SlideShare a Scribd company logo

ESA for Business

Download as PPTX, PDF
Maganathin Veeraragaloo
Maganathin Veeraragaloo

Enterprise Security Architecture - a Business perspective

Technology
1 of 45
M. M. Veeraragaloo March 2016
Agenda  Strategy and Planning  Risk and Opportunity  Business Context and Requirements  Architectural Strategies  Internet of Things / Everything  Cloud  Bi-Modal  Digitisation / Disruptors  Bring Your Own Identity (BYOID)  Choose Your Own Device (CYOD)
Strategy and Planning Does Enterprise Architecture Drive the Strategy? Source: Enterprise Architecture as a Strategy Source: TOGAF Capability Framework Source: FEAF Source: Gartner
Architecture Supports Strategy Every morning in Africa, a Gazelle wakes up . It knows it must run faster than the fastest lion……. or it will be killed. Business View – Survival Strategy When the sun comes up in Africa, it doesn’t matter what shape you are: If you want to survive, what matters is that you’d better be running! Every morning in Africa, a Lion wakes up. It knows it must run faster than the slowest Gazelle ……. or it will die of starvation. Is it better to be a Lion or a Gazelle?
Strategy and Planning Security in Context? The Business Prevention Department Security is Complex to Define Security Does not exist in Isolation SECURE’ has no intrinsic meaning To much emphasis on Technology Silo Approach to Security
Strategy and Planning Enterprise Security Architecture? Layered Framework Integrated System Approach Security meets the Needs of Business
Strategy and Planning Feature Advantages Chairman / Board View Business-Driven Value-Assured Protects shareholder value Risk Focused Prioritised and Proportional Optimizes shareholder risk & aligns with risk appetite Comprehensive Scalable Scope Addresses all shareholder concerns Modular Agility Enables flexibility to meet dynamic market & economic conditions Open Source Free use, Standard Guarantees perpetuity of return on investment Auditable Demonstrates Compliance Demonstrates compliance to regulators & external auditors Transparent Two Way Traceability Supports market transparency & disclosure Enterprise Security Architecture Framework?
Strategy and Planning Feature Advantages CEO View Business-Driven Value-Assured Protects corporate reputation Risk Focused Prioritised and Proportional Meets corporate governance requirements Comprehensive Scalable Scope Meets enterprise-wide requirements Modular Agility Enables fast time to market with business solutions Open Source Free use, Standard Provides assurance through industry standard Auditable Demonstrates Compliance Ensures a smooth & successful external & regulatory audit process Transparent Two Way Traceability Provides a clear view of expenditure and value returned Enterprise Security Architecture Framework?
Strategy and Planning Feature Advantages CFO View Business-Driven Value-Assured Ensures efficient return on investment Risk Focused Prioritised and Proportional Improves predictability & consistency Comprehensive Scalable Scope Supports scalable, granular budgeting Modular Agility Facilitates effective management of capital & operational costs Open Source Free use, Standard Eliminates expensive & on-going license fees Auditable Demonstrates Compliance Minimizes cost of management time dealing with audit processes Transparent Two Way Traceability Enables full audit ability for effectiveness of expenditure Enterprise Security Architecture Framework?
Strategy and Planning Feature Advantages COO View Business-Driven Value-Assured Focuses on performance management Risk Focused Prioritised and Proportional Enables process improvement Comprehensive Scalable Scope Provides end-to-end process coverage Modular Agility Integrates legacy and future environments Open Source Free use, Standard Simplifies recruitment and training Auditable Demonstrates Compliance Minimises adverse effect of audit findings on performance targets Transparent Two Way Traceability Measures efficiency & effectiveness of processes & resources Enterprise Security Architecture Framework?
Strategy and Planning Feature Advantages CRO View Business-Driven Value-Assured Enables flexible fit with industry regulations Risk Focused Prioritised and Proportional Supports enterprise risk & opportunity management Comprehensive Scalable Scope Enables a fully-integrated risk management strategy Modular Agility Enables incrementally increasing maturity Open Source Free use, Standard Provides global acceptability for auditors & regulators Auditable Demonstrates Compliance Ensures that compliance risk is effectively managed Transparent Two Way Traceability Demonstrates current state, desired state of compliance levels Enterprise Security Architecture Framework?
