Security Program Architecture Reference Model

2,125 views

Published on

Published in: Business
1 Comment
3 Likes
Statistics
Notes
No Downloads
Views
Total views
2,125
On SlideShare
0
From Embeds
0
Number of Embeds
56
Actions
Shares
0
Downloads
196
Comments
1
Likes
3
Embeds 0
No embeds

No notes for slide

Security Program Architecture Reference Model

  1. 1. *** THIS DOCUMENT IS CLASSIFIED AS CONFIDENTIAL ***
  2. 2. *** THIS DOCUMENT IS CLASSIFIED AS CONFIDENTIAL *** Governance: During this process the security program is aligned with organizational goals and objectives by the leaders that are responsible for assets like information and resources like people. Risk Management: During this process the security program threats and vulnerabilitiesare balanced against existing controls and decisions are made to add or remove risk mitigation controls based on the importance of assets. Compliance Management: During this process the security program identifieslegal obligations defined in statutes, regulations, contract sand maps them to the master control deck providing real-time, continuous evidence. Vulnerability Management: During this process the security program identifiesand mitigates known vulnerabilities. In addition, the VM process also examines Enterprise Architecture for unknown vulnerabilitiesand treats those vulnerabilities. Communication Management: During this process the security program identifiesopportunities to share security related information by creating appropriate communication pieces and carefully selecting and leveragingchannels. Awareness Training: During this process we share tools and techniques used to apply security to daily roles and responsibilities within the organization raising awareness and influencing employees to become more security consciousness. Access and Identity: During this process the security program ensures that persons accessing the organizations information and systems can be positively identifiedand that they have access to the information and resources required to fulfill their roles and responsibilities. Asset Management: During this process the security program ensures that assets are identifiedand registered so that risk management, vulnerabilitymanagement, change management, configuration management and availabilitymanagement can be effective. Document Control: During this process the security program identifiesand controls documentationthat is crucial to produce consistent and reproducible results. Records Management: During this process the security program identifiesrecords that are crucial to produce evidence of conformity with standards and compliance with legal obligations. Internal /External Auditing: During this process the security program provides assurance by verifying and validatingthat the security program is operating effectivelyand makes recommendations where appropriate and necessary for the continuous improvement of the program. Monitoring and Reporting: During this process the security program identifiessecurity events and incidents for follow up action . These events can range from systems faulting to attempts to access unauthorized information or system resources potentiallyleadingto a breach of security and activationof the security incident response process or business continuity plans.

×