relationships
Minimize the risk of excessive loading on insurance premiums due to negligence on the
Organization’s behalf or lack of due diligence
The Security Architecture should be independent of any specific vendor or product, and
should be capable of supporting multiple products from multiple vendors
The Security Architecture must remain compatible with new technical solutions as these
evolve and become available, and with new business requirements as these emerge, with a
minimum of redesign
The Security Architecture must be able to be adapted to counter new threats and
vulnerabilities as they are discovered
Business
Attribute
Accessible
Accurate
Anonymous
Consistent
Business Attribute Definition Suggested Measurement Approach Metric Type
Soft
Information to which the user is entitled to gain
access should be easily found and accessed by
that user.
The information provided to users should be
accurate within a range that has been preagreed
upon as being applicable to the service being
delivered.
Acceptance testing on key data to demonstrate compliance
with design rules
For certain specialized types of service, the
anonymity of the user should be protected.
Hard
Soft
User Attributes
Soft
Hard
Conformance with design style guides Red team review
Business Attributes
Search tree depth necessary to find the information
Rigorous proof of system functionality
Red team review
The way in which log-in, navigation, and target
services are presented to the user should be
consistent across different times, locations, and
channels of access.
Business Attributes
User Attributes Management
Attributes Risk Management
Attributes Legal/Regulatory
Attributes Technical Strategy
Attributes Operational Attributes
Business Strategy Attributes
Current
Duty
Segregated
Educated and
Aware
Informed
Motivated
Protected
Reliable
Responsive
Supported
A definition of “quality” is needed against which to compare.
When a user has problems or difficulties in using
the system or its services, there should be a
means by which the user can receive advice and
support so that the problems an be resolved to
the satisfaction of the user.
Focus groups or satisfaction surveys. Independent audit and
review against Security Architecture Capability Maturity Model.
Soft
Soft
Hard
Soft
Soft
For certain sensitive tasks, the segregated duties
should be segregated so that no user has access
to both aspects of the task.
Functional testing
The user community should be educated and
aware and trained so that they can embrace the
security culture There should be sufficient user
awareness of security issues so that behavior of
users is compliant with security policies.
Competence surveys
The user should be kept fully informed about
services, operating procedures, operational
schedules, planned outages, and so on.
Focus groups or satisfaction surveys
The interaction with the system should add
positive motivation to the user to complete the
business tasks at hand.
Focus groups or satisfaction surveys
The user’s information and access privileges
should be protected against abuse by other users
or by intruders.
The users obtain a response within a satisfactory
period of time that meets their expectations.
The services provided to the user should be
delivered at a reliable level of quality.
Information provided to users should be current
and kept up to date, within a range that has been
preagreed upon as being applicable for the
service being delivered.
Refresh rates at the data source and replication of source and
replication of refreshed data to the destination.Hard
Hard
Soft
Soft
Penetration test. (Could access privileges should be be regarded
as “hard,” but only if a penetration is achieved. Failure to
penetrate does not mean that penetration is impossible.)
Response time
Timely
Transparent
Usable
Automated
Change-
Managed
Controlled
Soft
Soft
Wherever possible (and depending upon
cost/benefit factors) the management and
operation of the system should be automated.
Changes to the system should be properly
managed so that the impact of every change is
evaluated and the changes are approved in
advance of being implemented
The system should at all times remain in the
control of its managers. This means that the
management will observe the operation and
behaviour of the system, will make decisions
about how to control it based on these
observations, and will implement actions to exert
that control.
SoftIndependent design review
Documented change management system, with change
management history, evaluated by history, evaluated by
independent audit
Independent audit and review against Security Architecture
Capability Maturity Model
Information is delivered or made accessible to
the user at the appropriate time or within the
appropriate time period.
The system should provide easy-to-use
interfaces that can be navigated intuitively by a
user of average intelligence and training level
(for the given system). The user’s experience of
these interactions should be at best interesting
and at worst neutral.
Refresh rates at the data source and replication of refreshed
data to the
destination.
Numbers of “clicks” or keystrokes required. Conformance with
industry standards, e.g., color palettes. Feedback from focus
groups.
Providing full visibility to the user of the logical
process but hiding the physical structure of the
system (as a url hides the
actual physical locations of Web servers).
Focus groups or satisfaction surveys. Independent audit and
review against Security Architecture Capability Maturity Model
Hard
Soft
Soft
Management Attributes
Cost Effective
Efficient
Maintanable
Measured
Supportable
Access
Controlled
Accountable
Access to information and functions within the
system should be controlled in accordance with
the authorized privileges of the party requesting
the access. Unauthorized access should be
prevented.
All parties having authorized access to the
system should be held accountable for their
actions.
Reporting of all unauthorised access attempts, including
number of incidents per period, severity, and result (did the
access attempt succeed?)
Hard
Independent audit and review against Security Architecture
Capability
Maturity Model† with respect to the ability to hold accountable
Soft
Hard
Risk Management Attributes
A target efficiency ratio based on (Input value)/(Output value)
Documented execution of a preventive maintenance schedule
for both hardware and software, correlated against targets for
continuity of service, such as mean time between failures
(MTBF)
Documented tracking and reporting of a portfolio of
conventional system performance parameters, together with
other attributes from this list Fault-tracking system providing measurements of MTBF, MTTR
(mean time to repair), and maximum time to repair, with
targets for each parameter
Hard
Hard
Soft
Hard
The system should capable of being maintained
in a state of ¬good repair and effective, efficient
operation. The actions required to achieve this
should be feasible within the normal operational
The system should be capable of being
supported in terms of both the users and the
operations staff, so that all types of problems
and operational difficulties can be resolved.
Individual budgets for the phases of development and for on-
going operation, maintenance and support
The performance of the system should be
measured against a variety of desirable
performance targets so as to provide feedback
The design, acquisition, implementation, and
operation of the system should be achieved at a
cost that the business finds acceptable when
judged against acceptable when judged against
the benefits derived.
The system should deliver the target services
with optimum efficiency, avoiding wastage of
resources.
Assurable
Assuring
Honesty
Auditable
Authenticate
d
Authorised
Capturing
New Risk
The system should allow only those actions that
have been explicitly authorized.
New risks emerge over time. The system
management and operational environment
should provide a means to identify and assess
new risks (new threats, new impacts, or new
vulnerabilities).
There should be a means to provide assurance
that the system is operating as expected and that
all of the various controls are correctly
implemented and operated.
Protecting employees against false accusations
of dishonesty or malpractice.
Every party claiming a unique identity (i.e., a
claimant) should be subject to a procedure that
verifies that the party is indeed the authentic
owner of the claimed identity.
Reporting of all unauthorized actions, including number of
incidents per period, severity, and result (did the action
succeed?)
Independent audit and review against Security Architecture
Capability Maturity Model† with respect to the ability to detect
Hard
Soft
Percentage of vendor published patches and upgrades actually
installed
Independent audit and review against Security Architecture
Capability Maturity Model of a documented risk assessment
process and a risk assessment history
Hard
Soft
Hard
Soft
Independent audit and review against Security Architecture
Capability Maturity Model with respect to the ability to prevent
false accusations that are difficult to repudiate
Soft
Independent audit and review against Security Architecture
Capability Maturity Model
Documented target configuration exists under change control
with a capability to check current configuration against this
target
Independent audit and review against Security Architecture
Capability Maturity Model
Soft
Hard
Soft
Independent audit and review against Security Architecture
Capability Maturity Model with respect to the ability to
authenticate successfully every claim of identity
Soft
Documented standards exist against which to audit
Independent audit and review against Security Architecture
Capability
Maturity Model
The actions of all parties having authorized
access to the system, and the complete chain of
events and outcomes resulting from these
actions, should be recorded so that this history
can be reviewed.
The audit records should provide an appropriate
level of detail, in accordance with business
needs.
The actual configuration of the system should
Confidential
Crime Free
Flexibly
Secure
Identified
Independentl
y Secure
In our Sole
Posession
Cyber-crime of all types should be prevented.
Each entity that will be granted access to system
resources and each object that is itself a system
resource should be uniquely identified (named)
such that there can never be confusion as to
The security of the system should not rely upon
the security of any other system that is not
within the direct span of control of this system.
Information that has value to the business should
be in the possession of the business, stored and
protected by the system against loss (as in no
longer being available) or theft (as in being
disclosed to an unauthorised party). This will
include information that is regarded as
“intellectual property.”
The confidentiality of (corporate) information
should be protected in accordance with security
policy. Unauthorized disclosure should be
prevented.
Security can be provided at various levels,
according to business need. The system should
provide the means secure information according
to these needs, and may need to offer different
levels of security for different types of
Soft
Independent audit and review against Security Architecture
Capability Maturity Model
Soft
Reporting of all incidents of crime, including number of
incidents per period, severity, and type of crime
Hard
Independent audit and review against Security Architecture
Capability to Maturity Model
Soft
Proof of uniqueness of naming schemes Hard
Reporting of all disclosure incidents, including number of
incidents per period, severity, and type of disclosure
Hard
Independent audit and review against Security Architecture
Capability Maturity Model of technical security architecture at
conceptual, logical, and physical layers
Integrity
Assured
Non-
Repudiable
Owned
Private
Trustworthy
There should be an entity designated as “owner”
of every system. This owner is the policy maker
for all aspects of risk management with respect
to the system, and exerts the ultimate authority
for controlling the system.