Strategy and Planning Feature Advantages CIO View Business-Driven Value-Assured Enables a digital information-age business Risk Focused Prioritised and Proportional Identifies information exploitation opportunities Comprehensive Scalable Scope Sustains through-life information architecture Modular Agility Enables technology-neutral information management strategies Open Source Free use, Standard Provides a future-proof framework for information management Auditable Demonstrates Compliance Facilitates smooth & successful audits of systems & processes Transparent Two Way Traceability Encourages fully integrated people- process-technology solutions Enterprise Security Architecture Framework?
Strategy and Planning Feature Advantages CISO View Business-Driven Value-Assured Facilitates alignment of security strategy with business goals Risk Focused Prioritised and Proportional Facilitates prioritization of security and risk-control solutions Comprehensive Scalable Scope Ensures all business security & control concerns are addressed Modular Agility Enables a project-focused approach to security development Open Source Free use, Standard Provides a sustainable framework for security integration Auditable Demonstrates Compliance Supports security, risk & opportunity review processes Transparent Two Way Traceability Provides traceability of business- aligned security implementations Enterprise Security Architecture Framework?
Strategy and Planning Feature Advantages CTO / Architect View Business-Driven Value-Assured Leverages the full power of information technology Risk Focused Prioritised and Proportional Manages information system risk Comprehensive Scalable Scope Applies at any project size or level of complexity Modular Agility Provides a holistic and integrated architectural approach Open Source Free use, Standard Avoids vendor-dependence and lock-in Auditable Demonstrates Compliance Improves relationship and interactions with auditors & reviewers Transparent Two Way Traceability Verifies justification and completeness of technical solutions Enterprise Security Architecture Framework?
Strategy and Planning Sherwood Applied Business Security Architecture (SABSA)
SABSA META MODEL
SABSA Matrix
SABSA and TOGAF
Risk and Opportunity  Regulatory Drivers for Operational Risk Management  BASEL II, SOX, Corporate Governance, PCI, HIPAA  ISO 31000 – Improved planning through provision of information for decision-making  Risk Management  Strategic, operational and business imperative  Risk Analysis Measures Risk Elements  Valuing assets, Identifying threats, Quantifying business impacts, Identifying vulnerabilities  Issues with Threat-driven Approach  Technical threats are not well understood by stakeholders  Impact-based Approach  Provides a good view of business criticality  Operational Risk – SABSA Approach  Business enablement is achieved through excellence in operational processes, people and technical systems
Risk and Opportunity SABSA Risk & Opportunity Model
Business Context and Requirements  Business-Driven means never losing site of the organisation’s goals, objectives, success factors and targets.  Ensuring that the security strategy demonstrably supports, enhances and protects this.  Contextual Architecture Layer  Full Set of Requirements, including conflicts in Business Strategy, Risks & Priorities  Conceptual Architecture Layer  Resolve these conflicts by delivering an appropriate, measurable security strategy Business Driven Architecture
Business Context and Requirements  Each Organisations Business Needs are Unique  Meaningful traceability is enabled by credible abstraction from business context (assets, goals & objectives) to a business security context Business Driven Architecture
Business Context and Requirements  An Attribute is a conceptual abstraction of a real business requirement (the goals, objectives, drivers, targets, and assets confirmed as part of the business contextual architecture)  The Attributes Profiling technique enables any unique set of business requirements to be engineered as a standardised and re-usable set of specifications  The Attributes are modeled into a normalised language that articulates requirements and measures performance in a way that is instinctive to all stakeholders Defining Business Attributes
Business Context and Requirements  Attributes can be tangible or intangible  Each attribute requires a meaningful name and detailed definition customised specifically for a particular organisation  Each attribute requires a measurement approach and metric to be defined during the SABSA Strategy & Planning phase to set performance targets for security  Attributes must be validated (and preferably created) by senior management & the business stake-holders by report, interview or facilitated workshop  The performance targets are then used as the basis for reporting and/or SLAs in the SABSA Manage & Measure phase  Powerful requirements engineering technique  Populates the vital ‘missing link’ between business requirements and technology / process design Attributes Profiling Rules & Features
Business Context and Requirements Sample Taxonomy of Attributes
Architectural Strategies  Define the Business Drivers for the Industry Driver # Business Drivers BD1 Protecting the reputation of the Organization, ensuring that it is perceived as competent in its sector BD2 Providing support to the claims made by the Organization about its competence to carry out its intended functions BD3 Protecting the trust that exists in business relationships and propagating that trust across remote electronic business communications links and distributed information systems BD4 Maintaining the confidence of other key parties in their relationships with the Organization BD5 Maintaining the operational capability of the Organization’s systems BD6 Maintaining the continuity of service delivery, including the ability to meet the requirements of service level agreements where these exist BD7 Maintaining the accuracy of information BD8 Maintaining the ability to govern BD9 Preventing losses through financial fraud BD33 Ensuring that security services can be extended to all user locations, to all interface types and across all network types that will be used to support delivery BD34 Maximize the economic advantage of the Enterprise Security Architecture BD35 Security services to be supported through electronic communications, without the need for physical transfer of documents or storage media. BD36 System security solutions should as far as possible comply with internal and external standards and best practices BD37 The Security Architecture should be independent of any specific vendor or product, and should be capable of supporting multiple products from multiple vendors BD38 The Security Architecture must remain compatible with new technical solutions as these evolve and become available, and with new business requirements as these emerge, with a minimum of redesign BD39 The Security Architecture must be able to be adapted to counter new threats and vulnerabilities as they are discovered BD40 Ensure that the required internal and external cultural shift is achieved to support the Security Architecture BD41 Ensuring accurate information is available when needed BD42 Minimise the risk of loss of key customer relationships BD43 Minimize the risk of excessive loading on insurance premiums due to negligence on the Organization’s behalf or lack of due diligence
Architectural Strategies  Define the Business Attributes for the Industry Business Attributes User Attributes Management Attributes Risk Management Attributes Legal/Regulatory Attributes Technical Strategy Attributes Operational Attributes Business Strategy Attributes Business Attribute Business Attribute Definition Suggested Measurement Approach Metric Type User Attributes Accessible Information to which the user is entitled to gain access should be easily found and accessed by that user. Search tree depth necessary to find the information Soft Accurate The information provided to users should be accurate within a range that has been preagreed upon as being applicable to the service being delivered. Acceptance testing on key data to demonstrate compliance with design rules Hard Anonymous For certain specialized types of service, the anonymity of the user should be protected. Rigorous proof of system functionality Red team review Hard Soft  Business Attribute integrated with Measurements for the Industry
Architectural Strategies  Integrate the Business Drivers and Business Attributes for the Industry  Business Attribute integrated with Measurements for the Industry Business Attribute Business Driver Business Attribute Definition Measurement Approach Metric Performance Target User Attributes Accessible 5 Information to which the user is entitled to gain access should be easily found and accessed by that user. Search tree depth necessary to find the information Soft Accurate 7 The information provided to users should be accurate within a range that has been preagreed upon as being applicable to the service being delivered. Acceptance testing on key data to demonstrate compliance with design rules Hard Anonymous 4 For certain specialized types of service, the anonymity of the user should be protected. Rigorous proof of system functionality Red team review Hard Soft
Architectural Strategies
Architectural Strategies Internet of Things / Everything
Architectural Strategies Data Sovereignty Data Protection Provider Trust Management Business Continuity Management Risk Management Cloud Computing
Architectural Strategies
Architectural Strategies Source: An Enterprise Architecture Practitioner’s Notes: Volume 3 Solution Level Architecture Bimodal
Architectural Strategies Digitisation / Disruptors Digital Disruptors Source: Gartner 2015
Architectural Strategies Digitisation / Disruptors Digital Disruptors
Architectural Strategies Bring Your Own Identity (BYOID) Security Risk? or Business Advantage? What is the Business Value? Is it part of the Corporate Strategy? Loss of Control vs Cost
Architectural Strategies Employees appreciate using the device with which they are the most comfortable with. Requires employees to choose from a list of preapproved devices.
Business Models Cloud Services Bimodal Services Digital Disruptors IoT Green ITBYOD CYOD BYOID Big Data
The Journey is the Reward ~ Chinese Proverb

