SlideShare une entreprise Scribd logo

Security Modelling in ArchiMate

Télécharger en tant que PPTX, PDF
PECB
PECB

Main points covered: - the case for adopting a model -driven approach: the drivers & benefits of integrating security into EA models; - the techniques / design patterns for expressing security within ArchiMate's notational & grammar constraints; - a short demonstration of how these models can be used in practice Presenter: Steven is an independent consultant with 25+ years in IT. Based in Brussels, where he has undertaken major assignments for clients in the public sector, agencies, finance, telecoms and utilities and also lends his support to local cyber-security initiatives. Much of his work in recent years has been in the field of developing tools, processes and models to support security analysis. Steven holds numerous security, architecture and privacy certifications including SABSA Chartered Practitioner and ArchiMate 3.0. Date: August 28, 2019 Recorded webinar: https://www.youtube.com/watch?v=Bt1xRZQ5T58&t=3s

Formation
1  sur  25
• What do we mean by ‘model’ and what are the benefits of modelling? • Security Models – what are these? • Evaluation of ArchiMate as a security modelling notation - capabilities, limitations & tool support • Modelling in Practice: - practical steps - examples • Future Directions Agenda 2
What is a Model? • a simplified representation of a real-world system … • … that focusses on the aspects that matter A B D C 3 3 3 5 3
• Earlier, faster, cheaper, safer & more agile interaction than with real system • Produces better architecture: • Defers the selection of Solution Building Blocks • Efficiencies: 27% cost, 30% time* (40% cost, 50% time if testing included) The Benefits of Model-Driven Engineering 4* Benefits of Model-based Development of Embedded Software Systems in Automobiles: Broy, Kirstan TU Munich
What is a Security Model? 5 • Attack Trees • Threat Models • Privacy Flow Diagrams • Architectural Risk Diagrams • Assets to be protected • Entry and egress routes • Data and control flows • Attackers & their goals • Placement of Controls Various techniques currently in use
What do we require of a Security Model? • Support all the tasks that Security Analysts perform; • Generate Artefacts from a single underlying model • Interactive Models 6
The Holy Grail: a “universal” Security Model • Modelling Language • Modelling Tools  Limited scope  Technical focus  No architectural layering  Informal notation  Constructive ambiguity  Just an annotated diagram  not machine readable Nevertheless useful:  For common understanding  Focus for discussion  Any documentation is better than nothing! 7
Could ArchiMate provide a solution? • Concise but expressive, semi-formal notation; • Layered core architecture; • Capable of expressing intent - Motivation & Strategy • Standardised (TOG) • Extensive tool support • Extensible (within limits) • Mature (v3.0 in 2017) • Machine readable • Widely adopted by other architects! 8
SABSA  TOGAF  ArchiMate Only one MAJOR problem …. 9 ESA EA PRACTICETHEORY ? ?
SABSA - ArchiMate Alignment SABSA Business Strategy Application Technology Physical ArchiMate 3.0 Security Motivation 10
Modelling SABSA in ArchiMate ArchiMate extensibility via: • stereotyping of elements • user-defined properties • overloading relationships • fewer constraints on relationships in v3.0 Obstacles & limitations: • core language specification • features provided by tools Good news: It’s possible! 11 Details being prepared in a White Paper Planned launch for COSAC 2019
Modelling Assets 12 • Security is concerned with the protection of assets; • ArchiMate has no concept of asset; • 2018 SABSA Matrix shifts focus to Business Value & Value Chains; • ArchiMate has a Value Element ; AssetValue Asset AssetValue AssetStakeholder Value Asset AStakeholder 1 Asset BStakeholder 2 Stakeholder 3AssetValue AssetStakeholder
Principle ArchiMate 3.0 Specification Principle “represents a qualitative statement of intent that should be met by the architecture” “defines a general property that applies to any system in a certain context” We need to talk about Attributes ….. ArchiMate has no concept of SABSA Business Attributes 13
Modelling SABSA Attributes as Principles Goal PrincipleOutcome Requirement Constraint 14 Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality A Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality B Adopt design convention: SBAs only participate by “influence” Limitation: Can’t be enforced inside the modelling tool Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption + ++
Attribute Hierarchies 15 A few attention points: • re-use of Attributes –metrics • Singletons –structure –universality
Goal Principle Motivational Element +influences associated with Outcome Requirement ConstraintDriver <<SABSA Business Attribute>> <<Impact>> <<Threat>> <<Vulnerability>> <<Risk>> Assessment <<Opportunity>> <<Control Objective>> <<Accept>> <<Mitigate>> <<Transfer>> <<Avoid>> <<Control>> <<Control>> Value <<Value Chain>>Meaning Stereotyping Core Elements ArchiMate has no “Security elements”: Threat, Vulnerability, Risk etc.: Limitation: << stereotype>> is just a naming convention! 16
Adding User-defined security properties Users are free to add properties to ArchiMate concepts: Limitations: • simple key-value pairs • no intrinsic support for data type, validation, defaults, optional vs. mandatory • Tool support varies • no standardisation Business Information 17
Overloading Relationships ArchiMate reuses relationship notations to mean different (but similar) things in different contexts: 18 Assignment Business Actor Business Role Application Component Application Function Device System Software Realisation Requirement Application Process Data Object Application Service Goal Artifact Business Information Flow Application Process A Application Process B data Business Actor A Business Actor B trust? Limitations: • Sometimes the preferred relationship is not legal • Compromises sometimes required in choice of element or relationship
ArchiMate 2 Business Actor Business Process Business Service Application Service Infrastructure Service Application Function Infrastructure Function Fewer Relationship Constraints ArchiMate relationships less constrained by layers and directionality: Limitations: • The preferred relationship is not always legal • Workarounds required in choice of element or relationship 19 ArchiMate 3 Business Actor Business Role Identity Access Rights <<Principal>> <<Authorisation>> Conceptual Logical <<Account>> Contextual <<Application Role>> Business Actor Business Role Identity Access Rights <<Principal>> <<Authorisation>> Conceptual Logical <<Account>> Contextual <<Application Role>>
Conclusions so far: • Possible to express security concepts in ArchiMate …. but work intensive! • Properties & stereotypes are ‘decoration’: – 2nd class aspect of the language – no schema – limited tool support – no standardisation • Good for generating documentation →No validation of completeness, consistency, validity etc …. Making Life Easier ArchiMate Security-Enhanced 20 But what about the ArchiMate Exchange Format? Exchange Format Transform Validate
The Way Ahead 21 ESA EA PRACTICETHEORY Security Properties & Stereotypes Properties & Stereotypes Properties & Stereotypes Properties & Stereotypes Business Strategy Logical Physical Component Motivation
Security Modelling: Future Directions What do these models have in common? 22
Q&A The SABSA Institute Further information • The SABSA Institute: • ArchiMate Security Overlay • SABSA Matrix Artefacts in ArchiMate • COSAC Ireland (Oct 2019): • Tools & Methodology Interest Group • Workshop: Security Modelling in ArchiMate • COSAC Melbourne (Dec 2019): • Have You Ever Considered Modelling?
ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 www.pecb.com/events
THANK YOU ? steven@lavenderbytes.eu linkedin.com/in/sjbradley

