enterprise security architecture for cyber security · togaf requirements management approach....
TRANSCRIPT
![Page 1: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/1.jpg)
Enterprise Security
Architecture for Cyber Security
M.M.Veeraragaloo
5th September 2013
![Page 2: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/2.jpg)
Outline
• Cyber Security Overview
• TOGAF and Sherwood Applied Business Security
Architecture (SABSA) o Overview of SABSA
o Integration of TOGAF and SABSA
• Enterprise Security Architecture Framework
The Open Group EA Practitioners Conference - Johannesburg 2013 2
![Page 3: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/3.jpg)
Cyber Security
3
1. What is Cyber Security? 2. How is Cyber Security related to information security? 3. How do I protect my company from malicious attacks?
The Four Types of Security Incidents 1. Natural Disaster 2. Malicious Attack (External Source) 3. Internal Attack 4. Malfunction and Unintentional Human Error
Information security - the "preservation of confidentiality, integrity and availability of information" (ISO/IEC 27001:2005);
"Cyber Security is to be free from danger or damage caused by disruption or fall-out of ICT or abuse of ICT. The danger or the damage due to abuse, disruption or fall-out can be comprised of a limitation of the availability and reliability of the ICT, breach of the confidentiality of information stored in ICT or damage to the integrity of that information.” (The National Cyber Security Strategy 2011, Dutch Ministry of Security and Justice)
![Page 4: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/4.jpg)
Cyber Security in Perspective
4 The Open Group EA Practitioners Conference - Johannesburg 2013
No official position about the differences between Cyber Security and Information Security
Risk Management
(ISO/IEC 27001:2005);
Information Security ISO/IEC 2700:2009
Information Technology
Business Continuity (BS 25999-2:2007).
Cyber Security
Source: 9 Steps to Cyber Security – The Manager’s Information Security Strategy Manual (Dejan Kosutic)
![Page 5: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/5.jpg)
Cyber Security in South Africa
5 Source: SA-2012-cyber-threat (Wolf Pack) [ 2012/2013 The South African Cyber Threat Barometer]
![Page 6: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/6.jpg)
TOGAF & SABSA
9/9/2013 Footer Text 6
![Page 7: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/7.jpg)
SABSA Overview
9/9/2013 Footer Text 7
![Page 8: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/8.jpg)
SABSA Meta Model
The Open Group EA Practitioners Conference - Johannesburg 2013 8
![Page 9: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/9.jpg)
SABSA Matrix
The Open Group EA Practitioners Conference - Johannesburg 2013 9
![Page 10: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/10.jpg)
SABSA Life Cycle
The Open Group EA Practitioners Conference - Johannesburg 2013 10
In the SABSA Lifecycle, the development of the contextual and conceptual layers is grouped into an activity called Strategy & Planning. This is followed by an activity called Design, which embraces the design of the logical, physical, component, and service management architectures. The third activity is Implement, followed by Manage & Measure. The significance of the Manage & Measure activity is that once the system is operational, it is essential to measure actual performance against targets, to manage any deviations observed, and to feed back operational experience into the iterative architectural development process.
![Page 11: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/11.jpg)
SABSA Taxonomy of ICT Business Attributes
The Open Group EA Practitioners Conference - Johannesburg 2013 11
![Page 12: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/12.jpg)
SABSA Taxonomy of General Business Attributes
The Open Group EA Practitioners Conference - Johannesburg 2013 12
![Page 13: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/13.jpg)
SABSA Operational Risk Model
The Open Group EA Practitioners Conference - Johannesburg 2013 13
![Page 14: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/14.jpg)
SABSA integrated with TOGAF
9/9/2013 Footer Text 14
![Page 15: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/15.jpg)
A Central Role for Requirements Management
The Open Group EA Practitioners Conference - Johannesburg 2013 15
Linking the Business Requirements (Needs) to the Security Services – which TOGAF does in the “Requirements Management” Phase and SABSA does via the Business Attributes Profile. These Artefacts needs to be linked to ensure traceability from Business Needs to Security Services.
![Page 16: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/16.jpg)
Requirements Management in TOGAF using SABSA Business Attribute Profiling
The Open Group EA Practitioners Conference - Johannesburg 2013 16
Business Attribute Profiling: This describes the level of protection required for each business capability. • Requirements Catalog: This stores the architecture requirements of which security requirements form an integral part. The Business Attribute Profile can form the basis for all quality requirements (including security requirements) and therefore has significant potential to fully transform the current TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service catalog (in Phase B: Business Architecture) and an information system service catalog (Phase C: Information Systems Architecture). The creation of the information system services in addition to the core concept of business services is intended to allow more sophisticated modelling of the service portfolio. • The Security Service Catalog: As defined by the SABSA Logical Layer, this will form an integral part of the TOGAF Information System Service Catalogs.
![Page 17: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/17.jpg)
The Business Attribute Profile Mapped onto the TOGAF Content Meta Model
The Open Group EA Practitioners Conference - Johannesburg 2013 17
![Page 18: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/18.jpg)
SABSA Life Cycle and TOGAF ADM
The Open Group EA Practitioners Conference - Johannesburg 2013 18
![Page 19: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/19.jpg)
Mapping TOGAF and SABSA Abstraction Layers
The Open Group EA Practitioners Conference - Johannesburg 2013 19
![Page 20: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/20.jpg)
Mapping of TOGAF to SABSA Strategy and Planning Phase
The Open Group EA Practitioners Conference - Johannesburg 2013 20
As the SABSA phases extend beyond the core phases of the TOGAF ADM, the scoping provided by the SABSA Domain Model extends beyond these core phases of TOGAF, both in terms of solution design and system and process management during the operational lifecycle.
![Page 21: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/21.jpg)
Overview of Security Related Artifacts in the TOGAF ADM
The Open Group EA Practitioners Conference - Johannesburg 2013 21
![Page 22: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/22.jpg)
Preliminary Phase – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 22
![Page 23: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/23.jpg)
Phase A - Architecture Vision – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 23
![Page 24: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/24.jpg)
Phase B – Business Architecture – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 24
![Page 25: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/25.jpg)
Phase C – Information Systems Architecture – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 25
![Page 26: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/26.jpg)
Phase D – Technology Architecture – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 26
![Page 27: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/27.jpg)
Phase G – Implementation Governance – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 27
![Page 28: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/28.jpg)
Phase H – Architecture Change Management – Security Artifacts
The Open Group EA Practitioners Conference - Johannesburg 2013 28
![Page 29: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/29.jpg)
Enterprise Security Architecture - Framework
9/9/2013 Footer Text 29
![Page 30: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/30.jpg)
ICT service providers must consider the whole
market. Four dimensions to put in one line
The Open Group EA Practitioners Conference - Johannesburg 2013 30
Service Models Cloud (XaaS) Hosting Managed Service Monitoring
Frameworks ISO 27002 NIST ISF
Requirements national/intern. law industries SOX, PCI DSS… customers
Service Types Desktop Communication Collaboration Computing
LogonLogonLogon
Service Provider
![Page 31: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/31.jpg)
ICT service providers must consider the whole
market. Four dimensions to put in one line
The Open Group EA Practitioners Conference - Johannesburg 2013 31
4) Mapping Model to demonstrate fulfillment of all types of security requirements
3) Hierarchy of Security Standards delivering information on each level of detail
2) Modular and Structured approach that serves all possible models
and offerings
1) Produce Standardized Security measures for industrialized ICT production
Enterprise Security Architecture » shaping the security of ICT service provisioning «
deliver assurance to customers and provide directions for production
![Page 32: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/32.jpg)
From Requirements to ICT Services. Standardisation is Key
The Open Group EA Practitioners Conference - Johannesburg 2013 32
requirements identification
requirements consolidation
conception, integration
operations, maintenance
Corporate Governance, Risk, & Compliance
customer requirements (Automotive, Finance, Public, …)
partially overlap
standard options full custom
no-go
industrialized services (established platforms and processes)
customer-specific services
![Page 33: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/33.jpg)
Framework for Enterprise Security Architecture
The Open Group EA Practitioners Conference - Johannesburg 2013 33
Requirements (corporate and customer)
Framework for ESA
Enablement (ISMS) security management process and
reference model (mainly ISO 27001)
Enforcement (Practices) controls / techniques
(mainly ISO 27002) specific standards
impact analysis for non-framework requirements
Enterprise Security Architecture Industrialized ESA Services
processes including roles for new business, changes and operational services
technology platform evidence (monitoring, analytics
and reporting)
custom services (specific service and
realization for a customer)
![Page 34: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/34.jpg)
Framework for ESA.
The Enablement Framework with ISMS activities.
The Open Group EA Practitioners Conference - Johannesburg 2013 34
Define scope and ISMS policy
Define risk assessment approach
Identify risks, derive control obj. & controls
Approve residual risks
Draw up statement of applicability (SoA)
P1
P2
P3
P4
P5
Implement risk handling plan & controls
Define process for monitoring the effectiveness of controls
Develop security awareness
D1
D2
D3
Lead ISMS and steer funds D4
Implement methods to identify / handle security incidents D5
Monitoring & review security incidents
Review risk assessment approach
C1
Evaluate effectiveness of the controls implemented C2
C3
Perform and document ISMS audits C4
Carry out management evaluations C5
Implement appropriate corrective and preventative controls
Communicate activities & improvements
Ensure improvements achieve targets
Implement identified improvements in ISMS A1
A2
A3
A4
Activities of the Enablement Framework
![Page 35: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/35.jpg)
Considering: Plan – Build – Run.
Sales, Service, Production, (Integration).
The Open Group EA Practitioners Conference - Johannesburg 2013 35
ESA reflects three types of business:
Customer Projects – Operations – Platform Preparation
Bid, Transition, Transformation Set-up for operations Major Changes
New Business & Major Changes (Project Business)
Service Delivery Management Provide industrialized and customer specific ICT
Services Evidence
Operations (Daily Business)
Define Offering and SDEs Initial set-up of ESA (creation and extension) Maintenance of ESA (improvements)
ESA Platform
Enter
prise
Securi
ty Ar
chitec
ture
for I
CT Se
rvices
![Page 36: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/36.jpg)
Considering: Plan – Build – Run. Sales, Service, Production, (Integration).
The Open Group EA Practitioners Conference - Johannesburg 2013 36
Ho
w?
Sta
nd
ard
s
3
Wh
o?
Ro
les
etc.
2
Define Offering and Service Delivery Elements Initial set-up of ESA Maintenance
ESA Technology Platform
Bid, Transition, Transformation
Set-up for operations Major Changes
New Business & Change (Project Business)
Service Delivery Management Provide ICT Services Evidence
Operations (Daily Business)
Wh
at?
Wo
rk a
reas
1
![Page 37: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/37.jpg)
Cooperation: Implementation of Roles.
Customer Projects, Portfolio, and Operations.
The Open Group EA Practitioners Conference - Johannesburg 2013 37
Security Manager
Customer
ICT SRC Manager
Security Architects and Experts (engineering)
Customer Security Manager
Operations Manager
Operations Personnel
step-by-step transfer of business
Project (bid, transition, transformation)
Operations (CMO+FMO)
requirements requirements
governance
Offering Manager
![Page 38: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/38.jpg)
Considering: Plan – Build – Run. Sales, Service, Production, (Integration).
The Open Group EA Practitioners Conference - Johannesburg 2013 38
Ho
w?
Sta
nd
ard
s
3
Wh
o?
Ro
les
etc.