Recommended

Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
SABSA overview
SABSA overviewSABSA overview
SABSA overviewSABSAcourses
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0Maganathin Veeraragaloo
 
SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0Maganathin Veeraragaloo
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0Maganathin Veeraragaloo
 

Recommended

Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitectureKris Kimmerle
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
SABSA overview
SABSA overviewSABSA overview
SABSA overviewSABSAcourses
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0Maganathin Veeraragaloo
 
SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0Maganathin Veeraragaloo
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0Maganathin Veeraragaloo
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSAMaganathin Veeraragaloo
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0Maganathin Veeraragaloo
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0Maganathin Veeraragaloo
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSAcourses
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0Maganathin Veeraragaloo
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0Maganathin Veeraragaloo
 
Compliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRCompliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRSABSAcourses
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Security Architecture-Security Models
Security Architecture-Security ModelsSecurity Architecture-Security Models
Security Architecture-Security ModelsSuraj Singh
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Maganathin Veeraragaloo
 
TOGAF 9 Soa Governance Ver1 0
TOGAF 9 Soa Governance Ver1 0TOGAF 9 Soa Governance Ver1 0
TOGAF 9 Soa Governance Ver1 0Maganathin Veeraragaloo
 

More Related Content

What's hot

Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationSeccuris Inc.
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architectureMubashirAslam5
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSAcourses
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy Allen Baranov
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureThe Open Group SA
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextDavid Sweigert
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSAcourses
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfParishSummer
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
 
Compliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRCompliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRSABSAcourses
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureSABSAcourses
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Security Architecture-Security Models
Security Architecture-Security ModelsSecurity Architecture-Security Models
Security Architecture-Security ModelsSuraj Singh
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 

What's hot (20)

Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
 
SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0SABSA Implementation(Part IV)_ver1-0
SABSA Implementation(Part IV)_ver1-0
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
Security-by-Design in Enterprise Architecture
Security-by-Design in Enterprise ArchitectureSecurity-by-Design in Enterprise Architecture
Security-by-Design in Enterprise Architecture
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summary
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0
 
Compliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPRCompliance to Enablement - SABSA & GDPR
Compliance to Enablement - SABSA & GDPR
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Security Architecture-Security Models
Security Architecture-Security ModelsSecurity Architecture-Security Models
Security Architecture-Security Models
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 

Viewers also liked

Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Maganathin Veeraragaloo
 
Togaf 9 Capability Based Planning Ver1 0
Togaf 9 Capability Based Planning Ver1 0Togaf 9 Capability Based Planning Ver1 0
Togaf 9 Capability Based Planning Ver1 0Maganathin Veeraragaloo
 
A revised TOGAF ADM for whole-of-enterprise architecture development
A revised TOGAF ADM for whole-of-enterprise architecture developmentA revised TOGAF ADM for whole-of-enterprise architecture development
A revised TOGAF ADM for whole-of-enterprise architecture developmentTetradian Consulting
 

Viewers also liked (14)

Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1
 
TOGAF 9 Soa Governance Ver1 0
TOGAF 9 Soa Governance Ver1 0TOGAF 9 Soa Governance Ver1 0
TOGAF 9 Soa Governance Ver1 0
 
TOGAF 9 Architecture Partitioning
TOGAF 9 Architecture PartitioningTOGAF 9 Architecture Partitioning
TOGAF 9 Architecture Partitioning
 
Togaf 9 template statement of architecture work
Togaf 9 template statement of architecture workTogaf 9 template statement of architecture work
Togaf 9 template statement of architecture work
 
Criteria For EA Tool Selection
Criteria For EA Tool SelectionCriteria For EA Tool Selection
Criteria For EA Tool Selection
 
TOGAF 9 Guidelinesand Techniques Ver1 0
TOGAF 9 Guidelinesand Techniques Ver1 0TOGAF 9 Guidelinesand Techniques Ver1 0
TOGAF 9 Guidelinesand Techniques Ver1 0
 
Togaf introduction ver1 0
Togaf introduction ver1 0Togaf introduction ver1 0
Togaf introduction ver1 0
 
TOGAF 9 Enterprise Continuum
TOGAF 9 Enterprise ContinuumTOGAF 9 Enterprise Continuum
TOGAF 9 Enterprise Continuum
 
Togaf 9 Capability Based Planning Ver1 0
Togaf 9 Capability Based Planning Ver1 0Togaf 9 Capability Based Planning Ver1 0
Togaf 9 Capability Based Planning Ver1 0
 
Archimate Meta Model
Archimate Meta ModelArchimate Meta Model
Archimate Meta Model
 
Ea Value And Benefits Ver1 0
Ea Value And Benefits Ver1 0Ea Value And Benefits Ver1 0
Ea Value And Benefits Ver1 0
 
TOGAF 9 Methodology Ver1 0
TOGAF 9 Methodology Ver1 0TOGAF 9 Methodology Ver1 0
TOGAF 9 Methodology Ver1 0
 
Ea As Strategy Ver1 1
Ea As Strategy Ver1 1Ea As Strategy Ver1 1
Ea As Strategy Ver1 1
 
A revised TOGAF ADM for whole-of-enterprise architecture development
A revised TOGAF ADM for whole-of-enterprise architecture developmentA revised TOGAF ADM for whole-of-enterprise architecture development
A revised TOGAF ADM for whole-of-enterprise architecture development
 

Similar to ESA for Business

Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?rbrockway
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedkonchada
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedkonchada
 
Leverage Data Strategy as a Catalyst for Innovation
Leverage Data Strategy as a Catalyst for InnovationLeverage Data Strategy as a Catalyst for Innovation
Leverage Data Strategy as a Catalyst for InnovationGlorium Tech
 
Agile Vendor Selection 09 May
Agile Vendor Selection 09 MayAgile Vendor Selection 09 May
Agile Vendor Selection 09 Maynbcoenen
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixNix Inc.,
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureSuresh Kanniappan
 
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATIONMohit Sharma (GAICD)
 
Advantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentAdvantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentIBM Analytics
 
Align IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdfAlign IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdfJoelRodriguze
 
Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023Nikki Chapple
 
Enterprise Architecture: An enabler of organizational agility
Enterprise Architecture: An enabler of organizational agility Enterprise Architecture: An enabler of organizational agility
Enterprise Architecture: An enabler of organizational agility PECB
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) Priyanka Aash
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security programWilliam Godwin
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And ArchitectureAlan McSweeney
 
Enterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful BusinessEnterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful BusinessNathaniel Palmer
 
IMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfIMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfudayabhaskar42
 

Similar to ESA for Business (20)

Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
Saikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updatedSaikiran_CV_Operational Risk_updated
Saikiran_CV_Operational Risk_updated
 
Leverage Data Strategy as a Catalyst for Innovation
Leverage Data Strategy as a Catalyst for InnovationLeverage Data Strategy as a Catalyst for Innovation
Leverage Data Strategy as a Catalyst for Innovation
 
Agile Vendor Selection 09 May
Agile Vendor Selection 09 MayAgile Vendor Selection 09 May
Agile Vendor Selection 09 May
 
Fixnix GRC Suite A Glance
Fixnix GRC Suite A GlanceFixnix GRC Suite A Glance
Fixnix GRC Suite A Glance
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance Brochure
 
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
HOW TO OVERCOME TECHNICAL LIMITATIONS TO SCALE UP AUTOMATION
 
Advantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environmentAdvantages of an integrated governance, risk and compliance environment
Advantages of an integrated governance, risk and compliance environment
 
Align IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdfAlign IT and Enterprise Operating Models.pdf
Align IT and Enterprise Operating Models.pdf
 
Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023Real World Governance Risk and Compliance | European Collaboration Summit 2023
Real World Governance Risk and Compliance | European Collaboration Summit 2023
 
Enterprise Architecture: An enabler of organizational agility
Enterprise Architecture: An enabler of organizational agility Enterprise Architecture: An enabler of organizational agility
Enterprise Architecture: An enabler of organizational agility
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
Business case for Information Security program
Business case for Information Security programBusiness case for Information Security program
Business case for Information Security program
 
Approach To It Strategy And Architecture
Approach To It Strategy And ArchitectureApproach To It Strategy And Architecture
Approach To It Strategy And Architecture
 
Seleqtech Info
Seleqtech InfoSeleqtech Info
Seleqtech Info
 
Enterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful BusinessEnterprise Architecture Governance: A Framework for Successful Business
Enterprise Architecture Governance: A Framework for Successful Business
 
IMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdfIMPLEMENTATION BEST PRACTICES Sep 22.pdf
IMPLEMENTATION BEST PRACTICES Sep 22.pdf
 
Business Intelligenze Corporate
Business Intelligenze CorporateBusiness Intelligenze Corporate
Business Intelligenze Corporate
 

More from Maganathin Veeraragaloo

Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Maganathin Veeraragaloo
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Enterprise security architecture approach
Enterprise security architecture approachEnterprise security architecture approach
Enterprise security architecture approachMaganathin Veeraragaloo
 

More from Maganathin Veeraragaloo (20)

MULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTUREMULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTURE
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)
 
Cloud security (domain6 10)
Cloud security (domain6 10)Cloud security (domain6 10)
Cloud security (domain6 10)
 
Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)Cloud Security (Domain1- 5)
Cloud Security (Domain1- 5)
 
BTABOK / ITABOK
BTABOK / ITABOKBTABOK / ITABOK
BTABOK / ITABOK
 
Observability
ObservabilityObservability
Observability
 
Foresight 4 Cybersecurity
Foresight 4 CybersecurityForesight 4 Cybersecurity
Foresight 4 Cybersecurity
 
Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
ISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust FrameworkISO 27005 - Digital Trust Framework
ISO 27005 - Digital Trust Framework
 
ITIL4 - DIGITAL TRUST FRAMEWORK
ITIL4 - DIGITAL TRUST FRAMEWORKITIL4 - DIGITAL TRUST FRAMEWORK
ITIL4 - DIGITAL TRUST FRAMEWORK
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORK
 
Open Digital Framework from TMFORUM
Open Digital Framework from TMFORUMOpen Digital Framework from TMFORUM
Open Digital Framework from TMFORUM
 
Enterprise security architecture approach
Enterprise security architecture approachEnterprise security architecture approach
Enterprise security architecture approach
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data Privacy
 
