Fri Apr 8 06:49:41 PDT 2016

Technical Security Architecture: How are technical controls structured?


Options:

The description is up to them.


Decision:

A structured approach to technical controls following the technical security architecture of the enterprise protection approach used in this assessment should be applied:

Technical Security Architecture
Protection Processes
InventoryWork flows
Process
Deter
Prevent
Detect
React
Adapt

Data State
At Rest
In Use
In Motion
Protective Mechanisms

Perception: obscurity - profile - appearance - deception - depiction - cognition
Behavior: tracking - change - timeframe - fail-safe - fault tolerance - human - separation of duties - least privilege - intrusion/anomaly detection and response
Structure: control and data flows - digital diodes - firewalls and bypasses - barriers - mandatory / discretionary access controls - zoning
Content: transforms - filters - markings - syntax - situation - presentation
Content and its business utility
Lifecycles
Business
People
Systems
Data

Context
Time
Location
Purpose
Behavior
Identity
Method
Technical control structure

Basis:

Technical controls are used in some manner to accomplish some set of goals and within some framework.

A structured approach to technical controls following the technical security architecture of the enterprise protection approach used in this assessment should be applied:

Technical Security Architecture
Protection Processes
InventoryWork flows
Process
Deter
Prevent
Detect
React
Adapt

Data State
At Rest
In Use
In Motion
Protective Mechanisms

Perception: obscurity - profile - appearance - deception - depiction - cognition
Behavior: tracking - change - timeframe - fail-safe - fault tolerance - human - separation of duties - least privilege - intrusion/anomaly detection and response
Structure: control and data flows - digital diodes - firewalls and bypasses - barriers - mandatory / discretionary access controls - zoning
Content: transforms - filters - markings - syntax - situation - presentation
Content and its business utility
Lifecycles
Business
People
Systems
Data

Context
Time
Location
Purpose
Behavior
Identity
Method
Technical control structure
Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved