Enterprise Information Systems Security Architectural Framework (EISSAF) is a holistic security design methodology. It is the collection of resources and design tools for formalizing, visualizing, and modeling an information system security design.
This work includes the definition of information security that captures the objectives and parameters that affect security of information systems in an enterprise. At the heart of the EISSAF is the aggregation of the various architectural components, stakeholders and entity abstractions, entity and data relations and flows. The result is a set of diagrams, definitions and relationships. These are
developed as building blocks for the holistic design of information system security architecture. The objective is to enable enterprises develop, analyze, and measure security designs efficiently and cost-effectively.
Security affects, and is affected by, every component; objects and subjects, of an enterprise. Subjects act on objects. An enterprise consists of people, policies and technologies and there are security requirements (or attributes) for each of these. Also, an enterprise can be modeled hierarchically to account for decision and operational structures. This complex relationship can be visualized in a three dimensional Cartesian plane. The planes of the three dimensional representation are the architectural layers, the architectural perspectives, and the architectural security attributes. This three dimensional view demonstrate the nuance that is often missed in many discussion about security. The fundamental interplay of procedures, system level decisions, technology deployment and end user interaction, in the security of an enterprise. EISSAF capture these interactions.
The EISSAF design framework is organized into basic security attributes, architectural perspectives and enterprise hierarchy, or layers. At each layer, the various perspectives interact and depend on the various attributes. The three dimensional representation in Figure 2.1 present the basic idea.
Figure 2.1 EISSAF Construct in Cartesian Coordinates
The fundamental construct of EISSAF is the organization of an enterprise into four basic layers of organizational abstraction; strategic, business, systems, and operational. Every organization or enterprise consists of three basic components; people, policies, and technologies. These components are represented or can be mapped into the four organizational layers. These components are called perspectives. Security can be defined from these perspectives. A third construct of the EISSAF is what constitutes security. Research points to four essential attributes of a system by which its security is can be described. These four attributes are also the essential requirements information systems security controls are meant to protect. They are privacy, integrity, confidentiality, and availability. The EISSAF construct is presented in Figure 2.2
EISSAF provides a framework for a complete abstraction of the Enterprise Information System. The choice of abstraction is aimed at minimizing redundancy in definitions and constructs thereby improving the measurability. To facilitate clarity and assure consistency, definition of some of the basic constructs of the EISSAF are presented in the upcoming sections.
Figure 2.2 EISSAF construct showing layers, attributes and perspectives
Security Layers (Dimensions)
An architectural layer represents the fundamental hierarchy of architectural organization and depicts layers of details, abstraction and responsibility. EISSAF defines four layers; Strategic Layer, Business Layer, Systems Layer and Operational Layer.
Strategic Security Layer
This is a construct similar to Zachman's [28] layers. The EISSAF strategic layer abstracts the stakeholder's view of the enterprise's vision and objective. The architectural vision is defined, and the goals documented. Enterprise expectations and measures are specified. The output of this layer is the driver for business decisions and thus, the Business Layer. Business leaders and stakeholders always refer to an overarching big-picture or general direction and goals. The strategic layer typically describes two perspectives, people and policies. The technology perspectives are often then left to lower layers in the enterprise architectural development hierarchy.
Principals involved in the Strategic layers often include the enterprise architect, business owner(s) and enterprise stakeholders , regulatory bodies and standard development bodies.
In developing a security architecture (using EISSA), enterprise architects will require answers to layer-specific questions. The answers they obtain then serve as Architectural Development Guides (ADG). ADG help clarify concerns, performance requirements, and security attributes. Different questions will be asked as part of the ADG at different layers, each expected to produce increasing level of detail and abstraction. These answers also serve as basis for performance measure and security metrics computations. This process is the Architectural Development Process, ADP.
The level of details and enterprise abstraction developed as a result of the strategic layer ADP is critical to a successful architectural design. The details may also be used in determining the Maturity level of the enterprise [ [29], [30] ].
The Strategic layer is about enterprise leadership and governance; it is for vision declaration and metric identification. Example Strategic level goals could include:
- Democracy – Assure Optimum Voter's Confidence in the Election System and its result
- Financial – Maximize customer's privacy and become the most customer friendly Bank in the United States as well as the most functionally efficient.
- Most Secure Online Service – Obtain highest industry rating in online-banking security.
The forgoing examples show a big-picture expectation and serve as the basis for performance measures. When the security metric is identified, the enterprise security architecture can then be designed to attain a given metric level or value averaged over a given period or consistent over a specified interval. An example will be "An election with security metric of 0.95, representing 95% errors free in all security attributes combined".
Business Security Layer
The Business or motivation layer addresses the goals in manners that lay out the how to achieve them. The Business layer is driven by the Strategic layer and is often the first design phase in the EISSA ADP. The enterprise's core security compliance requirements are addressed. Potential liabilities and risks associated with various decisions are also determined here. The Business layer often requires all three architectural perspectives; people, policies and technologies. It is common that technology is described with fewer details than at lower levels in the ADP hierarchy. Business Layer concerns itself with operational basis and process motivation. The directions for achieving these are specified and serve as the systems driver (Figure 2.3).
Sample Business Layer operations or objectives:
- An Election System business objectives might include :
- Maximize Voter Participation and Confidence by ensuring all eligible voters are able to vote in compliance with the Voting Rights Act of 1959 as amended and re-authorized in 2006.
- Reduce ballot fraud by to less than 1% in subsequent elections.
- Assure 100% accuracy in vote counts by implementing appropriate technologies and procedures.
- A financial Enterprise business objectives might include:
- Attain 10 million client level by reducing the customer-turnover to less than 10% from the current level of 50% and increasing new customer targeted advertisement to reach additional 20 million potential customers.