XaaS Overview
XaaS OverviewXaaS Overview
XaaS Overview
 
Multi cloud security architecture
Multi cloud security architecture Multi cloud security architecture
Multi cloud security architecture
 
Multi Cloud Architecture Approach
Multi Cloud Architecture ApproachMulti Cloud Architecture Approach
Multi Cloud Architecture Approach
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

ESA for Business

  • 2. Agenda  Strategy and Planning  Risk and Opportunity  Business Context and Requirements  Architectural Strategies  Internet of Things / Everything  Cloud  Bi-Modal  Digitisation / Disruptors  Bring Your Own Identity (BYOID)  Choose Your Own Device (CYOD)
  • 3.
  • 4. Strategy and Planning Does Enterprise Architecture Drive the Strategy? Source: Enterprise Architecture as a Strategy Source: TOGAF Capability Framework Source: FEAF Source: Gartner
  • 5. Architecture Supports Strategy Every morning in Africa, a Gazelle wakes up . It knows it must run faster than the fastest lion……. or it will be killed. Business View – Survival Strategy When the sun comes up in Africa, it doesn’t matter what shape you are: If you want to survive, what matters is that you’d better be running! Every morning in Africa, a Lion wakes up. It knows it must run faster than the slowest Gazelle ……. or it will die of starvation. Is it better to be a Lion or a Gazelle?
  • 6. Strategy and Planning Security in Context? The Business Prevention Department Security is Complex to Define Security Does not exist in Isolation SECURE’ has no intrinsic meaning To much emphasis on Technology Silo Approach to Security
  • 7. Strategy and Planning Enterprise Security Architecture? Layered Framework Integrated System Approach Security meets the Needs of Business
  • 8. Strategy and Planning Feature Advantages Chairman / Board View Business-Driven Value-Assured Protects shareholder value Risk Focused Prioritised and Proportional Optimizes shareholder risk & aligns with risk appetite Comprehensive Scalable Scope Addresses all shareholder concerns Modular Agility Enables flexibility to meet dynamic market & economic conditions Open Source Free use, Standard Guarantees perpetuity of return on investment Auditable Demonstrates Compliance Demonstrates compliance to regulators & external auditors Transparent Two Way Traceability Supports market transparency & disclosure Enterprise Security Architecture Framework?
  • 9. Strategy and Planning Feature Advantages CEO View Business-Driven Value-Assured Protects corporate reputation Risk Focused Prioritised and Proportional Meets corporate governance requirements Comprehensive Scalable Scope Meets enterprise-wide requirements Modular Agility Enables fast time to market with business solutions Open Source Free use, Standard Provides assurance through industry standard Auditable Demonstrates Compliance Ensures a smooth & successful external & regulatory audit process Transparent Two Way Traceability Provides a clear view of expenditure and value returned Enterprise Security Architecture Framework?
  • 10. Strategy and Planning Feature Advantages CFO View Business-Driven Value-Assured Ensures efficient return on investment Risk Focused Prioritised and Proportional Improves predictability & consistency Comprehensive Scalable Scope Supports scalable, granular budgeting Modular Agility Facilitates effective management of capital & operational costs Open Source Free use, Standard Eliminates expensive & on-going license fees Auditable Demonstrates Compliance Minimizes cost of management time dealing with audit processes Transparent Two Way Traceability Enables full audit ability for effectiveness of expenditure Enterprise Security Architecture Framework?
  • 11. Strategy and Planning Feature Advantages COO View Business-Driven Value-Assured Focuses on performance management Risk Focused Prioritised and Proportional Enables process improvement Comprehensive Scalable Scope Provides end-to-end process coverage Modular Agility Integrates legacy and future environments Open Source Free use, Standard Simplifies recruitment and training Auditable Demonstrates Compliance Minimises adverse effect of audit findings on performance targets Transparent Two Way Traceability Measures efficiency & effectiveness of processes & resources Enterprise Security Architecture Framework?
  • 12. Strategy and Planning Feature Advantages CRO View Business-Driven Value-Assured Enables flexible fit with industry regulations Risk Focused Prioritised and Proportional Supports enterprise risk & opportunity management Comprehensive Scalable Scope Enables a fully-integrated risk management strategy Modular Agility Enables incrementally increasing maturity Open Source Free use, Standard Provides global acceptability for auditors & regulators Auditable Demonstrates Compliance Ensures that compliance risk is effectively managed Transparent Two Way Traceability Demonstrates current state, desired state of compliance levels Enterprise Security Architecture Framework?
  • 13. Strategy and Planning Feature Advantages CIO View Business-Driven Value-Assured Enables a digital information-age business Risk Focused Prioritised and Proportional Identifies information exploitation opportunities Comprehensive Scalable Scope Sustains through-life information architecture Modular Agility Enables technology-neutral information management strategies Open Source Free use, Standard Provides a future-proof framework for information management Auditable Demonstrates Compliance Facilitates smooth & successful audits of systems & processes Transparent Two Way Traceability Encourages fully integrated people- process-technology solutions Enterprise Security Architecture Framework?