Recommandé

Cloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate LanguageCloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate LanguageIver Band
 
The ArchiMate Language for Enterprise and Solution Architecture
The ArchiMate Language for Enterprise and Solution ArchitectureThe ArchiMate Language for Enterprise and Solution Architecture
The ArchiMate Language for Enterprise and Solution ArchitectureIver Band
 
Archimate Viewpoints
Archimate ViewpointsArchimate Viewpoints
Archimate ViewpointsMaganathin Veeraragaloo
 
Archimate Introduction
Archimate IntroductionArchimate Introduction
Archimate Introductionemergingpractices
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
ArchiMate technology layer - Simplify the models
ArchiMate technology layer - Simplify the modelsArchiMate technology layer - Simplify the models
ArchiMate technology layer - Simplify the modelsCOMPETENSIS
 
IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation - Part 1IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation - Part 1Mohamed Zakarya Abdelgawad
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 

Recommandé

Cloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate LanguageCloud architecture with the ArchiMate Language
Cloud architecture with the ArchiMate LanguageIver Band
 
The ArchiMate Language for Enterprise and Solution Architecture
The ArchiMate Language for Enterprise and Solution ArchitectureThe ArchiMate Language for Enterprise and Solution Architecture
The ArchiMate Language for Enterprise and Solution ArchitectureIver Band
 
Archimate Viewpoints
Archimate ViewpointsArchimate Viewpoints
Archimate ViewpointsMaganathin Veeraragaloo
 