The privacy of (personal) information should be
protected in accordance with relevant privacy or
“data protection” legislation, so as to meet the
reasonable expectation of citizens for privacy.
Unauthorized disclosure should be prevented.
Soft
Reporting of all disclosure incidents, including number of
incidents per period, severity, and type of disclosure
Hard
Reporting of all incidents of compromise, including number of
incidents per period, severity, and type of compromise
Independent audit and review against Security Architecture
Capability Maturity Model with respect to the ability to detect
integrity compromise incidents
Focus groups or satisfaction surveys researching the question
“Do you trust the service?”
Hard
Hard
Soft
Reporting of all incidents of unresolved repudiations, including
number of incidents per period, severity, and type of
repudiation
Independent audit and review against Security Architecture
Capability Maturity Model with respect to the ability to prevent
repudiations that cannot be easily resolved
Hard
Soft
When one party uses the system to send a
message to another party, it should not be
possible for the first party to falsely deny having
sent the message, or to falsely deny its contents.
The system should be able to be trusted to
behave in the ways specified in its functional
specified in its functional specification and
should protect against a wide range of potential
abuses.
Independent audit and review against Security Architecture
Capability Maturity Model of the ownership arrangements and
of the management processes by which owners should fulfil
their responsibilities, and of their diligence in so doing
The integrity of information should be protected
to provide assurance that it has not suffered
unauthorized modification, duplication, or
deletion.
Admissable
Compliant
Enforceable
Insurable
Legal
Liability
Managed
Verify against insurance quotations
Hard
Independent legal expert review of all applicable contracts,
SLAs, etc. Soft
Soft
The system should be designed, implemented,
and operated in
accordance with the requirements of any
applicable legislation. Examples include data
protection laws, laws controlling the use of
cryptographic technology, laws controlling
insider dealing on the stock market, and laws
Independent audit and review against Security Architecture
Capability
Maturity Model. Verification of the inventory of applicable laws
to check for completeness and suitability
Legal/Regulatory Attributes
Independent audit and review against Security Architecture
Capability
Maturity Model by computer forensics expert Soft
Independent compliance audit with respect to the inventories
of
regulations, laws, policies, etc. Soft
The system should comply with all applicable
regulations, laws, contracts, policies, and
mandatory standards, both internal and external.
The system should be risk-managed to enable an
insurer to offer reasonable commercial terms for
insurance against a standard range of insurable
Independent review of:
(1) inventory of contracts, policies, regulations and laws for
completeness, and
(2) enforceability of contracts, policies, laws, and regulations on
the
inventory
Soft
The system services should be designed,
implemented and operated so as to manage the
liability of the organization with regard to errors,
fraud, malfunction, and so on. In particular, the
responsibilities and liabilities of each party
The system should be designed, implemented
and operated such that all applicable contracts,
policies, regulations, and laws can be enforced
by the system.
The system should provide forensic records
(audit trails and so on) that will be deemed to be
“admissible” in a court of law, should that
evidence ever need to be presented in support
of a criminal prosecution or a civil litigation.
Regulated
Resolvable
Time-Bound
Architecturall
y Open
COTS/GOTS
Extendible
Flexible /
Adaptable
The system should be capable of being extended
to incorporate new functional modules as
required by the business. The system should be flexible and adaptable to
meet new business requirements as they
emerge.
Independent audit and review against Security Architecture
Capability Maturity Mode of technical architecture (conceptual,
logical, and physical)
Soft
Independent audit and review against Security Architecture
Capability Maturity Model of technical architecture
(conceptual, logical & physical)Independent audit and review against Security Architecture
Capability Maturity Model† of technical architecture
(conceptual, logical, and physical) Soft
Independent audit and review against Security Architecture
Capability Maturity Model. Verification of the inventory of
applicable regulations to check for completeness and suitability Soft
Independent functional design review against specified
functional requirements Hard
Independent audit and review against Security Architecture
Capability Maturity Model† of technical architecture
(conceptual, logical, and physical)
Soft
Technology Strategy Attributes
The system should be designed, implemented
and operated in such a way that disputes can be
resolved with reasonable ease and without
undue impact on time, cost, or other valuable
resources.
Wherever possible, the system should utilize
commercial off- the-shelf or government off-the-
shelf components, as appropriate.
The system architecture should, wherever
possible, not be locked into specific vendor
interface standards and should allow flexibility in
The system should be designed, implemented,
and operated in accordance with the
requirements of any applicable regulations.
These may be general (such as safety
regulations) or industry-specific (such as banking
regulations).
Independent audit and review against Security Architecture
Capability Maturity Model Maturity Model by legal expert
Soft
Soft
Meeting requirements for maximum or minimum
periods of time, for example, a minimum period
for records retention or a maximum period
within which something must be completed.
Future Proof
Legacy
Sensitive
Migratable
Multi-
Sourced
Scalable
Simple
Standards
Compliant
There should be a feasible, manageable
migration path, acceptable to the business users,
that moves from an old system to a new one, or
Critical system components should be obtainable
from more than one source, to protect against
the risk of the single source of supply and
support being withdrawn.
The system should be as simple as possible, since
complexity only adds further risk.
Independent audit and review against Security Architecture
Capability Maturity Model of technical architecture
(conceptual, logical, and physical)
Independent audit and review of:
(1) the inventory of standards to check for completeness and
appropriateness, and
(2) compliance with stan¬dards on the inventory
Soft
Soft
Independent audit and review against Security Architecture
Capability Maturity Model of technical architecture
(conceptual, logical, and physical)
The system architecture should be designed as
much as possible to accommodate future
changes in both business requirements and
technical solutions.
Independent audit and review against Security Architecture
Capability Maturity Model of technical architecture
(conceptual, logical, and physical) Soft
Independent audit and review against Security Architecture
Capability Maturity Model† of technical architecture
(conceptual, logical, and physical)Soft
Independent audit and review against Security Architecture
Capability Maturity Model of technical architecture
(conceptual, logical, and physical)
Soft
Independent audit and review against Security Architecture
Capability Maturity Model of technical architecture at the
component level
Soft
Soft
The system should be scaleable to the size of
user community, data storage requirements,
processing throughput, and so on that might
emerge over the lifetime of the system.
The system should be designed, implemented
and operated to comply with appropriate
technical and operational standards.
A new system should be able to work with any
legacy systems or databases with which it needs
to interoperate or integrate.
Traceable
Upgrdeable
Available
Continuous
Detectable
Error-Free
The system should be capable of being upgraded
with ease to incorporate new releases of
hardware and software.
Independent expert review of documented traceability
matrices and trees
Soft
Independent audit and review against Security Architecture
Capability Maturity Model of technical architecture
(conceptual, logical, and physical) Soft
Important events must be detected and
reported.
As specified in the SLA
Hard
Functional testing Hard
HardPercentage or absolute error rates (per transaction, per batch,
per time period, etc.)
The system should offer “continuous service.”
The exact
definition of this phrase will always be subject to
a SLA.
Percentage up-time correlated versus scheduled and/or
unscheduled downtime, or MTBF, or MTTR Hard
Operational Attributes
The information and services provided by the
system should be available according to the
requirements specified in the service-level
agreement (SLA).
The system should operate without producing
errors.
The development and implementation of system
components should be documented so as to
provide complete two-way traceability. That is,
every implemented component should be
justifiable by tracing back to the business
requirements that led to its inclusion in the
system, and it should be possible to review every
business requirement and demonstrate which of
the implemented system components are there
to meet this requirement.
Inter-
Operable
Monitored
Productive
Recoverable
Brand
Enhancing
Business
Enabled
Competent Independent audit, or focus groups, or satisfaction surveys
Specific interoperability requirements
Soft
Market surveys
Soft
Business management focus group
Soft
Hard
As specified in the SLA.
Hard
Independent audit and review against Security Architecture
Capability Maturity Model Soft
The system and its services should operate so as
to sustain and enhance productivity of the users,
with regard to the business processes in which
they are engaged.
The operational performance of the system
should be continuously monitored to ensure that
other attribute specifications are being met. Any
deviations from acceptable limits should be
Business Strategy Attributes
The system should help to establish, build, and
support the brand of the products or services
based upon this system.
The system should interoperate with other
similar systems, both immediately and in the
future, as intersystem communication becomes
increasingly a requirement. The system should
interoperate
The system should protect the reputation of the
organization as being competent in its industry
sector
User output targets related to specific business activities
The system should be able to be recovered to full
operational status after a breakdown or disaster,
in accordance with the SLA.
Enabling the business and fulfilling business
objectives should be the primary driver for the
system design.
Hard
Confident
Credible
Culture-
Sensitive
Enabling-
Time-to-
Market
Governable
The system architecture and time-to-design
should allow new market business initiatives to
be delivered to the market with minimum delay.
Business management focus group
Soft
The system should enable the owners and
executive managers of the organization to
control the business and to discharge their
responsibilities for governance.
The system should be designed, built, and
operated with due care and attention to cultural
issues relating to those who will experience the
system in any way. These issues include such
matters as religion, gender, race, nationality,
language, dress code, social customs, ethics,
politics, and the environment. The objective
should be to avoid or minimize offence or
distress caused to others.