  • 14. Strategy and Planning Feature Advantages CISO View Business-Driven Value-Assured Facilitates alignment of security strategy with business goals Risk Focused Prioritised and Proportional Facilitates prioritization of security and risk-control solutions Comprehensive Scalable Scope Ensures all business security & control concerns are addressed Modular Agility Enables a project-focused approach to security development Open Source Free use, Standard Provides a sustainable framework for security integration Auditable Demonstrates Compliance Supports security, risk & opportunity review processes Transparent Two Way Traceability Provides traceability of business- aligned security implementations Enterprise Security Architecture Framework?
  • 15. Strategy and Planning Feature Advantages CTO / Architect View Business-Driven Value-Assured Leverages the full power of information technology Risk Focused Prioritised and Proportional Manages information system risk Comprehensive Scalable Scope Applies at any project size or level of complexity Modular Agility Provides a holistic and integrated architectural approach Open Source Free use, Standard Avoids vendor-dependence and lock-in Auditable Demonstrates Compliance Improves relationship and interactions with auditors & reviewers Transparent Two Way Traceability Verifies justification and completeness of technical solutions Enterprise Security Architecture Framework?
  • 16. Strategy and Planning Sherwood Applied Business Security Architecture (SABSA)
  • 20.
  • 21. Risk and Opportunity  Regulatory Drivers for Operational Risk Management  BASEL II, SOX, Corporate Governance, PCI, HIPAA  ISO 31000 – Improved planning through provision of information for decision-making  Risk Management  Strategic, operational and business imperative  Risk Analysis Measures Risk Elements  Valuing assets, Identifying threats, Quantifying business impacts, Identifying vulnerabilities  Issues with Threat-driven Approach  Technical threats are not well understood by stakeholders  Impact-based Approach  Provides a good view of business criticality  Operational Risk – SABSA Approach  Business enablement is achieved through excellence in operational processes, people and technical systems
  • 22. Risk and Opportunity SABSA Risk & Opportunity Model
  • 23.
  • 24. Business Context and Requirements  Business-Driven means never losing site of the organisation’s goals, objectives, success factors and targets.  Ensuring that the security strategy demonstrably supports, enhances and protects this.  Contextual Architecture Layer  Full Set of Requirements, including conflicts in Business Strategy, Risks & Priorities  Conceptual Architecture Layer  Resolve these conflicts by delivering an appropriate, measurable security strategy Business Driven Architecture
  • 25. Business Context and Requirements  Each Organisations Business Needs are Unique  Meaningful traceability is enabled by credible abstraction from business context (assets, goals & objectives) to a business security context Business Driven Architecture
  • 26. Business Context and Requirements  An Attribute is a conceptual abstraction of a real business requirement (the goals, objectives, drivers, targets, and assets confirmed as part of the business contextual architecture)  The Attributes Profiling technique enables any unique set of business requirements to be engineered as a standardised and re-usable set of specifications  The Attributes are modeled into a normalised language that articulates requirements and measures performance in a way that is instinctive to all stakeholders Defining Business Attributes
  • 27. Business Context and Requirements  Attributes can be tangible or intangible  Each attribute requires a meaningful name and detailed definition customised specifically for a particular organisation  Each attribute requires a measurement approach and metric to be defined during the SABSA Strategy & Planning phase to set performance targets for security  Attributes must be validated (and preferably created) by senior management & the business stake-holders by report, interview or facilitated workshop  The performance targets are then used as the basis for reporting and/or SLAs in the SABSA Manage & Measure phase  Powerful requirements engineering technique  Populates the vital ‘missing link’ between business requirements and technology / process design Attributes Profiling Rules & Features
  • 28. Business Context and Requirements Sample Taxonomy of Attributes
  • 29.
  • 30.
  • 31.
  • 32. Architectural Strategies  Define the Business Drivers for the Industry Driver # Business Drivers BD1 Protecting the reputation of the Organization, ensuring that it is perceived as competent in its sector BD2 Providing support to the claims made by the Organization about its competence to carry out its intended functions BD3 Protecting the trust that exists in business relationships and propagating that trust across remote electronic business communications links and distributed information systems BD4 Maintaining the confidence of other key parties in their relationships with the Organization BD5 Maintaining the operational capability of the Organization’s systems BD6 Maintaining the continuity of service delivery, including the ability to meet the requirements of service level agreements where these exist BD7 Maintaining the accuracy of information BD8 Maintaining the ability to