Archimate Introduction
Archimate IntroductionArchimate Introduction
Archimate Introductionemergingpractices
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
ArchiMate technology layer - Simplify the models
ArchiMate technology layer - Simplify the modelsArchiMate technology layer - Simplify the models
ArchiMate technology layer - Simplify the modelsCOMPETENSIS
 
IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation - Part 1IT4IT - The Full Story for Digital Transformation - Part 1
IT4IT - The Full Story for Digital Transformation - Part 1Mohamed Zakarya Abdelgawad
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security ArchitecturePriyanka Aash
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
ArchiMate application and data architecture layer - Simplify the models
ArchiMate application and data architecture layer - Simplify the modelsArchiMate application and data architecture layer - Simplify the models
ArchiMate application and data architecture layer - Simplify the modelsCOMPETENSIS
 
Digital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureDigital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureAlan McSweeney
 
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewEnterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewWinton Winton
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Modeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMateModeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMateIver Band
 
Value analysis with Value Stream and Capability modeling
Value analysis with Value Stream and Capability modelingValue analysis with Value Stream and Capability modeling
Value analysis with Value Stream and Capability modelingCOMPETENSIS
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Jean Gehring
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewMohamed Sami El-Tahawy
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
 
Modeling Big Data with the ArchiMate 3.0 Language
Modeling Big Data with the ArchiMate 3.0 LanguageModeling Big Data with the ArchiMate 3.0 Language
Modeling Big Data with the ArchiMate 3.0 LanguageIver Band
 
Archimate - an introduction
Archimate - an introductionArchimate - an introduction
Archimate - an introductionStefan Luyten
 
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016Daljit Banger
 
Practical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFPractical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFMichael Sukachev
 
Future Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalFuture Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalDavid Favelle
 
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Alan McSweeney
 
ArchiMate 3.0: A New Standard for Architecture
ArchiMate 3.0: A New Standard for ArchitectureArchiMate 3.0: A New Standard for Architecture
ArchiMate 3.0: A New Standard for ArchitectureIver Band
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - FundamentalEryk Budi Pratama
 
Enterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationEnterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationRiaz A. Khan, OpenCA, TOGAF
 
Developing IIOT System Using Microservices and Its Architectural Evaluation U...
Developing IIOT System Using Microservices and Its Architectural Evaluation U...Developing IIOT System Using Microservices and Its Architectural Evaluation U...
Developing IIOT System Using Microservices and Its Architectural Evaluation U...Sercan ÇİDEM
 
Presentation of se
Presentation of sePresentation of se
Presentation of seUsman Bin Saad
 

Contenu connexe

Tendances

What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
ArchiMate application and data architecture layer - Simplify the models
ArchiMate application and data architecture layer - Simplify the modelsArchiMate application and data architecture layer - Simplify the models
ArchiMate application and data architecture layer - Simplify the modelsCOMPETENSIS
 
Digital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureDigital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureAlan McSweeney
 
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewEnterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewWinton Winton
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture DesignPriyanka Aash
 
Modeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMateModeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMateIver Band
 
Value analysis with Value Stream and Capability modeling
Value analysis with Value Stream and Capability modelingValue analysis with Value Stream and Capability modeling
Value analysis with Value Stream and Capability modelingCOMPETENSIS
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecturenarenvivek
 
Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Jean Gehring
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewMohamed Sami El-Tahawy
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
 
Modeling Big Data with the ArchiMate 3.0 Language
Modeling Big Data with the ArchiMate 3.0 LanguageModeling Big Data with the ArchiMate 3.0 Language
Modeling Big Data with the ArchiMate 3.0 LanguageIver Band
 
Archimate - an introduction
Archimate - an introductionArchimate - an introduction
Archimate - an introductionStefan Luyten
 
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016Daljit Banger
 
Practical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFPractical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFMichael Sukachev
 
Future Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalFuture Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalDavid Favelle
 
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Alan McSweeney
 
ArchiMate 3.0: A New Standard for Architecture
ArchiMate 3.0: A New Standard for ArchitectureArchiMate 3.0: A New Standard for Architecture
ArchiMate 3.0: A New Standard for ArchitectureIver Band
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - FundamentalEryk Budi Pratama
 
Enterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationEnterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationRiaz A. Khan, OpenCA, TOGAF
 

Tendances (20)

What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
ArchiMate application and data architecture layer - Simplify the models
ArchiMate application and data architecture layer - Simplify the modelsArchiMate application and data architecture layer - Simplify the models
ArchiMate application and data architecture layer - Simplify the models
 
