seure enterprise arhite ture - e- ... version 1.0 de emer 4, 2017 seure enterprise arhite ture a...

Download SEURE ENTERPRISE ARHITE TURE - E- ... VERSION 1.0 DE EMER 4, 2017 SEURE ENTERPRISE ARHITE TURE A proposal

Post on 04-Dec-2020

0 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • VERSION 1.0

    DECEMBER 4, 2017

    SECURE ENTERPRISE ARCHITECTURE

    A proposal for Intergalactic Banking & Financial Services, Inc

    Conceptual Layer

    Prepared by iNFORMATICS, Inc. RYAN NYE, UNIVERSITY OF SAN DIEGO CSOL 510 MODULE 7

  • Confidential

    12/4/2017 SECURE ENTERPRISE ARCHITECTURE 1

    1 SECURE ENTERPRISE ARCHITECTURE

    PROPOSAL INTENDED FOR: David Smith, Group Chief Financial Officer

    Juan Carlos, Chief Operating Officer

    Rosemary Brown, Senior Vice President

    Helmut Meyer, Group Chief Financial Officer

    Brain Jones, Senior Vice President

    Ranjit Patel, Chief Information Officer

    Ho Siew Luan, Director of Compliance

    WRITTED BY: Ryan Nye, Security Architect, Informatics, Inc

    (MS CSOL Student)

    REVIEWED BY: Mike Hallman, Owner & Founder of Informatics, Inc.

    (Professor)

    SUBJECT: Secure Enterprise Architecture Proposal

    Start Date: October 24, 2017

    Published Date: December 4, 2017

    Questions: T4lesfromthecrypto@gmail.com

    PROJECT ASSUMPTIONS: Details

    Architecture Layer: Conceptual

    Preceding Layer Inputs: Contextual

    Budget: Large to accompany new systems and hardware

    Size of Company: Global, located in 84 countries

    Projects: Back-office computer network

    Financial trading application

    Cryptographic process improvement

    Middleware layer and common services API

    Disclaimer: The chosen case scenario is for learning purposes only. The plan presented in the case scenario is fictitious and are not intended to be implemented without professional consultation. Reference herein to any specific commercial products, processes, or services by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement, recommendation, or favoring by the U.S., State, or local governments, and the information and statements shall not be used for the purposes of advertising.

  • Confidential

    12/4/2017 SECURE ENTERPRISE ARCHITECTURE 2

    2 CONTENTS 1 SECURE ENTERPRISE ARCHITECTURE ..................................................................................................................................................................................................... 1

    3 EXECUTIVE SUMMARY ........................................................................................................................................................................................................................... 3

    3.1 THE CONCEPTUAL LAYER & IBFS CASE STUDY ............................................................................................................................................................................ 3

    4 DELIVERABLES SUMMARY...................................................................................................................................................................................................................... 5

    4.1 INFORMATION COLLECTION ....................................................................................................................................................................................................... 6

    4.2 POSTINTERVIEW SNAPSHOT ....................................................................................................................................................................................................... 6

    5 LAWS, REGULATIONS, AND STANDARDS ............................................................................................................................................................................................... 8

    5.1 ISO/IEC 27001:2013 .................................................................................................................................................................................................................... 8

    6 SABSA MODEL OVERVIEW ..................................................................................................................................................................................................................... 9

    6.1 POST-CONCEPTUAL LAYER ........................................................................................................................................................................................................ 10

    6.2 SABSA ® BUSINESS ATTRIBUTES PROFILE ................................................................................................................................................................................. 11

    7 SABSA ® BUSINESS RISK MODEL .......................................................................................................................................................................................................... 12

    8 ARCHITECTURAL LAYERING .................................................................................................................................................................................................................. 13

    8.1 LAYER CHANGES ........................................................................................................................................................................................................................ 13

    8.1.1 PLATFORM & NETWORK SECURITY SEPARATED............................................................................................................................................................ 14

    8.1.2 APPLICATION SECURITY: COMMON SECURITY SERVICES API ........................................................................................................................................ 14

    8.1.3 PLACEMENT OF SECURITY SERVICES IN ARCHITECTURAL LAYERS................................................................................................................................. 15

    8.1.4 APPLICATION LAYER SECURITY SERVICES ...................................................................................................................................................................... 15

    8.1.5 MIDDLEWARE SECURITY SERVICES ................................................................................................................................................................................ 17

    8.1.6 DATA MANAGEMENT SECURITY SERVICES .................................................................................................................................................................... 18

    8.1.7 NETWORK SECURITY SERVICES ...................................................................................................................................................................................... 19

    8.1.8 PLATFORM SECURITY SERVICES ..................................................................................................................................................................................... 20

    9 DEFENSIVE SECURITY STRATEGY .......................................................................................................................................................................................................... 21

    9.1 PREVENTION ............................................................................................................................................................................................................................. 21

    9.1.1 AUTHENTICATION, AUTHORIZATION, & AUDIT STRATEGY ........................................................................................................................................... 21

    9.1.2 SECURITY SERVICE MANAGEMENT STRATEGIES ........................................................................................................................................................... 22

    9.1.3 SYSTEM ASSURANCE STRATEGY .................................................................................................................................................................................... 23

    9.1.4 DIRECTORY SERVICES ..................................................................................................................................................................................................... 25

    9.1.5 ROLE-BASED ACCESS CONTROL & SINGLE SIGN-ON ...................................................................................................................................................... 26

    9.1.6 SCHEMA DEVELOPMENT................................................................................................................................................................................................ 27

    9.1.7 PUBLIC KEY CRYPTOGRAPHY & KEY MANAGEMENT ..................................................................................................................................................... 27

    10 SECURITY DOMAIN & TRUST MODEL ............................................................................................................................................................................................. 30

    10.1 LDAP .......................................................................................................................................................................................................................................... 31

    10.2 THE NEW KERBEROS SERVER SYSTEM .