Nluug fall 2010 - security conference slides

688 views
670 views

Published on

My slides for the Security Conference, fall 2010 by NLUUG in the Netherlands. Subject: IT architecture and IT Security, a match made in heaven

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
688
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Nluug fall 2010 - security conference slides

  1. 1. <presentatie>
  2. 2. Ir. Willem J. Kossen Informatiebeveiliging en ICT-Architectuur, een 'match made in heaven’
  3. 3. <Today> • About @wkossen • The Statement • Some Reasoning • Some Discussion • Don’t hesitate to tweet… </Today>
  4. 4. ---1---
  5. 5. @wkossen
  6. 6. http://willemkossen.nl/b http://linkedin.com/in/willemkossen http://twitter.com/wkossen http://stamstruik.nl http://insecten.org http://gazzary.nl … http://wkossen.myopenid.com
  7. 7. http://www.mxi.nl
  8. 8. ---2---
  9. 9. Architecture? • Definition anyone?
  10. 10. • A set of design artifacts, that are relevant for describing an object such that it can be produced to requirements (quality) as well as maintained over the period of its useful life (change). The design artifact describe the structure of components, their inter- relationships, and the principles and guidelines governing their design and evolution over time. • Source: http://www.opensecurityarchitecture.org
  11. 11. Buildings • IT Architecture <> Building Architecture • FAIL
  12. 12. • Diagram of stiffness of a simple square beam (A) and universal beam (B). The universal beam flange sections are three times further apart than the solid beam's upper and lower halves. The second moment of inertia of the universal beam is nine times that of the square beam of equal cross section (universal beam web ignored for simplification)
  13. 13. VS.
  14. 14. Security • Definition anyone?
  15. 15. • Security betekent dat de architect eerst moet inloggen voor hij wat mag zeggen…
  16. 16. Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that "the bad guys" are on the outside, which is often a very bad assumption (MIT)
  17. 17. • Proper Diskette Care and Usage • (1) Never leave diskettes in the drive, as the data can leak out of the disk and corrode the inner mechanics of the drive. Diskettes should be rolled up and stored in pencil holders. • (9) Periodically spray diskettes with insecticide to prevent system bugs from spreading..... • (13) Diskettes become "hard" with age. It's important to back up your "hard" disks before they become too brittle to use. • http://www.monster-island.org/tinashumor/humor/diskcare.html
  18. 18. • Security provided by IT Systems can be defined as the IT system’s ability to being able to protect confidentiality and integrity of processed data, provide availability of the system and data, accountability for transactions processed, and assurance that the system will continue to perform to its design goals • Source: http://www.opensecurityarchitecture.org
  19. 19. NEN 7510 ISO/IEC 17799
  20. 20. Defining • Tends to be hard • No-one agrees • Multi-interpretable • Inconsistent • Vague • Non conclusive • Impractical • …
  21. 21. What can we do? • Make lists • Talk by example • Roll-Your-Own !!! • Use what works • Just choose • …
  22. 22. So much in common • About Real life – Physical, information, behaviour, procedures, tech, etc • Business critical • Descriptive and normative • Quality oriented • Needs awareness • Tend to make things a bit harder and costly  • Take thought, balance and nuance • …
  23. 23. Architecture is:
  24. 24. Relation
  25. 25. What I Do… Samen Veilig Open Architectuur
  26. 26. IT Security Architecture • The design artifacts that describe how the security controls (= security countermeasures) are positioned, and how they relate to the overall IT Architecture. These controls serve the purpose to maintain the system’s quality attributes, among them confidentiality, integrity, availability, accountability and assurance. • Source: http://www.opensecurityarchitecture.org
  27. 27. ---3---
  28. 28. Match Made in Heaven?
  29. 29. • Architecture focuses on coherence, principles, standards and buildingblocks, • Security applies aspects of those to real life
  30. 30. • Architecture and Security are interdependent. The one without the other doesn’t make sense
  31. 31. • If separated, security remains limited to Ad-Hoc conjuring up measures aimed at risk reduction and generally towards technocracy. That tends to not help the organisation.
  32. 32. • Applying IT Security should be aimed at providing the best experience for the user or client with the least amount of obstruction • That way organisational goals (including change) can be met.
  33. 33. • Architectural thinking supports that goal
  34. 34. This isn’t automatic. Awareness is needed: Architectural awareness is a precursor for security-awareness.
  35. 35. • Architecture is… (remember?) • Trends, standaarden, bestpractices, • Goals, strategy, vision, policy • Functional and operation requirements, processes • Risks and other constraints (financial) • Development, design, build, exploitation • Security is present in all of the above…
  36. 36. • Again, the connection is architecture • security is one of the views on architecture. • Looking at security this way, – we improve desicionmaking, – we avoid risk, – we prevent tunnelvision, – everybody profits from the IT assets
  37. 37. • Mensenwerk
  38. 38. • If tijd>10min soundbite()
  39. 39. ---4---
  40. 40. Let’s Talk… • Nabranders: w.kossen@gmail.com
  41. 41. </presentatie>

×