Digital Transformation And Solution Architecture
Digital Transformation And Solution ArchitectureDigital Transformation And Solution Architecture
Digital Transformation And Solution Architecture
 
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overviewEnterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
Enterprise Architecture for Dummies - TOGAF 9 enterprise architecture overview
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Modeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMateModeling TOGAF with ArchiMate
Modeling TOGAF with ArchiMate
 
Value analysis with Value Stream and Capability modeling
Value analysis with Value Stream and Capability modelingValue analysis with Value Stream and Capability modeling
Value analysis with Value Stream and Capability modeling
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2Enterprise Architecture & Project Portfolio Management 2/2
Enterprise Architecture & Project Portfolio Management 2/2
 
Enterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF OverviewEnterprise Architecture - TOGAF Overview
Enterprise Architecture - TOGAF Overview
 
Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...Introduction to Enterprise architecture and the steps to perform an Enterpris...
Introduction to Enterprise architecture and the steps to perform an Enterpris...
 
Modeling Big Data with the ArchiMate 3.0 Language
Modeling Big Data with the ArchiMate 3.0 LanguageModeling Big Data with the ArchiMate 3.0 Language
Modeling Big Data with the ArchiMate 3.0 Language
 
Archimate - an introduction
Archimate - an introductionArchimate - an introduction
Archimate - an introduction
 
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016
A Day in the Life of an Enterprise Architect (Role Play Exercise) 2016
 
Practical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAFPractical Enterprise Architecture in Medium-size Corporation using TOGAF
Practical Enterprise Architecture in Medium-size Corporation using TOGAF
 
Future Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalFuture Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for Digital
 
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
Integrating It Frameworks, Methodologies And Best Practices Into It Delivery ...
 
ArchiMate 3.0: A New Standard for Architecture
ArchiMate 3.0: A New Standard for ArchitectureArchiMate 3.0: A New Standard for Architecture
ArchiMate 3.0: A New Standard for Architecture
 
IT Operating Model - Fundamental
IT Operating Model - FundamentalIT Operating Model - Fundamental
IT Operating Model - Fundamental
 
Enterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital TransformationEnterprise Architecture, Project Management & Digital Transformation
Enterprise Architecture, Project Management & Digital Transformation
 

Similaire à Security Modelling in ArchiMate

Developing IIOT System Using Microservices and Its Architectural Evaluation U...
Developing IIOT System Using Microservices and Its Architectural Evaluation U...Developing IIOT System Using Microservices and Its Architectural Evaluation U...
Developing IIOT System Using Microservices and Its Architectural Evaluation U...Sercan ÇİDEM
 
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)Marius Zaharia
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldMaria Colgan
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesJim (张建军) Zhang
 
Performance Testing
Performance TestingPerformance Testing
Performance TestingvodQA
 
Algorithmic auditing 1.0
Algorithmic auditing 1.0Algorithmic auditing 1.0
Algorithmic auditing 1.0QuantUniversity
 
MicroServices-Part-1.pdf
MicroServices-Part-1.pdfMicroServices-Part-1.pdf
MicroServices-Part-1.pdfchanhluc2112
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat ModelingCigital
 
An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...wweinmeyer79
 
Agile Development – Why requirements matter
Agile Development – Why requirements matterAgile Development – Why requirements matter
Agile Development – Why requirements matterAgile Austria Conference
 
Single Source of Truth for Network Automation
Single Source of Truth for Network AutomationSingle Source of Truth for Network Automation
Single Source of Truth for Network AutomationAndy Davidson
 
Agile Development – Why requirements matter by Fariz Saracevic
Agile Development – Why requirements matter by Fariz SaracevicAgile Development – Why requirements matter by Fariz Saracevic
Agile Development – Why requirements matter by Fariz SaracevicAgile ME
 
2016-03-02 research seminar
2016-03-02 research seminar2016-03-02 research seminar
2016-03-02 research seminarifi8106tlu
 
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"EC-Council
 
Better application architecture with #microservices and #BPM (as APaaS)
Better application architecture with #microservices and #BPM (as APaaS)Better application architecture with #microservices and #BPM (as APaaS)
Better application architecture with #microservices and #BPM (as APaaS)Alexander SAMARIN
 
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate FasterAccelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate FasterAmazon Web Services
 