- Enhance Operational Efficiency and eliminate wastes by improving unit productivity and eliminating stove-pipes and bottle necks.
The Business Layer is a fundamental level of performance measure and a feedback point to the strategic as well as lower abstraction layers including the systems and the operational dimension. Objectives are determined by people, governed by policies and achieved by the combination of people, policies, and technologies. Examples of people involved in the Business layers are:
- An Organization's C-Level Executives and Business-Leaders
- The Federal Election Commission , driven by the legal mandates of the congress
- The office of State's Secretary of state, for an election system.
- Council Board of Election is also a business level operative for an election.
Business layer policy abstractions may include:
- Industry standards such as ISO/IEC 17799 (ISO 2700-2005), aimed at providing operation guidance for achieving specific compliance requirements or mandate.
- State Election guidelines, regulations, and procedures
Business layer technologies may include:
- An Enterprise Architectural technology or an Enterprise Resource Planning (ERP) tool will be an example Business Layer technology, enabling essential reporting and performance measures.
- The Business layer could mandate the use of a technology solution such as internet voting, or touch screen voting. It may not necessarily determine what vendor or what specific protocol to use.
Systems Layer
This can also be called the technology or solutions layer or dimension. This layer addresses enterprise components integration and interrelations with ramifications for effectiveness, performance and security. This is where detailed technology specifications are provided as are details connection and operational protocols. The system layer derives directly from the Business Architecture and is designed with the Enterprise goals in mind.
The System layer includes definition of systems and module; abstraction articulation of inter-system and intra-system communication protocols for data flow and data transfer. The system layer includes a significant level of implementation details. Consider the business layer as analogous to the main-contractor, then the system layer will be analogous to the sub-contractor. Security profile becomes more apparent, thus this level is suitable to rigorous metric computation. Providing a feedback loop between the system and the business layer improves efficiency.
Security requirements and features are defined clearly at the systems layer. This provides for clear translation for measuring the performance of operational enterprise with respect to the business requirements of the enterprise.
At the Systems layer, people, policies and or technology are represented. Some examples of people at this layer of the EISSAF hierarchy include:
- Vendors, Evaluating Entities
- Developers, Implementation Engineers
- Election Management Personnel
At this layer, policies would typically be in the form of standards, best practices, guidelines, and regulations. Some examples include:
- Standards , Recommendations, Best Practices
- CoBiT , ISO/IEC 17799-2005 (2700-2005)
- SSE-CMM
- Corporate procedures and guidelines.
System layer technology perspective provides sufficient insight into the operational architectural view. It includes technology specifications, and serve as the operational driver. Some of the systems level technologies include:
- Enterprise Network (LAN, WAN, Wireless, Data, Voice, Converged)
- Identity Management (Access Control)
- Cryptography (Key Management)
- Service Audit (Logging, Monitoring)
- Recovery/ Availability (Clustering and Back-Up )/Disaster Management
- Platforms (Vendors / Systems )
- TLS / PKI / AES
- TCP / IP , OSI , ISO
- Network Architecture / Design / Implementation
- Control & Identity Infrastructures
- Desktop and Server Management Structures/ Technologies
Figure 2.5 EISSAF Architectural Layers
Operational Security Dimension
Systems layer perspectives drive the operational layer design as shown in Figure 2.5 above. The operational layer is the user-facing layer. This is the last layer of the ADP and the construct include all three Enterprise Architectural perspectives; people, policies and technologies. The Operational dimension is crucial in the EISSAF ADP, in the EISSA modeling and metric simulations. All the vision, mission, and objectives determined at the strategic layer and actualized here. Operational layer architecture often relates to specific events or activities. Emphasis is on technology and people view. The security solutions at the operational layer are directly traceable to the strategic objectives, thus measures computed here are traceable to measures determined at the strategic layer.
A well architected EISSA will include paths for reviewing the operational outputs from the Operational layer into the Systems, Business as well as the Strategic layers. This is important for agility, serving also as the basis for enhancing efficiency, performance and security.
Many enterprises today lack an efficient feedback process. One of the goals of this work is to provide a holistic mechanism for feedback and process improvement. Methodologies such as Six Sigma and Baldrige provide framework for process improvement. EISSAF can be used in support of these other frameworks.
Often Operational layer policies are in the form of procedures, guidelines and instructions. Since they are governed by laws, regulations, and standards their impact and effectiveness can be mapped to the regulations at the strategic layer.
Operational layer people will include personnel directly interfacing with the resulting enterprise. For an election system, these will include; election judges, poll workers, vendor representatives, voters, and potential adversaries.
At the operational layer, technology is definite. Details ranging from network connection types, links and equipments to operating systems and more. For information systems, the most data is available at this layer. Examples of technology views at this layer include
- Operating Systems type such as Windows 2003 release 2
- Application Server such as Apache 2.2 running on a FreeBSD 6.1 minimal build with OpenSSH 0.9d installed. Other details may also be provided.
- Diebold AccuVote TS Direct Recording Election System
- Diebold Global Elections Management System
- Sequoia Voting System Optech Insight machine
- Cisco 4510R switch with 384 optical ports
Each of the technology item identified in the enterprise must map into the system layer technology view architecture. The system layer architecture must map into the business layer. The business layer must also map into the strategic layer. Thus every perspective element in the lower layers must be traceable to a strategic requirement or element.
The EISSAF architectural development process requires feedback between adjacent layers and between all layers. This many-to-many feedback loop improves the visibility and agility of the enterprise. The EISSAF supports feedback through the metric framework. The feedback process is captured in Figure 2.6.
Figure 2.6 EISSAF ADP Hierarchy & Process Feedback
No comments:
Post a Comment