govern BD9 Preventing losses through financial fraud BD33 Ensuring that security services can be extended to all user locations, to all interface types and across all network types that will be used to support delivery BD34 Maximize the economic advantage of the Enterprise Security Architecture BD35 Security services to be supported through electronic communications, without the need for physical transfer of documents or storage media. BD36 System security solutions should as far as possible comply with internal and external standards and best practices BD37 The Security Architecture should be independent of any specific vendor or product, and should be capable of supporting multiple products from multiple vendors BD38 The Security Architecture must remain compatible with new technical solutions as these evolve and become available, and with new business requirements as these emerge, with a minimum of redesign BD39 The Security Architecture must be able to be adapted to counter new threats and vulnerabilities as they are discovered BD40 Ensure that the required internal and external cultural shift is achieved to support the Security Architecture BD41 Ensuring accurate information is available when needed BD42 Minimise the risk of loss of key customer relationships BD43 Minimize the risk of excessive loading on insurance premiums due to negligence on the Organization’s behalf or lack of due diligence
  • 33. Architectural Strategies  Define the Business Attributes for the Industry Business Attributes User Attributes Management Attributes Risk Management Attributes Legal/Regulatory Attributes Technical Strategy Attributes Operational Attributes Business Strategy Attributes Business Attribute Business Attribute Definition Suggested Measurement Approach Metric Type User Attributes Accessible Information to which the user is entitled to gain access should be easily found and accessed by that user. Search tree depth necessary to find the information Soft Accurate The information provided to users should be accurate within a range that has been preagreed upon as being applicable to the service being delivered. Acceptance testing on key data to demonstrate compliance with design rules Hard Anonymous For certain specialized types of service, the anonymity of the user should be protected. Rigorous proof of system functionality Red team review Hard Soft  Business Attribute integrated with Measurements for the Industry
  • 34. Architectural Strategies  Integrate the Business Drivers and Business Attributes for the Industry  Business Attribute integrated with Measurements for the Industry Business Attribute Business Driver Business Attribute Definition Measurement Approach Metric Performance Target User Attributes Accessible 5 Information to which the user is entitled to gain access should be easily found and accessed by that user. Search tree depth necessary to find the information Soft Accurate 7 The information provided to users should be accurate within a range that has been preagreed upon as being applicable to the service being delivered. Acceptance testing on key data to demonstrate compliance with design rules Hard Anonymous 4 For certain specialized types of service, the anonymity of the user should be protected. Rigorous proof of system functionality Red team review Hard Soft
  • 39. Architectural Strategies Source: An Enterprise Architecture Practitioner’s Notes: Volume 3 Solution Level Architecture Bimodal
  • 40. Architectural Strategies Digitisation / Disruptors Digital Disruptors Source: Gartner 2015
  • 41. Architectural Strategies Digitisation / Disruptors Digital Disruptors
  • 42. Architectural Strategies Bring Your Own Identity (BYOID) Security Risk? or Business Advantage? What is the Business Value? Is it part of the Corporate Strategy? Loss of Control vs Cost
  • 43. Architectural Strategies Employees appreciate using the device with which they are the most comfortable with. Requires employees to choose from a list of preapproved devices.
  • 45. The Journey is the Reward ~ Chinese Proverb

Editor's Notes

  1. All Enterprise Architectures refer to the Strategy and how it will be driving this Strategy within the organisation
  2. The Legacy of Security within the Organisation
  3. Requires a ESA that can cater for different views from a CXO perspective
  4. The IoT comprises an ecosystem that includes things, communication, applications and data analysis As IoT use grows, ensuring IoT device authentication is crucial. A lack of authentication standards for most IoT devices has led to highly customized authentication methods in the industry.
  5. Data Sovereignty – Are you allowed to store your data outside of the country – what laws allow / deny this? Data Protection – Data Privacy, Data Location, Data Management and Protection, Tenancy
  6. Digital business is the creation of new business designs that not only connect people and businesses, but also connect people and businesses with things to drive revenue and efficiency. Digital business helps to eliminate barriers that now exist among industry segments, while creating new value chains and business opportunities that traditional businesses cannot offer.
  7. Maintaining effective security starts with knowing what effect you need to achieve. This means you need to start by focusing on risk. Through risk assessment and risk management practices we can identify the critical outcomes for the enterprise and transform those outcomes into security tactics.
  8. Identity and Access Management – accessing anything from anywhere