week - 2 - temple mis€¦ · course web site 4. syllabus 5. textbook and readings, course pack 6....
TRANSCRIPT
![Page 1: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/1.jpg)
Week - 1MIS5214 – Security Architecture
![Page 2: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/2.jpg)
Agenda
1. Welcome and Introductions2. Course Goals 3. Course Web Site4. Syllabus5. Textbook and Readings, Course Pack 6. Grading7. Weekly Cycle 8. Semester Schedule9. Security Architecture and Enterprise Architecture10.Next Week…
![Page 3: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/3.jpg)
Course Goals – Security ArchitectureLearn about how organizations
• Align their IT security capabilities with its business goals and strategy
• Plan, design and develop enterprise security architecture, • Assess IT system security architectures and capabilities
Objectives1. Learn key Enterprise Security Architecture concepts2. Develop an understanding of contextual, conceptual, logical, physical and
component levels or security architectures and how they relate to one another
3. Learn how security architectures are planned, designed and documented4. Gain an overview of how security architectures are evaluated and assessed5. Gain experience working as part of team, developing and delivering a
professional presentation
![Page 4: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/4.jpg)
Course Web Sitehttp://community.mis.temple.edu/mis5214sec001sp2018/
http://community.mis.temple.edu/mis5214sp2018online/
Section 001:
Section 701:
![Page 5: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/5.jpg)
Instructor
![Page 6: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/6.jpg)
Syllabus
http://community.mis.temple.edu/mis5214sp2018online/files/2018/01/MIS5214_Syllabus_Fall2018_Final_701-2.pdf
http://community.mis.temple.edu/mis5214sec001sp2018/files/2018/01/MIS5214_Syllabus_Fall2018_Final_001.pdf
![Page 7: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/7.jpg)
Textbook and Readings
![Page 8: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/8.jpg)
Harvard Business Publishing Course Pack
• Readings• Case Studies
![Page 9: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/9.jpg)
Class Schedule
![Page 10: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/10.jpg)
Assignments
![Page 11: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/11.jpg)
Grading
![Page 12: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/12.jpg)
Assignments
1. One Key Point Taken from Each Assigned ReadingPost one or two sentences of thoughtful analysis about one key point you took from each assigned reading by midnight Sunday the week they are due
2. One Question You Would Ask Your Fellow Students to Facilitate Discussion
3. Problem Solving Assignments
![Page 13: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/13.jpg)
Participation
1. Comment on your classmates’ discussion questions and/or key points they wrote about taking away from the readingsContribute at least three (3) substantive posts that include your thoughtful answers to their discussion questions and/or comments on the key points made by your classmates about the readings. Your posting of your three comments is due Tuesday by noon.
2. Post an “In the News” article (link and brief summary) Be prepared to discuss in class an article you found about a current event in the Information Security arena. An ideal article would be tied thematically to the topic of the week. However, any article you find interesting and would like to share is welcome. The deadline for posting is Tuesday by noon.
![Page 14: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/14.jpg)
Case Studies
Case study analysis1. Individual preparation
2. Group discussion
3. Class discussion
![Page 15: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/15.jpg)
Team ProjectsBy class 4, students will be organized into teams that work together on case studies and on the Team Project
Each team will be responsible for researching, developing and presenting a system security plan (SSP) for a cloud based enterprise information system
SSP will include technical specifications and diagrams illustrating the security architecture of an information system
Teams will develop and deliver a 15-minute presentation on the system’s security architecture, followed by questioning by the other project teams
![Page 16: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/16.jpg)
Exams
![Page 17: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/17.jpg)
Grading
![Page 18: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/18.jpg)
Weekly Cycle
![Page 19: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/19.jpg)
Security Architecture
A comprehensive and rigorous method to plan, design and describe current and desired future structure and behavior of an organization's:
• Business sub-units
• Processes and Personnel
• Information security systems
…so they align with the organization's core goals and strategic direction
Wikipedia: https://en.wikipedia.org/wiki/Enterprise_information_security_architecture
![Page 20: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/20.jpg)
“Information security” is protection of…• Confidentiality, integrity, and availability (“CIA”) of data and
information• Data, information and information systems from unauthorized…
• Access, use, disclosure = Confidentiality
• Modification = Integrity
• Disruption or destruction = Availability
Security Goals - Terminology
![Page 21: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/21.jpg)
Security Goals
•Confidentiality