Independent audit and review of
(1) the inventory of requirements in this area to check for
completeness and appropriateness, and
(2) compliance of system functionality with this set of
requirements
Independent audit, or focus groups, or satisfaction surveys
Soft
Senior management focus group. Independent audit and review
against Security Architecture Capability Maturity Model for
governance Soft
Soft
Independent audit, or focus groups, or satisfaction surveys
Soft
The system should behave in such a way as to
safeguard the credibility of the organization.
The system should behave in such a way as to
safeguard confidence placed in the organization
by customers, suppliers, shareholders,
regulators, financiers, the marketplace, and the
general public
Provide Good
Stewardship
and Custody
Providing
Investment
Re-use
Providing
Return On
Investment
Reputable
The system should provide a return on return of
value to the business to justify the investment
made in creating and operating the system.
Financial returns and RoI indices selected in consultation with
the Chief Financial Officer
Qualitative value propositions tested by opinion surveys at
senior management and boardroom level
Hard
Soft
As much as possible, the system should be
designed to reuse previous investments and to
ensure that new investments are reusable in the
future.
Independent audit, or focus groups, or satisfaction surveys
Correlation of the stock value of the organization versus
publicity of system event history
Soft
Hard
Independent audit, or focus groups, or satisfaction surveys
Soft
Independent audit and review against Security Architecture
Capability Maturity Model† of technical architecture (con-
ceptual, logical, physical, and component) Soft
The system should behave in such a way as to
safeguard the business reputation of the
organization.
Protecting other parties with whom we do
business from abuse, loss of business, or
personal information of value to those parties
through inadequate stewardship on our part.
Business
Attribute
Business
Driver
Accessible 5
Accurate 7
Anonymous 4
Consistent 23, 41
Business Attribute Definition Measurement Approach Metric
Information to which the user is entitled to gain
access should be easily found and accessed by that
user.
Search tree depth necessary to find the information Soft
The information provided to users should be
accurate within a range that has been preagreed
upon as being applicable to the service being
Acceptance testing on key data to demonstrate
compliance with design rules
Hard
For certain specialized types of service, the
anonymity of the user should be protected.
Rigorous proof of system functionality
Red team review
Hard
Soft
Conformance with design style guides
Red team review
Soft
Performance
Target
User Attributes
The way in which log-in, navigation, and target
services are presented to the user should be
consistent across different times, locations, and
channels of access.
Business Attributes
User Attributes Management
Attributes
Risk Management
Attributes
Legal/Regulatory Attributes
Technical Strategy
Attributes
Operational Attributes
Business Strategy
Attributes
Current 7
Duty
Segregated
12
Educated and
Aware
31.4
Informed 6
Motivated 25
Protected 21
Reliable 16
Responsive 5
Supported 6
Timely 41
Transparent 4
Information provided to users should be current and
kept up to date, within a range that has been
preagreed upon as being applicable for the service
Refresh rates at the data source and replication of
source and replication of refreshed data to the
destination.
Hard
For certain sensitive tasks, the segregated duties
should be segregated so that no user has access to
both aspects of the task.
Functional testing Hard
The user community should be educated and aware
and trained so that they can embrace the security
culture There should be sufficient user awareness of
security issues so that behavior of users is compliant
with security policies.
Competence surveys Soft
The user should be kept fully informed about
services, operating procedures, operational
schedules, planned outages, and so on.
Focus groups or satisfaction surveys Soft
The interaction with the system should add positive
motivation to the user to complete the business
tasks at hand.
Focus groups or satisfaction surveys Soft
The user’s information and access privileges should
be protected against abuse by other users or by
intruders.
Penetration test. (Could access privileges should be
be regarded as “hard,” but only if a penetration is
achieved. Failure to penetrate does not mean that
penetration is impossible.)
Soft
The services provided to the user should be
delivered at a reliable level of quality.
A definition of “quality” is needed against which to
compare.
Soft
The users obtain a response within a satisfactory
period of time that meets their expectations.
Response time Hard
When a user has problems or difficulties in using the
system or its services, there should be a means by
which the user can receive advice and support so
that the problems an be resolved to the satisfaction
of the user.
Focus groups or satisfaction surveys. Independent
audit and review against Security Architecture
Capability Maturity Model.
Soft
Information is delivered or made accessible to the
user at the appropriate time or within the
appropriate time period.
Refresh rates at the data source and replication of
refreshed data to the
destination.
Hard
Providing full visibility to the user of the logical
process but hiding the physical structure of the
system (as a url hides the actual physical locations
of Web servers).
Focus groups or satisfaction surveys. Independent
audit and review against Security Architecture
Capability Maturity Model
Soft
Usable 12
Automated 33.32
Change-
Managed
39
Controlled 30
Cost Effective 27
Efficient 29
Maintanable 6
Measured 6
Supportable 8
The system should provide easy-to-use interfaces
that can be navigated intuitively by a user of
average intelligence and training level (for the given
system). The user’s experience of these interactions
should be
Numbers of “clicks” or keystrokes required.
Conformance with
industry standards, e.g., color palettes. Feedback
from focus groups.
Soft
Wherever possible (and depending upon
cost/benefit factors) the management and
operation of the system should be automated.
Independent design review Soft
Changes to the system should be properly managed
so that the impact of every change is evaluated and
the changes are approved in advance of being
Documented change management system, with
change management history, evaluated by history,
evaluated by independent audit
Soft
The system should at all times remain in the control
of its managers. This means that the management
will observe the operation and behaviour of the
system, will make decisions about how to control it
based on these observations, and will implement
actions to exert that control.
Independent audit and review against Security
Architecture Capability Maturity Model
Soft
The design, acquisition, implementation, and
operation of the system should be achieved at a
cost that the business finds acceptable when judged
Individual budgets for the phases of development
and for on-going operation, maintenance and
support
Hard
The system should deliver the target services with
optimum efficiency, avoiding wastage of resources.
A target efficiency ratio based on (Input
value)/(Output value)
Hard
The system should capable of being maintained in a
state of ¬good repair and effective, efficient
operation. The actions required to achieve this
should be feasible within the normal operational
Documented execution of a preventive maintenance
schedule for both hardware and software,
correlated against targets for continuity of service,
such as mean time between failures (MTBF)
Soft
The performance of the system should be measured
against a variety of desirable performance targets
so as to provide feedback information to support
Documented tracking and reporting of a portfolio of
conventional system performance parameters,
together with other attributes from this list
Hard
The system should be capable of being supported in
terms of both the users and the operations staff, so
that all types of problems and operational
Fault-tracking system providing measurements of
MTBF, MTTR (mean time to repair), and maximum
time to repair, with targets for each parameter
Hard
Risk Management Attributes
Management Attributes
Access
Controlled
12
Accountable 14.15
Assurable 14.15
Assuring
Honesty
18
Auditable 14
Authenticated 19
Authorised 21
Access to information and functions within the
system should be controlled in accordance with the
authorized privileges of the party requesting the
access. Unauthorized access should be prevented.
Reporting of all unauthorised access attempts,
including number of incidents per period, severity,
and result (did the access attempt succeed?)
Hard
All parties having authorized access to the system
should be held accountable for their actions.
Independent audit and review against Security
Architecture Capability
Maturity Model† with respect to the ability to hold
Soft
There should be a means to provide assurance that
the system is operating as expected and that all of
the various controls are correctly implemented and
operated.
Documented standards exist against which to audit
Independent audit and review against Security
Architecture Capability
Maturity Model
Hard
Soft
Protecting employees against false accusations of
dishonesty or malpractice.
Independent audit and review against Security
Architecture Capability Maturity Model with respect
to the ability to prevent false accusations that are
difficult to repudiate
Soft
The actions of all parties having authorized access to
the system, and the complete chain of events and
outcomes resulting from these actions, should be
recorded so that this history can be reviewed.
The audit records should provide an appropriate
level of detail, in accordance with business needs.
The actual configuration of the system should also
be capable of being audited so as to compare it with
a target configuration that represents the
Independent audit and review against Security
Architecture Capability Maturity Model
Documented target configuration exists under
change control with a capability to check current
configuration against this target
Independent audit and review against Security
Architecture Capability Maturity Model
Soft
Hard
Soft
Every party claiming a unique identity (i.e., a
claimant) should be subject to a procedure that
verifies that the party is indeed the authentic owner
of the claimed identity.
Independent audit and review against Security
Architecture Capability Maturity Model with respect
to the ability to authenticate successfully every
claim of identity
Soft
The system should allow only those actions that
have been explicitly authorized.
Reporting of all unauthorized actions, including
number of incidents per period, severity, and result
(did the action succeed?)
Independent audit and review against Security
Architecture Capability Maturity Model† with
Hard
Soft
Capturing
New Risk
39
Confidential 17
Crime Free 36, 39
Flexibly
Secure
23.33
Identified 20
Independentl
y Secure
28
In our Sole
Posession
41
New risks emerge over time. The system
management and operational environment should
provide a means to identify and assess new risks
(new threats, new impacts, or new vulnerabilities).
Percentage of vendor published patches and
upgrades actually installed
Independent audit and review against Security
Architecture Capability Maturity Model of a
documented risk assessment process and a risk
Hard
Soft
The confidentiality of (corporate) information
should be protected in accordance with security
policy. Unauthorized disclosure should be
Reporting of all disclosure incidents, including
number of incidents per period, severity, and type of
disclosure
Hard
Cyber-crime of all types should be prevented. Reporting of all incidents of crime, including number
of incidents per period, severity, and type of crime
Hard
Soft
Security can be provided at various levels, according
to business need. The system should provide the
means secure information according to these needs,
and may need to offer different levels of security for
different types of information (according to security
classification).
Independent audit and review against Security
Architecture Capability to Maturity Model
Soft
Each entity that will be granted access to system
resources and each object that is itself a system
resource should be uniquely identified (named)
such that there can never be confusion as to which
Proof of uniqueness of naming schemes Hard
The security of the system should not rely upon the
security of any other system that is not within the
direct span of control of this system.
Independent audit and review against Security
Architecture Capability Maturity Model of technical
security architecture at conceptual, logical, and
physical layers
Soft
Information that has value to the business should be
in the possession of the business, stored and
protected by the system against loss (as in no longer
being available) or theft (as in being disclosed to an
unauthorised party). This will include information
that is regarded as “intellectual property.”
Independent audit and review against Security
Architecture Capability Maturity Model
Integrity
Assured
19
Non-
Repudiable
19
Owned 23
Private 12.16
Trustworthy 12.16
Admissable 5,7,14
Reporting of all incidents of compromise, including
number of incidents per period, severity, and type of
compromise
Independent audit and review against Security
Architecture Capability Maturity Model with respect
to the ability to detect integrity compromise
Hard
Soft
When one party uses the system to send a message
to another party, it should not be possible for the
first party to falsely deny having sent the message,
or to falsely deny its contents.
Reporting of all incidents of unresolved
repudiations, including number of incidents per
period, severity, and type of repudiation
Independent audit and review against Security
Architecture Capability Maturity Model with respect
to the ability to prevent repudiations that cannot be
Hard
Soft
The system should provide forensic records (audit
trails and so on) that will be deemed to be
“admissible” in a court of law, should that evidence
ever need to be presented in support of a criminal
prosecution or a civil litigation.
Independent audit and review against Security
Architecture Capability Maturity Model by computer
forensics expert
Soft
There should be an entity designated as “owner” of
every system. This owner is the policy maker for all
aspects of risk management with respect to the
system, and exerts the ultimate authority for
controlling the system.
Independent audit and review against Security
Architecture Capability Maturity Model of the
ownership arrangements and of the management
processes by which owners should fulfil their
responsibilities, and of their diligence in so doing
Soft
The privacy of (personal) information should be
protected in accordance with relevant privacy or
“data protection” legislation, so as to meet the
reasonable expectation of citizens for privacy.
Unauthorized disclosure should be prevented.
Reporting of all disclosure incidents, including
number of incidents per period, severity, and type of
disclosure
Hard
Legal/Regulatory Attributes
The system should be able to be trusted to behave
in the ways specified in its functional specified in its
functional specification and should protect against a
wide range of potential abuses.
Focus groups or satisfaction surveys researching the
question “Do you trust the service?”
Hard
The integrity of information should be protected to
provide assurance that it has not suffered
unauthorized modification, duplication, or deletion.
Compliant 41.24
Enforceable 25,26,14
Insurable 15,27,9,
11, 13
Legal 16,18,14,
11, 13
Liability
Managed
36,19,11,
13
Regulated 19,2,14
Resolvable 19.2
The system should comply with all applicable
regulations, laws, contracts, policies, and mandatory
standards, both internal and external.
Independent compliance audit with respect to the
inventories of
regulations, laws, policies, etc.
Soft
The system should be designed, implemented and
operated such that all applicable contracts, policies,
regulations, and laws can be enforced by the
system.
Independent review of:
(1) inventory of contracts, policies, regulations and
laws for completeness, and
(2) enforceability of contracts, policies, laws, and
regulations on the
inventory
Soft
The system should be risk-managed to enable an
insurer to offer reasonable commercial terms for
insurance against a standard range of insurable risks
Verify against insurance quotations Hard
The system should be designed, implemented, and
operated in accordance with the requirements of
any applicable legislation. Examples include data
protection laws, laws controlling the use of
cryptographic technology, laws controlling insider
dealing on the stock market, and laws governing
information that is considered racist, seditious, or
pornographic.
Independent audit and review against Security
Architecture Capability
Maturity Model. Verification of the inventory of
applicable laws to check for completeness and
suitability
Soft
The system services should be designed,
implemented and operated so as to manage the
liability of the organization with regard to errors,
fraud, malfunction, and so on. In particular, the
responsibilities and liabilities of each party should
Independent legal expert review of all applicable
contracts, SLAs, etc.
Soft
The system should be designed, implemented, and
operated in accordance with the requirements of
any applicable regulations. These may be general
(such as safety regulations) or industry-specific
(such as banking regulations).
Independent audit and review against Security
Architecture Capability Maturity Model. Verification
of the inventory of applicable regulations to check
for completeness and suitability
Soft
The system should be designed, implemented and
operated in such a way that disputes can be
resolved with reasonable ease and without undue
Independent audit and review against Security
Architecture Capability Maturity Model Maturity
Model by legal expert
Soft
Time-Bound 35.41
Architecturall
y Open
29.32
COTS/GOTS 32
Extendible 33
Flexible /
Adaptable
33
Future Proof 37
Legacy
Sensitive
37.38
Migratable 38
Multi-Sourced 40
Scalable 40
Meeting requirements for maximum or minimum
periods of time, for example, a minimum period for
records retention or a maximum period within
which something must be completed.
Independent functional design review against
specified functional requirements
Hard
The system architecture should, wherever possible,
not be locked into specific vendor interface
standards and should allow flexibility in the choice
Independent audit and review against Security
Architecture Capability Maturity Model† of technical
architecture (conceptual, logical, and physical)
Soft
Wherever possible, the system should utilize
commercial off- the-shelf or government off-the-
shelf components, as appropriate.
Independent audit and review against Security
Architecture Capability Maturity Mode of technical
architecture (conceptual, logical, and physical)
Soft
The system should be capable of being extended to
incorporate new functional modules as required by
the business.
Independent audit and review against Security
Architecture Capability Maturity Model of technical
architecture (conceptual, logical & physical)
Soft
The system should be flexible and adaptable to
meet new business requirements as they emerge.
Independent audit and review against Security
Architecture Capability Maturity Model† of technical
architecture (conceptual, logical, and physical)
Soft
The system architecture should be designed as
much as possible to accommodate future changes in
both business requirements and technical solutions.
Independent audit and review against Security
Architecture Capability Maturity Model of technical
architecture (conceptual, logical, and physical)
Soft
A new system should be able to work with any
legacy systems or databases with which it needs to
interoperate or integrate.
Independent audit and review against Security
Architecture Capability Maturity Model† of technical
architecture (conceptual, logical, and physical)
Soft
There should be a feasible, manageable migration
path, acceptable to the business users, that moves
from an old system to a new one, or from one
Independent audit and review against Security
Architecture Capability Maturity Model of technical
architecture (conceptual, logical, and physical)
Soft
Critical system components should be obtainable
from more than one source, to protect against the
risk of the single source of supply and support being
withdrawn.
Independent audit and review against Security
Architecture Capability Maturity Model of technical
architecture at the component level
Soft
The system should be scaleable to the size of user
community, data storage requirements, processing
throughput, and so on that might emerge over the
Independent audit and review against Security
Architecture Capability Maturity Model of technical
architecture (conceptual, logical, and physical)
Soft
Technology Strategy Attributes
Simple 31
Standards
Compliant
24
Traceable 19, 20,
22
Upgradeable 38
Available 6
Continuous 6
Detectable 10
Error-Free 18
Inter-
Operable
38
The system should be as simple as possible, since
complexity only adds further risk.
Independent audit and review against Security
Architecture Capability Maturity Model of technical
architecture (conceptual, logical, and physical)
Soft
The system should be designed, implemented and
operated to comply with appropriate technical and
operational standards.
Independent audit and review of:
(1) the inventory of standards to check for
completeness and appropriateness, and
(2) compliance with stan¬dards on the inventory
Soft
The development and implementation of system
components should be documented so as to provide
complete two-way traceability. That is, every
implemented component should be justifiable by
tracing back to the business requirements that led
to its inclusion in the system, and it should be
possible to review every business requirement and
demonstrate which of the implemented system
components are there to meet this requirement.
Independent expert review of documented
traceability matrices and trees
Soft
The system should be capable of being upgraded
with ease to incorporate new releases of hardware
and software.
Independent audit and review against Security
Architecture Capability Maturity Model of technical
architecture (conceptual, logical, and physical)
Soft
The information and services provided by the
system should be available according to the
requirements specified in the service-level
As specified in the SLA Hard
The system should offer “continuous service.” The
exact
definition of this phrase will always be subject to a
Percentage up-time correlated versus scheduled
and/or unscheduled downtime, or MTBF, or MTTR
Hard
Important events must be detected and reported. Functional testing Hard
The system should operate without producing
errors.
Percentage or absolute error rates (per transaction,
per batch, per time period, etc.)
Hard
The system should interoperate with other similar
systems, both immediately and in the future, as
intersystem communication becomes increasingly a
Specific interoperability requirements Hard
Operational Attributes
Monitored 22.24
Productive 5
Recoverable 18
Brand
Enhancing
1
Business
Enabled
2
Competent 1.4
Confident 4
Credible 5
Culture-
Sensitive
16
Enabling-Time-
to-Market
41
The operational performance of the system should
be continuously monitored to ensure that other
attribute specifications are being met. Any
Independent audit and review against Security
Architecture Capability Maturity Model
Soft
The system and its services should operate so as to
sustain and enhance productivity of the users, with
regard to the business processes in which they are
User output targets related to specific business
activities
Hard
The system should be able to be recovered to full
operational status after a breakdown or disaster, in
As specified in the SLA. Hard
The system should help to establish, build, and
support the brand of the products or services based
upon this system.
Market surveys Soft
Enabling the business and fulfilling business
objectives should be the primary driver for the
system design.
Business management focus group Soft
The system should protect the reputation of the
organization as being competent in its industry
sector
Independent audit, or focus groups, or satisfaction
surveys
Soft
The system should behave in such a way as to
safeguard confidence placed in the organization by
customers, suppliers, shareholders, regulators,
financiers, the marketplace, and the general public
Independent audit, or focus groups, or satisfaction
surveys
Soft
The system should behave in such a way as to
safeguard the credibility of the organization.
Independent audit, or focus groups, or satisfaction
surveys
Soft
The system should be designed, built, and operated
with due care and attention to cultural issues
relating to those who will experience the system in
any way. These issues include such matters as
religion, gender, race, nationality, language, dress
code, social customs, ethics, politics, and the
environment. The objective should be to avoid or
minimize offence or distress caused to others.
Independent audit and review of
(1) the inventory of requirements in this area to
check for completeness and appropriateness, and
(2) compliance of system functionality with this set
of requirements
Soft
The system architecture and time-to-design should
allow new market business initiatives to be
delivered to the market with minimum delay.
Business management focus group Soft
Business Strategy Attributes
Governable 8, 16
Provide Good
Stewardship
and Custody
3,12,21
Providing
Investment Re-
use
38
Providing
Return On
Investment
2
Reputable 8
The system should enable the owners and executive
managers of the organization to control the
business and to discharge their responsibilities for
governance.
Senior management focus group. Independent audit
and review against Security Architecture Capability
Maturity Model for governance
Soft
Protecting other parties with whom we do business
from abuse, loss of business, or personal
information of value to those parties through
inadequate stewardship on our part.
Independent audit, or focus groups, or satisfaction
surveys
Soft
As much as possible, the system should be designed
to reuse previous investments and to ensure that
new investments are reusable in the future.
Independent audit and review against Security
Architecture Capability Maturity Model† of technical
architecture (con-ceptual, logical, physical, and
component)
Soft
The system should provide a return on return of
value to the business to justify the investment made
in creating and operating the system.
Financial returns and RoI indices selected in
consultation with the Chief Financial Officer
Qualitative value propositions tested by opinion
surveys at senior management and boardroom level
Hard
Soft
The system should behave in such a way as to
safeguard the business reputation of the
organization.
Independent audit, or focus groups, or satisfaction
surveys
Correlation of the stock value of the organization
Soft
Hard
Business
Attribute
Business
Driver
Confidential Integrity Availability
Accessible 5
Accurate 7
Anonymous 4
Consistent 23, 41
Current 7
Duty Segregated 12
Attribute - Risks and Controls
User Attributes
Conformance with design style
guides
Refresh rates at the data source
and replication of source and
replication of refreshed data to
the destination.
Information to which the user is
entitled to gain access should be
easily found and accessed by
that user.
Risk (Impact Based) Security Controls
Acceptance testing on key data
to demonstrate compliance with
design rules
Rigorous proof of system
functionality
Conflicting duties and areas of
responsibility should be
segregated to reduce
opportunities for
unauthorized or unintentional
modification or misuse of the
Educated and
Aware31.4
Informed 6
Motivated 25
Protected 21
Reliable 16
Responsive 5
Supported 6
Timely 41
Transparent 4
Usable 12
Automated 33.32
Change-
Managed39
Controlled 30
Cost Effective 27
Efficient 29
Penetration test. (Could access
privileges should be be regarded
as “hard,” but only if a
penetration is achieved. Failure A definition of “quality” is
needed against which to
compare.
Focus groups or satisfaction
surveys
Focus groups or satisfaction
surveys
Competence surveys
Numbers of “clicks” or
keystrokes required.
Conformance with
industry standards, e.g., color
palettes. Feedback from focus
Independent design review
Refresh rates at the data source
and replication of refreshed data
to the Focus groups or satisfaction
surveys. Independent audit and
review against Security
Architecture Capability Maturity
Management Attributes
Response time
Focus groups or satisfaction
surveys. Independent audit and
review against Security
Architecture Capability Maturity
Model.
Individual budgets for the
phases of development and for
on-going operation,
A target efficiency ratio based
on (Input value)/(Output value)
Documented change
management system, with
change management history,
Independent audit and review
against Security Architecture
Capability Maturity Model
Maintanable 6
Measured 6
Supportable 8
Access
Controlled
12
Accountable 14.15
Assurable 14.15
Assuring
Honesty
18
Auditable 14
Authenticated 19
Authorised 21
Capturing
New Risk
39
Documented execution of a
preventive maintenance
schedule for both hardware and
software, correlated against
Documented tracking and
reporting of a portfolio of
conventional system
Reporting of all unauthorized
actions, including number of
incidents per period, severity,
and result (did the action
succeed?)
Independent audit and review
against Security Architecture
Capability Maturity Model
Documented target
configuration exists under
change control with a capability
to check current configuration
against this target
Independent audit and review
against Security Architecture
Capability
Maturity Model with respect to
the ability to hold accountable
all authorized parties Documented standards exist
against which to audit
Independent audit and review
against Security Architecture Independent audit and review
against Security Architecture
Capability Maturity Model with
respect to the ability to prevent
Fault-tracking system providing
measurements of MTBF, MTTR
(mean time to repair), and
Reporting of all unauthorised
access attempts, including
number of incidents per period,
severity, and result (did the
access attempt succeed?)
Risk Management Attributes
Independent audit and review
against Security Architecture
Capability Maturity Model with
respect to the ability to
Percentage of vendor published
patches and upgrades actually
installed
Independent audit and review
against Security Architecture
Confidential 17
Crime Free 36, 39
Flexibly Secure 23.33
Identified 20
Independentl
y Secure
28
In our Sole
Posession
41
Integrity
Assured
19
Non-Repudiable 19
Owned 23
Private 12.16
Trustworthy 12.16
Proof of uniqueness of naming
schemes
Independent audit and review
against Security Architecture
Capability Maturity Model of
technical security architecture at
Reporting of all incidents of
crime, including number of Independent audit and review
against Security Architecture
Capability to Maturity Model
Reporting of all disclosure
incidents, including number of
incidents per period, severity,
Reporting of all disclosure
incidents, including number of
incidents per period, severity,
and type of disclosure
Focus groups or satisfaction
surveys researching the question
“Do you trust the service?”
Independent audit and review
against Security Architecture
Capability Maturity Model of the
ownership arrangements and of
the management processes by
Independent audit and review
against Security Architecture
Capability Maturity Model
Reporting of all incidents of
compromise, including number
of incidents per period, severity,
and type of compromise
Independent audit and review
against Security Architecture
Legal/Regulatory Attributes
Reporting of all incidents of
unresolved repudiations,
including number of incidents
per period, severity, and type of
repudiation
Independent audit and review
Admissable 5,7,14
Compliant 41.24
Enforceable 25,26,14
Insurable 15,27,9,
11, 13
Legal 16,18,14,1
1, 13
Liability
Managed
36,19,11,
13
Regulated 19,2,14
Resolvable 19.2
Time-Bound 35.41
Architecturall
y Open
29.32
COTS/GOTS 32
Extendible 33
Flexible /
Adaptable
33
Independent compliance audit
with respect to the inventories
of
Independent audit and review
against Security Architecture
Capability
Maturity Model by computer
forensics expert
Independent review of:
(1) inventory of contracts,
policies, regulations and laws for
completeness, and
(2) enforceability of contracts,
policies, laws, and regulations on
the
inventory Verify against insurance
quotations
Independent audit and review
against Security Architecture
Capability Maturity Model.
Verification of the inventory of Independent audit and review
against Security Architecture
Capability Maturity Model
Maturity Model by legal expert
Independent audit and review
against Security Architecture
Capability
Maturity Model. Verification of
the inventory of applicable laws
to check for completeness and
suitability
Independent audit and review
against Security Architecture
Capability Maturity Mode of
technical architecture
Independent functional design
review against specified
functional requirements
Independent audit and review
against Security Architecture
Capability Maturity Model† of
Independent audit and review
against Security Architecture
Capability Maturity Model† of
technical architecture
Independent legal expert review
of all applicable contracts, SLAs,
etc.
