Fri Apr 8 06:49:41 PDT 2016

Control Architecture: Access facilitation: How is access facilitated once identity is adequately established?

Options:

{Unified, Consolidated, Independent} x
{access, tracking, use control} x across
{enterprises, zones, subzones, applications, mechanisms} x at
{low, medium, high} granularity.

Decision:

Describe your architecture for facilitating access.

Maturity Technical capability Risk level Combinations
Repeatable- Low Low Independent access, tracking, and use control at low granularity.
Defined Low Low-Med Independent access, tracking, and use control across mechanisms at low or medium granularity.
Managed+ Low High Too dangerous to allow with Low technical capability.
Repeatable- Medium Low Consolidated or Independent access, tracking, and use control across zones, subzones, and mechanisms at low or medium granularity.
Defined- Medium Med Consolidated or Independent access, tracking, and use control across zones, subzones, and mechanisms at low or medium granularity.
Managed+ Medium High Consolidated access, tracking, and use control across zones, subzones, applications, and mechanisms at medium or high granularity.
Defined- High Low Unified or Consolidated access, and tracking across enterprises, zones, subzones, applications, and mechanisms at medium granularity.
Defined- High Med+ This should not be allowed - increase maturity level.
Managed+ High Med Unified or Consolidated access, tracking, and use control across enterprises, zones, subzones, applications, and mechanisms at medium or high granularity.
Managed+ High High Unified, Consolidated, or Independent access, tracking, and use control across zones, subzones, applications, and mechanisms at high granularity.
Access facilitation architecture

Basis:

Unified: All of the access mechanisms are federated, aggregated, or otherwise composed into a unified access mechanism that deals with all access seamlessly.

Consolidated: Various groups of access mechanisms are composed to form islands of mechanisms, possibly with limited interactions for efficiency, but not in a unified manner.

Independent: Mechanisms for access are independent of each other and control over those mechanisms are highly localized.

access: the granting of capabilities to examine, modify, delete, add to, or otherwise apply content to gain utility.

tracking: the capacity to associated actions to actors and content to storage, processing, and transport.

use control: the ability to control who and what does what with what and for what purposes.

across enterprises: as in between business units and with other business units across all boundaries, treating everything as if it were all part of one thing.

across zones: these are the major areas within an enterprise as defined for grouping content, mechanisms, people, and devices, typically based on common communications requirements.

across subzones: these are separation mechanisms within zones used to keep things apart either to limit risk aggregation to meet logical, regulatory, contractual,or other similar grouping requirements.

across applications: these go between applications, or from and between user systems, servers, application platforms, databases, and storage

across mechanisms: these go across control mechanisms, boundaries, devices, storage media, and other physical and logical functional units.

at low granularity.: at the granularity of application sets, whole databases, whole systems, or larger units, and in consolidated periods of time or volumes of flows.

at medium granularity.: at the level of applications, files, parts of systems, programs, and database tables and to the granularity of seconds or less, numbers of records per unit time, and similar flow levels..

at high granularity.: at the level of individual users, routines within programs, URLs within a server, options within applications, and individual datum within databases and to the maximum granularity of the available time standards and data units.

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved