Fri Apr 8 06:47:17 PDT 2016
Technical Security Architecture: How are technical controls structured?
Options:
The description is up to them.
Basis:
Technical controls are used in some manner to accomplish some set of goals and within some framework.
A structured approach to technical controls following the
technical security architecture of the enterprise protection approach
used in this assessment should be applied:
Technical Security Architecture
Protection Processes |
Inventory | Work flows | Metadata |
---|
|
|
| Process |
Deter |
Prevent |
Detect |
React |
Adapt |
Data State |
At Rest |
In Use |
In Motion |
| Protective Mechanisms
Perception:
obscurity - profile - appearance - deception - depiction - cognition |
Behavior:
change - timeframe - fail-safe - fault tolerance - human - separation of duties - least privilege - intrusion/anomaly detection and response |
Structure:
control and data flows - digital diodes - firewalls and bypasses - barriers - mandatory / discretionary access controls - zoning |
Content:
transforms - filters - markings - syntax - situation - presentation |
Content and its business utility |
|
| Lifecycles |
Business |
People |
Systems |
Data |
Context |
Time |
Location |
Purpose |
Behavior |
Identity |
Method |
|
|
|
Technical control structure
Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved
|