Technology Strategy Attributes
Independent audit and review
against Security Architecture
Capability Maturity Model of
Future Proof 37
Legacy Sensitive 37.38
Migratable 38
Multi-Sourced 40
Scalable 40
Simple 31
Standards
Compliant
24
Traceable 19, 20, 22
Upgrdeable 38
Available 6
Continuous 6
Detectable 10
Error-Free 18
Inter-Operable 38
Monitored 22.24
Independent audit and review
against Security Architecture
Capability Maturity Model of
technical architecture at the Independent audit and review
against Security Architecture
Capability Maturity Model of
Independent audit and review
against Security Architecture
Capability Maturity Model† of
Independent audit and review
against Security Architecture
Capability Maturity Model of
Independent audit and review
against Security Architecture
Capability Maturity Model
Functional testing
Percentage or absolute error
rates (per transaction, per batch,
per time period, etc.)
Independent expert review of
documented traceability
matrices and trees
Independent audit and review
against Security Architecture
Capability Maturity Model of
technical architecture
Independent audit and review
against Security Architecture
Capability Maturity Model of
Independent audit and review
of:
(1) the inventory of standards to
check for completeness and
appropriateness, and
Operational Attributes
As specified in the SLA
Percentage up-time correlated
versus scheduled and/or
unscheduled downtime, or
Independent audit and review
against Security Architecture
Capability Maturity Model of
technical architecture
(conceptual, logical, and
physical)
Specific interoperability
requirements
Productive
5
Recoverable 18
Brand Enhancing 1
Business
Enabled
2
Competent 1.4
Confident 4
Credible 5
Culture-
Sensitive
16
Enabling-
Time-to-
Market
41
Governable 8, 16
Provide Good
Stewardship
and Custody
3,12,21
Providing
Investment
Re-use
38
Providing
Return On
Investment
2
Reputable 8
Independent audit, or focus
groups, or satisfaction surveys
Market surveys
Business management focus
group Independent audit, or focus
groups, or satisfaction surveys
User output targets related to
specific business activities
As specified in the SLA.
Business Strategy Attributes
Independent audit, or focus
groups, or satisfaction surveys
Correlation of the stock value of
Independent audit and review
against Security Architecture
Capability Maturity Model† of
technical architecture (con-Financial returns and RoI indices
selected in consultation with the
Chief Financial Officer
Qualitative value propositions
tested by opinion surveys at
Senior management focus
group. Independent audit and
review against Security
Architecture Capability Maturity Independent audit, or focus
groups, or satisfaction surveys
Independent audit and review of
(1) the inventory of
requirements in this area to
check for completeness and
appropriateness, and
(2) compliance of system
functionality with this set of Business management focus
group
Independent audit, or focus
groups, or satisfaction surveys
Deter Prevent Contain Detect Track Recover Voice Data Video System Information
Attribute - Risks and Controls
Management Activity Controls
User Attributes
Architecture Controls
Management Attributes
Risk Management Attributes
Legal/Regulatory Attributes
Technology Strategy Attributes
Operational Attributes
Business Strategy Attributes
Business
Attribute
Business
Driver
Confidential Integrity Availability
Accessible 5
Accurate 7
Search tree depth necessary to find the information
Acceptance testing on key data to demonstrate compliance with design rules
Opportunities
Enablement
User Attributes
Attribute - Opportunities and Enablement
Anonymous 4
Consistent 23, 41
Current 7
Duty Segregated 12
Educated and
Aware31.4
Informed 6
Motivated 25
Protected 21
Reliable 16
Responsive 5
Supported 6
Focus groups or satisfaction surveys. Independent audit and review against
Security Architecture Capability Maturity Model.
Penetration test. (Could access privileges should be be regarded as “hard,” but
only if a penetration is achieved. Failure to penetrate does not mean that
penetration is impossible.)
A definition of “quality” is needed against which to compare.
Response time
Competence surveys
Focus groups or satisfaction surveys
Focus groups or satisfaction surveys
Conformance with design style guides Red team review
Refresh rates at the data source and replication of source and replication of
refreshed data to the destination.
Functional testing
Rigorous proof of system functionality
Red team review
Timely 41
Transparent 4
Usable 12
Automated 33.32
Change-Managed 39
Controlled 30
Cost Effective 27
Efficient 29
Maintanable 6
Documented execution of a preventive maintenance schedule for both
hardware and software, correlated against targets for continuity of service, such
as mean time between failures (MTBF)
Individual budgets for the phases of development and for on-going operation,
maintenance and support
A target efficiency ratio based on (Input value)/(Output value)
Documented change management system, with change management history,
evaluated by history, evaluated by independent audit
Independent audit and review against Security Architecture Capability Maturity
Model
Numbers of “clicks” or keystrokes required. Conformance with
industry standards, e.g., color palettes. Feedback from focus groups.
Management Attributes
Independent design review
Refresh rates at the data source and replication of refreshed data to the
destination.
Focus groups or satisfaction surveys. Independent audit and review against
Security Architecture Capability Maturity Model
Measured 6
Supportable 8
Access Controlled 12
Accountable 14.15
Assurable 14.15
Assuring Honesty 18
Auditable 14
Authenticated 19 Independent audit and review against Security Architecture Capability Maturity
Model with respect to the ability to authenticate successfully every claim of
identity
Independent audit and review against Security Architecture Capability Maturity
Model with respect to the ability to prevent false accusations that are difficult
to repudiate
Independent audit and review against Security Architecture Capability Maturity
Model
Documented target configuration exists under change control with a capability
to check current configuration against this target
Independent audit and review against Security Architecture Capability Maturity
Model
Independent audit and review against Security Architecture Capability
Maturity Model† with respect to the ability to hold accountable all authorized
parties
Documented standards exist against which to audit
Independent audit and review against Security Architecture Capability
Maturity Model
Fault-tracking system providing measurements of MTBF, MTTR (mean time to
repair), and maximum time to repair, with targets for each parameter
Risk Management Attributes
Reporting of all unauthorised access attempts, including number of incidents
per period, severity, and result (did the access attempt succeed?)
Documented tracking and reporting of a portfolio of conventional system
performance parameters, together with other attributes from this list
Authorised 21
Capturing New
Risk
39
Confidential 17
Crime Free 36, 39
Flexibly Secure 23.33
Identified 20
Independently
Secure
28
In our Sole
Posession
41 Independent audit and review against Security Architecture Capability Maturity
Model
Proof of uniqueness of naming schemes
Independent audit and review against Security Architecture Capability Maturity
Model of technical security architecture at conceptual, logical, and physical
layers
Reporting of all incidents of crime, including number of incidents per period,
severity, and type of crimeIndependent audit and review against Security Architecture Capability to
Maturity Model
Percentage of vendor published patches and upgrades actually installed
Independent audit and review against Security Architecture Capability Maturity
Model of a documented risk assessment process and a risk assessment history
Reporting of all disclosure incidents, including number of incidents per period,
severity, and type of disclosure
Reporting of all unauthorized actions, including number of incidents per period,
severity, and result (did the action succeed?)
Independent audit and review against Security Architecture Capability Maturity
Model† with respect to the ability to detect unauthorized actions
Integrity Assured 19
Non-Repudiable 19
Owned 23
Private 12.16
Trustworthy 12.16
Admissable 5,7,14
Compliant 41.24
Legal/Regulatory Attributes
Independent audit and review against Security Architecture Capability
Maturity Model by computer forensics expert
Independent compliance audit with respect to the inventories of
regulations, laws, policies, etc.
Reporting of all disclosure incidents, including number of incidents per period,
severity, and type of disclosure
Focus groups or satisfaction surveys researching the question “Do you trust the
service?”
Reporting of all incidents of unresolved repudiations, including number of
incidents per period, severity, and type of repudiation
Independent audit and review against Security Architecture Capability Maturity
Model with respect to the ability to prevent repudiations that cannot be easily
resolved
Independent audit and review against Security Architecture Capability Maturity
Model of the ownership arrangements and of the management processes by
which owners should fulfil their responsibilities, and of their diligence in so
doing
Reporting of all incidents of compromise, including number of incidents per
period, severity, and type of compromise
Independent audit and review against Security Architecture Capability Maturity
Model with respect to the ability to detect integrity compromise incidents
Enforceable 25,26,14
Insurable 15,27,9,
11, 13
Legal 16,18,14,1
1, 13
Liability Managed 36,19,11,
13
Regulated 19,2,14
Resolvable 19.2
Time-Bound 35.41
Architecturally
Open
29.32
Independent functional design review against specified functional requirements
Technology Strategy Attributes
Independent audit and review against Security Architecture Capability Maturity
Model† of technical architecture (conceptual, logical, and physical)
Independent audit and review against Security Architecture Capability Maturity
Model. Verification of the inventory of applicable regulations to check for
completeness and suitability
Independent audit and review against Security Architecture Capability Maturity
Model Maturity Model by legal expert
Independent audit and review against Security Architecture Capability
Maturity Model. Verification of the inventory of applicable laws to check for
completeness and suitability
Independent legal expert review of all applicable contracts, SLAs, etc.