Confidentiality means that people cannot read sensitive information, either while it is on a computer or while it is traveling across a network
![Page 22: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/22.jpg)
Security Goals
• Integrity
Integrity means that attackers cannot change or destroy information, either while it is on a computer or while it is traveling across a network
Or, at least, if information is changed or destroyed, then the receiver can detect the change or restore destroyed data
![Page 23: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/23.jpg)
Security Goals
•Availability
• Availability means that people who are authorized to use information are not prevented from doing so
![Page 24: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/24.jpg)
Compromises
•Successful attacks•Also called incidents•Also called breaches (not breeches)
![Page 25: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/25.jpg)
Countermeasures
• Tools used to thwart attacks
•Also called safeguards, protections, and controls
• Types of countermeasures• Preventative• Detective• Corrective
![Page 26: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/26.jpg)
Back to “Security Architecture”
“…the art and science of designing and supervising the construction of business systems, usually business information systems, which are:
• Free from danger, damage, etc.• Free from fear, care, etc.• In safe custody• Not likely to fail• Able to be relied upon• Safe from attack”
Sherwood et al. (2005) Enterprise Security Architecture: A Business-Driven Approach
![Page 27: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/27.jpg)
Thinking about security architecture enables understanding enterprise information systems the way attackers do – as large diverse attack surfaces
Security Architecture
https://graquantum.com/blog/cyber-basics-cyber-attack-surface/
![Page 28: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/28.jpg)
Enterprise Information and Security Architecture
Wikipedia: https://en.wikipedia.org/wiki/Enterprise_information_security_architecture, accessed 2017-1-19Huxham, H. (2006) “Own view of Enterprise Information Security Architecture (EIS))Framework”
Sherwood et al. (2005) Enterprise Security Architecture: A Business-Driven Approach
![Page 29: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/29.jpg)
Information Systems - definitionsEnterprise information system is an information system which enable an organization to integrate and improve its business functions
Information systems are software and hardware systems that support data-intensive applications
Programs = Algorithms + Data Structures
Algorithm in a software program is a step-by-step procedure for solving a problem or accomplishing some end especially by a computer
Data Structure in a software program is a particular way of organizing data in a computer so that it can be manipulated by an algorithm
Software are programs used to direct the operation of a computer
Hardware are tangible physical parts of a computer system and IT network
Firmware is software embedded in a piece of hardware
![Page 30: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/30.jpg)
What is meant by the term “abstraction” ?• A fundamental human capability that enables us to
deal with complexity
• Its purpose is to limit the universe so we can do things
• Selective examination of certain aspects of a problem
• Its goal is the purposeful isolation of important aspects and suppression of unimportant aspects (i.e. omitting details)• Purpose determines what is and what is not important
• All abstractions are incomplete and inaccurate – but this is their power and does not limit their usefulness
• Many different abstractions of the same thing are possible• Depending on the purpose for which they are made – The problem solving context
explains the source of their intent
![Page 31: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/31.jpg)
What is a conceptual model ? • Are abstractions of things for the purpose of understanding them
• Enable dealing with systems that are too complex to understand directly
• Omit nonessential details making them easier to manipulate than the original entities• The human mind can cope with only a limited amount of information at one time
• Models reduce complexity by separating out a small number of important things to deal with at a time
• Aid understanding complex systems by enabling visualization and communication of different aspects expressed as individual models (“views”) using precise notations• Communicate an understanding of content, organization and function of a system
• Useful for verifying that the system meets requirements• To be relied on, models must be validated by comparison to the implemented system to assure they accurately
represent and document the implemented system
• Serve several purposes• Testing a physical entity before building it
• Communicating a shared understanding of the system with stakeholders, users, developers, information system auditors and testers
![Page 32: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/32.jpg)
Models of Information Systems
Content & Structure
Function & Use
![Page 33: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/33.jpg)
Models of Information Systems
Content & Structure Function & Use
![Page 34: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/34.jpg)
Database designInformation System Development
Examples of models of IT Design and Development…
![Page 35: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/35.jpg)
Models Help Understand Enterprise Information Systems and their Security
The Open Data Group Architecture Framework (TOGAF) Version 9.1
https://www.opengroup.org/architecture/togaf91/downloads.htm
Sherwood Applied Business Security Architecture
http://www.sabsa.org/white_paper
Horatio Huxham’s BITS
https://en.wikipedia.org/wiki/Enterprise_information_security_architecture
![Page 36: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/36.jpg)
![Page 37: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/37.jpg)
Wikipedia: https://en.wikipedia.org/wiki/Enterprise_information_security_architecture, accessed 2017-1-19
Consists of:• Business Architecture• Information Architecture• Security Architecture
![Page 38: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/38.jpg)
Business Architecture
![Page 39: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/39.jpg)
Information Architecture
The Open Data Group Architecture Framework (TOGAF) Version 9.1
ApplicationArchitecture
DataArchitecture
![Page 40: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/40.jpg)
![Page 41: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/41.jpg)
Information Architecture – Models of Information Flows“Enterprise applications automate processes that span multiple business functions and organizational levels and may extend outside the organization”
Laudon, K.C. and Traver, C.G. (2011), Management Information Systems, Prentice Hall
… …
![Page 42: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/42.jpg)
![Page 43: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/43.jpg)
Enterprise Information System Architecture
Wikipedia: https://en.wikipedia.org/wiki/Enterprise_information_security_architecture, accessed 2017-1-19
Consists of:• Business Architecture• Information Architecture
• Security Architecture
![Page 44: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/44.jpg)
Defense in Depth
•Also known as: • Layered Security• Castle Approach to Security
![Page 45: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/45.jpg)
Defense in Depth
Why is it needed?
![Page 46: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/46.jpg)
5/20/2015
Anatomy of an Attack1. Attacker sends spear fishing e-mail 2. Victim opens attachment
• Custom malware is installed
3. Custom malware communicates to control web site • Pulls down additional malware
4. Attacker establishes multiple backdoors
5. Attacker accesses system• Dumps account names and passwords from domain controller
6. Attacker cracks passwords• Has legitimate user accounts to continue attack undetected
7. Attacker reconnaissance • Identifies and gathers data
8. Data collected on staging server
9. Data ex-filtrated
10.Attacker covers tracts • Deletes files• Can return any time
(MANDIANT, 2015)
Advanced persistent threats (APT) usually maintain remote access to target environments for 6-18 months before being detected (i.e. they are persistent)
(Holcomb & Stapf, 2014)
Threat landscape
![Page 47: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/47.jpg)
Information System Security Architecture Model of What is Needed
Sherwood Applied Business Security Architecture (SABSA)
![Page 48: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/48.jpg)
Viewpoints
• Contextual – Business requirements
• Conceptual – Fundamental concepts that guide the way the business requirements will be met
• Logical – The major security elements, flow of control and relationships among these security elements to protect the information systems
• Physical – Detailed design of the security system components and mechanisms
• Service Management – Operations and management of the security system
![Page 49: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/49.jpg)
Readings listed under SCHEDULEhttp://community.mis.temple.edu/mis5214sec001sp2018/
http://community.mis.temple.edu/mis5214sp2018online/
Section 001:
Section 701:
![Page 50: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/50.jpg)
Readings listed under SCHEDULEhttp://community.mis.temple.edu/mis5214sec001sp2018/welcome-to-security-architecture/
http://community.mis.temple.edu/mis5214sp2018online/welcome-to-security-architecture/
Section 001:
Section 701:
![Page 51: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/51.jpg)
Readings for next week…
![Page 52: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/52.jpg)
Organization of textbook
![Page 53: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/53.jpg)
Orientation of textbook
![Page 54: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/54.jpg)
What is NIST?
• Non-regulatory agency of the United States Department of Commerce
• Measurement standards laboratory
Mission: Promote innovation and industrial competitiveness
NIST is responsible for developing standards, guidelines, and associated methods and techniques for providing adequate information security for all agency operations and assets (excluding national security systems)
![Page 55: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/55.jpg)
Agenda
Welcome and IntroductionsCourse Goals Course Web SiteSyllabusTextbook and Readings, Course Pack GradingWeekly Cycle Semester ScheduleSecurity Architecture and Enterprise ArchitectureNext Week…
![Page 56: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/56.jpg)
Questions?
![Page 57: Week - 2 - Temple MIS€¦ · Course Web Site 4. Syllabus 5. Textbook and Readings, Course Pack 6. Grading 7. ... supervising the construction of business systems, usually business](https://reader035.vdocument.in/reader035/viewer/2022081516/5fcda8b77fd12e533948a9b4/html5/thumbnails/57.jpg)
Week - 2MIS5214 – Security Architecture