Security Architecture Roadmapv4 Arctec Group（安全架构Roadmapv4 Arctec组）.pdf

Security Architecture Blueprint By Gunnar Peterson The purpose of the security architecture blueprint is to bring focus to the key areas of concern for the enterprise, highlighting decision criteria and context for each domain. Since security is a system property it can be difficult for Enterprise Security groups to separate the disparate concerns that exist at different system layers and to understand their role in the system as a whole. This blueprint provides a framework for understanding disparate design and process considerations; to organize architecture and actions toward improving enterprise security. Security Services Security services provide confidentiality, integrity, and availability services for the platform. Security services are implemented as protection services, such as authentication and authorization, detection services, such as monitoring and auditing, and response services, such as incident response and forensics. These services have served as the goals and objectives for information security programs for many years, but they do not provide an actionable blueprint as such. This document describes a way to map these security services into an overall enterprise security architecture blueprint. Figure 1: Security Architecture Blueprint Copyright © 2006, 2007 Arctec Group, LLC All Rights Reserved - 1 - The security architecture blueprint below depicts an approach to map the system ’s stakeholders’ conceptual goals to a logical view fo security, which is set of security policy and standards, security architecture, and risk management domains. The decisions in the logical layer drive the security processes, defense in depth services and security metrics through design time to run time. Stakeholders Anyone with a material stake in the systems development and operations, including business users, customers, legal team, and so on. The stakeholder ’s business and risk goals dri