Independent review of:
(1) inventory of contracts, policies, regulations and laws for completeness, and
(2) enforceability of contracts, policies, laws, and regulations on the
inventory
Verify against insurance quotations
COTS/GOTS 32
Extendible 33
Flexible /
Adaptable
33
Future Proof 37
Legacy Sensitive 37.38
Migratable 38
Multi-Sourced 40
Scalable 40
Simple 31
Standards
Compliant
24
Independent audit and review against Security Architecture Capability Maturity
Model of technical architecture (conceptual, logical, and physical)
Independent audit and review of:
(1) the inventory of standards to check for completeness and appropriateness,
and
(2) compliance with stan¬dards on the inventory
Independent audit and review against Security Architecture Capability Maturity
Model of technical architecture at the component level
Independent audit and review against Security Architecture Capability Maturity
Model of technical architecture (conceptual, logical, and physical)
Independent audit and review against Security Architecture Capability Maturity
Model† of technical architecture (conceptual, logical, and physical)
Independent audit and review against Security Architecture Capability Maturity
Model of technical architecture (conceptual, logical, and physical)
Independent audit and review against Security Architecture Capability Maturity
Model† of technical architecture (conceptual, logical, and physical)
Independent audit and review against Security Architecture Capability Maturity
Model of technical architecture (conceptual, logical, and physical)
Independent audit and review against Security Architecture Capability Maturity
Mode of technical architecture (conceptual, logical, and physical)
Independent audit and review against Security Architecture Capability Maturity
Model of technical architecture (conceptual, logical & physical)
Traceable 19, 20, 22
Upgrdeable 38
Available
6
Continuous 6
Detectable 10
Error-Free 18
Inter-Operable 38
Monitored 22.24
Productive
5
Recoverable
18
Business Strategy Attributes
User output targets related to specific business activities
As specified in the SLA.
Specific interoperability requirements
Independent audit and review against Security Architecture Capability Maturity
Model
Functional testing
Percentage or absolute error rates (per transaction, per batch, per time period,
etc.)
Operational Attributes
As specified in the SLA
Percentage up-time correlated versus scheduled and/or unscheduled
downtime, or MTBF, or MTTR
Independent expert review of documented traceability matrices and trees
Independent audit and review against Security Architecture Capability Maturity
Model of technical architecture (conceptual, logical, and physical)
Brand Enhancing 1
Business Enabled 2
Competent 1.4
Confident 4
Credible 5
Culture-Sensitive 16
Enabling-Time-to-
Market
41
Governable 8, 16
Provide Good
Stewardship and
Custody
3,12,21
Providing
Investment Re-
use
38
Independent audit, or focus groups, or satisfaction surveys
Independent audit and review against Security Architecture Capability Maturity
Model† of technical architecture (con-ceptual, logical, physical, and component)
Business management focus group
Senior management focus group. Independent audit and review against Security
Architecture Capability Maturity Model for governance
Independent audit, or focus groups, or satisfaction surveys
Independent audit and review of
(1) the inventory of requirements in this area to check for completeness and
appropriateness, and
(2) compliance of system functionality with this set of requirements
Independent audit, or focus groups, or satisfaction surveys
Independent audit, or focus groups, or satisfaction surveys
Market surveys
Business management focus group
Providing Return
On Investment
2
Reputable 8
Financial returns and RoI indices selected in consultation with the Chief
Financial Officer
Qualitative value propositions tested by opinion surveys at senior management
and boardroom level
Independent audit, or focus groups, or satisfaction surveys
Correlation of the stock value of the organization versus publicity of system
event history
Posture Recover Maturity Entrench Compliance
Architecture Enablers (Aligned to Inf. Sec. Strategy) Management Activity
Enablers
User Attributes
Attribute - Opportunities and Enablement
Management Attributes
Risk Management Attributes
Legal/Regulatory Attributes
Technology Strategy Attributes
Business Strategy Attributes
Operational Attributes
Destruction of
Information and/or
other Resources
Corruption or
Modification of
Information
Theft, Removal or Loss
of Information and/or
other Resources
Disclosure of
Information
Interruption of
Services
Y Y Y Y
Y Y
Y Y
Y Y
Y Y
Y Y
Y Y Y Y Y
Y
Security Threat
Data Confidentiality
Data Integrity
Non-Repudiation
Mapping Security Dimensions to Security ThreatsThe intersection of each Security Layer with each Security Plane represents a security perspective where Security Dimensions are applied to counteract the
threats.
Privacy
Access Control
Security Dimension
Authentication
Availability
Communication Flow Security
Contextual Architecture - Security Review
Business Attributes The business attributes can be defined as follows:
-What are the business goals for the requirement?
-What are the business objectives for the requirement?
-What ar the business targets for the requirement?
-What business assets will be affected by this requirement?
Business Requirement
Business Drivers for Security
Business-level assets, goals & objectives
The business requirement abstracted into one or more statements of security-relevance to the
business requirement:
-What are the security pre-requisites for the requirement?
-What can security do to protect / enhance / support the business in the context of the requirement?
The contextual architecture captures and presents the full set of relevant requirements for the scope of the assignment
Conceptual layer sets out the strategy for treating risk and meeting the control and enablement objectives
Business Attributes
Conceptual Architecture - Security Review
The business attributes can be defined as follows:
-What are the business goals for the requirement?
-What are the business objectives for the requirement?
-What ar the business targets for the requirement?
-What business assets will be affected by this requirement?
Business Risks - Attributes The business risks for attributes are as follows:
-What are the identified risks?
-What are the architectural controls?
-What ar the security controls?
-What management acitvity controls are in place?
Business Opportunites - Attributes The business opportunities for attributes are as follows:
-What are the identified opportunites?
-What are the architectural enablers?
-What ar the security enablers?
-What management acitvity enablers are in place?
Business Requirement Business-level assets, goals & objectives
Business Drivers for Security The business requirement abstracted into one or more statements of security-relevance to the
business requirement:
-What are the security pre-requisites for the requirement?
-What can security do to protect / enhance / support the business in the context of the requirement?
A
c
c
e
s
s
C
o
n
t
r
o
l
A
u
t
h
e
n
t
i
c
a
t
i
o
n
A
v
a
i
l
a
b
i
l
i
t
y
C
o
m
m
u
n
i
c
a
t
i
o
n
F
l
o
w
S
e
c
u
r
i
t
y
D
a
t
a
C
o
n
f
i
d
e
n
t
i
a
l
i
t
y
D
a
t
a
I
n
t
e
g
r
i
t
y
N
o
n
-
R
e
p
u
d
i
a
t
i
o
n
P
r
i
v
a
c
y
Business
Driver
Business
Attribute
The user that will be using the application
The provider of the software
Middleware or Enterprise Services Bus
Logical Architecture - Security Review
Application Provider
Application Middleware
Security Dimensions
Application Security
Application User
Is the software provided by an ISV
Code Integrity refers to protecting assets
used to build and run application object code
to ensure that what is delivered to service
management for deployment has not been
tampered with or incorporated any unknown
source code.
Image Integrity covers the entire runtime
stack, from operating system to middleware
components and application platforms that
are needed to run the application or service.
Secure provisioning ensures that handing
over code to release management for
installation and configuration of dependent
software infrastructure is done in accordance
with security policy and, in certain cases, per
contract with the customer.
Image Provisioning manages access to the
image contents. Image provisioning manages
access to the image for deployment, defining
who can access and deploy instances of the
image in a production environment.
Image Provisioning
Service Provider
Code Integrity
Image Integrity
Release Provisioning
Static Code Analysis refers to the tools and
processes that are usually instituted by a
software development team or a build team
to examine all the artifacts and components
that are used to build an application. The
analysis looks for security vulnerabilities and
poor coding practices that can create
security, performance, or other problems.
Runtime Analysis, or software profiling, refers
to the ability to observe a running software
system and analyze its behavior to detect
vulnerabilities in the code.
In a Software Escrow, a third party keeps a
copy of the source code, and possibility other
materials, which it will release to the
customer only if specific ciumstances arise,
mainly if the vendor who developed the code
goes out of business or for some reason is not
meeting the obligations and responsibilities
Business
Driver
Business
Attribute
Data Discovery is the process of identifying all
the data repositories in the organization and
analyzing the schema and data values and
data patterns to identify relationships
between the database elements.
Static Code Analysis
Data Discovery
Runtime Analysis
Software Escrow
Data Security
Data Classification manages both lower-level,
logical data classification and business level
classifications.
Data Assurance processes provide a
governance checkpoint for aggregation,
redaction, and obfuscation requirements to
ensure confidentiality and privacy.Data Redaction refers to methods for
eliminating sensitive or confidential
data from a data set based on policy rules
before it is given to a receiver.
Data Retention capabilities cover both backup
and archive tools and processes.
Data Disposal refers to the tools and
processes to delete data from a system that is
no longer needed and required by law or
policy to be retained.
Business
Driver
Business
Attribute
The perimeter defense sits at the edge of the
internal network and protects it against
unauthorized access
The network infrastructure segregates the
network into manageable and isolated areas
and prevents unauthorized access between
subnets. It also provides various services, like
monitoring, that track suspicious events
happening on the internal network.
The host defenses protect individual systems
and the applications they run.
Data Assurance
Data Retention
Data Redaction
Data Disposal
Data Classification
Network Infrastructure
Protection
Infrastructure Security
Perimeter Defence
Host Defences
Data security protects data in transit and data
stored on disk to provide the requisite
confidentiality, integrity and
availability.
Business
Driver
Business
Attribute
Software Replication and Back-
Trusted Time
User Interface for Security
Security Policy Management
Security Service Management
Stored Data Confidentiality
Stored Data Integrity Protection
Software Integrity Protection
Software Licensing Protection
System Configuration
Data Replication and Back-Up
Message Contents
Non-Repudiation
Traffic Flow Confidentiality
Authorisation
Logical Access Control
Audit Trails
Entity Authentication
Session Authentication
Message Origin Authentication
Message Integrity Protection
Message Replay Protection
Entity Unique Naming
Entity Registration
Entity Public Key Certification
Entity Credentials Certification
Directory Service
Data Security Mechanisms
Security Services
Intrusion Detection
Incident Response
Environmental Security
User Support
Disaster recovery
Crisis Management
System Audit
Physical Security
Personnel Security
Security Operations
Security Provisioning
Security Administration
Security Monitoring
Security Measurements and
Security Alarm Management
Security Training and
A
c
c
e
s
s
C
o
n
t
r
o
l
A
u
t
h
e
n
t
i
c
a
t
i
o
n
A
v
a
i
l
a
b
i
l
i
t
y
C
o
m
m
u
n
i
c
a
t
i
o
n
F
l
o
w
S
e
c
u
r
i
t
y
D
a
t
a
C
o
n
f
i
d
e
n
t
i
a
l
i
t
yD
a
t
a
I
n
t
e
g
r
i
t
y
N
o
n
-
R
e
p
u
d
i
a
t
i
o
n
P
r
i
v
a
c
y
M
a
n
a
g
e
m
e
n
t
P
l
a
n
e
C
o
n
t
r
o
l
P
l
a
n
e
E
n
d
-
U
s
e
r
P
l
a
n
e
Business
Driver
Business
Attribute
Application User The user that will be using the application
Application Provider The provider of the software
Application Middleware Middleware or Enterprise Services Bus
Software Escrow In a Software Escrow, a third party keeps a
copy of the source code, and possibility other
materials, which it will release to the customer
only if specific ciumstances arise, mainly if the
vendor who developed the code goes out of
business or for some reason is not meeting the
obligations and responsibilities
Service Provider Is the software provided by an ISV
Physical Architecture - Security Review
Security PlanesSecurity Dimensions
Application Security
Code Integrity Code Integrity refers to protecting assets used
to build and run application object code to
ensure that what is delivered to service
management for deployment has not been
tampered with or incorporated any unknown
Image Integrity Image Integrity covers the entire runtime
stack, from operating system to middleware
components and application platforms that
are needed to run the application or service.
Release Provisioning Secure provisioning ensures that handing over
code to release management for installation
and configuration of dependent software
infrastructure is done in accordance with
security policy and, in certain cases, per
Image Provisioning Image Provisioning manages access to the
image contents. Image provisioning manages
access to the image for deployment, defining
who can access and deploy instances of the
image in a production environment.
Static Code Analysis Static Code Analysis refers to the tools and
processes that are usually instituted by a
software development team or a build team to
examine all the artifacts and components that
are used to build an application. The analysis
looks for security vulnerabilities and poor
coding practices that can create security,
Runtime Analysis Runtime Analysis, or software profiling, refers
to the ability to observe a running software
system and analyze its behavior to detect
vulnerabilities in the code.
Business
Driver
Business
AttributeData Security
Data Discovery Data Discovery is the process of identifying all
the data repositories in the organization and
analyzing the schema and data values and data
patterns to identify relationships between the
database elements.
Data Classification Data Classification manages both lower-level,
logical data classification and business level
Data Assurance Data Assurance processes provide a
governance checkpoint for aggregation,
redaction, and obfuscation requirements to
ensure confidentiality and privacy.
Data Redaction Data Redaction refers to methods for
eliminating sensitive or confidential
data from a data set based on policy rules
before it is given to a receiver.
Data Retention Data Retention capabilities cover both backup
and archive tools and processes.
Data Disposal Data Disposal refers to the tools and processes
to delete data from a system that is no longer
needed and required by law or policy to be
Business
Driver
Business
Attribute
Perimeter Defence The perimeter defense sits at the edge of the
internal network and protects it against
unauthorized access
Network Infrastructure
Protection
The network infrastructure segregates the
network into manageable and isolated areas
and prevents unauthorized access between
subnets. It also provides various services, like
monitoring, that track suspicious events
happening on the internal network.
Host Defences The host defenses protect individual systems
and the applications they run.
Infrastructure Security
Data Security
Mechanisms
Data security protects data in transit and data
stored on disk to provide the requisite
confidentiality, integrity and
availability.
Business
Driver
Business
Attribute
Logical Service Physical Mechanism
Entity Unique Naming Naming standards
Naming procedure
Directory system
Entity Registration Registration policy
Registration authority system
Registration procedure
Entity Public Key
Certification
Certification policy
Certification authority system
Certification procedure
Certificate syntax standards
Certificate publishing mechanism (directory)
Certificate revocation list (CRL)
CRL publishing and management (directory)
Entity Credentials
Certification
Certification policy
Certification authority system
Certification procedure
Certificate syntax standards
Certificate publishing mechanism (directory)
Certificate revocation list (CRL)
CRL publishing and management (directory)
Security Services
Directory Service Directory system
Directory access protocols
Directory object and attribute syntax rules
Directory replication
Entity Authentication Login procedure
User passwords and tokens
Client user agents for authentication
Authentication exchange protocols
Authentication server system
Directory system
Session Authentication Mutual two-way and three-way authentication
exchanges
Session context (finite state machine)
Message Origin
Authentication
Message source identifiers, protected by:
Message integrity checksums
Digital signatures Hashing
Message Integrity
Protection
Message integrity checksums Digital signatures
Hashing
Message Replay
Protection
Message nonce values protected by message
integrity checksums
Message Contents
Confidentiality
Message contents encryption
Encryption key management
Routing control to physically secure networks
Non-Repudiation Digital signatures
Notarisation servers
Transaction logs
Trusted third party certification / arbitration
Traffic Flow
Confidentiality
Traffic padding
Authorisation Roles Fixed role associations with entities
Real-time role association with entities
Authorisation certificates
Logical Access Control Local access control agents
Local role access control lists (ACLs)
Central access manager (CAM)
CAM role ACLs
Central application access control agents
Central application role ACLs
Database management system mechanisms
File system mechanisms
Audit Trails Event logs
Event log integrity protection mechanisms
Event log browsing tools
Event log analysis tools
Reporting tools
Stored Data
Confidentiality
Logical access control mechanisms
Physical access control mechanisms
Stored data encryption
Media storage security
Media disposal procedures
Stored Data Integrity
Protection
Message integrity checksums Digital signatures
Hashing
Software Integrity
Protection
Development lifecycle controls
Delivery and installation controls
Production system configuration control
Production system change control
Production system management authorisation
Crypto-checksums on object code images
Regular inspection of object code images and
checksums
Anti-virus tools Software Licensing
Protection
Software metering
System Configuration
Protection
Production system configuration control
Production system change control
Production system management authorisation
Cryptographic checksums on configuration data
files
Regular inspection of configuration data files
and checksums Data Replication and
Back-Up
Regular back-up copying
Back-up media management: labelling,
indexing, transport, storage, retrieval, media
recycling, media disposal
Software Replication and
Back-Up
Master software media management: labelling,
indexing, transport, storage, retrieval
Trusted Time Secure time server with clock Secure time
server protocols
User Interface for
Security
GUI login screens
GUI security message screens
Single sign-on mechanism
Ergonomic design of authentication devices Security Policy
Management
Data content monitoring and filtering
Real-time system monitoring
Security Service
Management
Security service management sub-system
Secure management protocols
Management agents in managed components
Access control at all agents and sub-systems
Security alarms
Security Training and
Awareness
Training courses
Training manuals and documentation
Publicity campaigns
Security Operations
Management
Operator authentication mechanisms
Operator activity logs
Operations event logs
Security Provisioning Security service management sub-system
Secure management protocols
Management agents in managed components
Access control at all agents and sub-systems Security Administration Security service management sub-system
Secure management protocols
Management agents in managed components
Access control at all agents and sub-systems
Security alarms
Security Monitoring User activity logs Application event logs
Operator activity logs
Management event logs
Event log browsing and analysis Security Measurements
and Metrics
Cryptographic test mechanisms
Inspection tools
Penetration testing
Statistical tests
Security Alarm
Management
Security alarms
Security alarm monitoring
Intrusion Detection Intrusion ‘signature’ analysis on network traffic
Real-time system monitoring
Alarms
Incident Response Data collection and analysis
Incident assessment procedures
Response action management procedures
User Support Help desk Trouble ticketing system
Disaster recovery Data back-ups
Software back-ups
Data restoration procedures
Off-site back-up storage
Back-up media management: indexing,
labelling, transport, storage, retrieval, recycling,
disposal
Crisis Management Vested authority in a crisis manager and crisis
management team
Assessment procedures
Escalation procedures System Audit Independent inspection Regular scanning with
system audit tools
Physical Security Secure premises with locks, guards, etc
Locked rooms for servers, operations and
communications
Physical protection for cabling
Authorisation procedures
Identification badges and visitor procedures
Supervision of contract engineers etc
Personnel Security Hiring, background checking and vetting
procedures
Training courses, booklets, publicity campaigns
Disciplinary procedures Environmental Security Site-selection procedures
Fire prevention, detection and quenching
Flood avoidance, detection and removal
Air temperature and humidity controls
Electrical power protection mechanisms