2
Define Offering and Service Delivery Elements Initial set-up of ESA Maintenance
ESA Technology Platform
Bid, Transition, Transformation
Set-up for operations Major Changes
New Business & Change (Project Business)
Service Delivery Management Provide ICT Services Evidence
Operations (Daily Business)
Wh
at?
Wo
rk a
reas
1
![Page 39: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/39.jpg)
Corporate and Product Security incorporated in one Hierarchy
The Open Group EA Practitioners Conference - Johannesburg 2013 39
Corporate Security Rule Base
Corporate Security Policy
ICT Security Standards
ICT Security Principles
ICT Security Baselines
Refinement Pyramid of Standards Requirements for ICT Service Provisioning (“product security”)
ISO 27001 Certificate
Detailed customer inquiry
Software settings, configuration
Examples
Certification and Audit
Security Measures
Security Implementation
![Page 40: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/40.jpg)
Demonstrating that Customer
Requirements are met
The Open Group EA Practitioners Conference - Johannesburg 2013 40
Customer Requirements
R1 R2
R3 R4
R5
C1 C2 C3 C4 C5 C6 C7 Set of Controls (contractual )
Requirements are met (Suitability)
Controls of ESA and its ICT Security Standards
Service type: Desktop Communication Collaboration Computing
![Page 41: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/41.jpg)
9/9/2013 Footer Text 41
Ev
iden
ce a
nd
C
ust
om
er R
elat
ion
Ser
vic
e M
anag
emen
t
Wide Area Network Security
Customer and users Data Center
User LAN Periphery
Remote User Access
User Identity Management
Mobile Work-place Security
Office Work-place Security
Corporate Provider Access
Gateway and Central Services
Provider Identity Management
Data Center Security
Data Center Networks
Computer Systems Security
Application and AM Security
VM and S/W Image Mngt.
Database and Storage Security
Operations Support Security
Networks
Asset and Configu-ration Management
Business Continuity Management
Security Patch Management
Hardening, Provisio-ning & Maintenance
Change and Problem Management
Customer Communi cation and Security
System Development Life-Cycle
Systems Acquisition and Contracting
Risk Management
Logging, Monitoring & Security Reporting
Incident Handling and Forensics
Vulnerability Assessment, Mitigation Plan
Release Mngt. and Acceptance Testing
Certification and 3rd Party Assurance
Administration Network Security
Security Taxonomy.
![Page 42: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/42.jpg)
EAS – Meta Model
The Open Group EA Practitioners Conference - Johannesburg 2013 42
Queries, Analysis, Portfolios,
etc.
Stakeholder
Views
“Model World” Architecture Repository
“Real World” Enterprise applications teams & information
Industry Glossaries Industry Reference Models
Application Models Application Glossaries
“Meta-Model” Common Language
“Standardized” Content, e.g. business processes, applications etc.
“Integrated and consistent Views” Stakeholder specific views & reports
![Page 43: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/43.jpg)
ICT Security Services and Solutions
The Open Group EA Practitioners Conference - Johannesburg 2013 43
Enterprise Security Management
Identity and Access Management
ICT Infrastructure Security
Architecture and Processes
Applications, Risk and Compliance
Security and Vulnerability Management
Users and Identities
Smart Cards
Trust Centers
Business Enablement Enabling the managed use of ICT resources and IT applications with digital identities, roles and rights.
Business Integration
Embedding security in processes, defining goals and responsibilities, ensuring good governance and compliance.
Workplace, Host and Storage Security
Network Security
Physical Security
Business Protection Defending from hostile action: protecting networks, IT applications, data and building security
![Page 44: Enterprise Security Architecture for Cyber Security · TOGAF requirements management approach. •Business and Information System Service Catalogs: TOGAF defines a business service](https://reader036.vdocument.in/reader036/viewer/2022062307/5fd91945fa401e4afa1142dd/html5/thumbnails/44.jpg)
44
If you have one last breath
use it to say...
The Open Group EA Practitioners Conference - Johannesburg 2013