ITAM AUS 2017 How to get SAM happily frolicking on the Cloud
ITAM AUS 2017 How to get SAM happily frolicking on the CloudITAM AUS 2017 How to get SAM happily frolicking on the Cloud
ITAM AUS 2017 How to get SAM happily frolicking on the CloudMartin Thompson
 
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...apidays
 
How to Build TOGAF Architectures With System Architect (2).ppt
How to Build TOGAF Architectures With System Architect (2).pptHow to Build TOGAF Architectures With System Architect (2).ppt
How to Build TOGAF Architectures With System Architect (2).pptStevenShing
 

Similaire à Security Modelling in ArchiMate (20)

Developing IIOT System Using Microservices and Its Architectural Evaluation U...
Developing IIOT System Using Microservices and Its Architectural Evaluation U...Developing IIOT System Using Microservices and Its Architectural Evaluation U...
Developing IIOT System Using Microservices and Its Architectural Evaluation U...
 
Presentation of se
Presentation of sePresentation of se
Presentation of se
 
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)Modern Architecture in the Cloud of 2018 (IT Camp 2018)
Modern Architecture in the Cloud of 2018 (IT Camp 2018)
 
The Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous WorldThe Changing Role of a DBA in an Autonomous World
The Changing Role of a DBA in an Autonomous World
 
Best Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with MicroservicesBest Practices Building Cloud Scale Apps with Microservices
Best Practices Building Cloud Scale Apps with Microservices
 
Performance Testing
Performance TestingPerformance Testing
Performance Testing
 
Algorithmic auditing 1.0
Algorithmic auditing 1.0Algorithmic auditing 1.0
Algorithmic auditing 1.0
 
MicroServices-Part-1.pdf
MicroServices-Part-1.pdfMicroServices-Part-1.pdf
MicroServices-Part-1.pdf
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...
 
Agile Development – Why requirements matter
Agile Development – Why requirements matterAgile Development – Why requirements matter
Agile Development – Why requirements matter
 
Single Source of Truth for Network Automation
Single Source of Truth for Network AutomationSingle Source of Truth for Network Automation
Single Source of Truth for Network Automation
 
Agile Development – Why requirements matter by Fariz Saracevic
Agile Development – Why requirements matter by Fariz SaracevicAgile Development – Why requirements matter by Fariz Saracevic
Agile Development – Why requirements matter by Fariz Saracevic
 
2016-03-02 research seminar
2016-03-02 research seminar2016-03-02 research seminar
2016-03-02 research seminar
 
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
Global CCISO Forum 2018 | Tari Schreider "The Fault Lies in the Architecture"
 
Better application architecture with #microservices and #BPM (as APaaS)
Better application architecture with #microservices and #BPM (as APaaS)Better application architecture with #microservices and #BPM (as APaaS)
Better application architecture with #microservices and #BPM (as APaaS)
 
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate FasterAccelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
 
ITAM AUS 2017 How to get SAM happily frolicking on the Cloud
ITAM AUS 2017 How to get SAM happily frolicking on the CloudITAM AUS 2017 How to get SAM happily frolicking on the Cloud
ITAM AUS 2017 How to get SAM happily frolicking on the Cloud
 
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...
apidays London 2023 - Why and how to apply DDD to APIs, Radhouane Jrad, QBE E...
 
How to Build TOGAF Architectures With System Architect (2).ppt
How to Build TOGAF Architectures With System Architect (2).pptHow to Build TOGAF Architectures With System Architect (2).ppt
How to Build TOGAF Architectures With System Architect (2).ppt
 

Plus de PECB

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 

Plus de PECB (20)

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Dernier

Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxiammrhaywood
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxleah joy valeriano
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 

Dernier (20)

Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptxAUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
AUDIENCE THEORY -CULTIVATION THEORY - GERBNER.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptxMusic 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
Music 9 - 4th quarter - Vocal Music of the Romantic Period.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 

Security Modelling in ArchiMate

  • 1.
  • 2. • What do we mean by ‘model’ and what are the benefits of modelling? • Security Models – what are these? • Evaluation of ArchiMate as a security modelling notation - capabilities, limitations & tool support • Modelling in Practice: - practical steps - examples • Future Directions Agenda 2
  • 3. What is a Model? • a simplified representation of a real-world system … • … that focusses on the aspects that matter A B D C 3 3 3 5 3
  • 4. • Earlier, faster, cheaper, safer & more agile interaction than with real system • Produces better architecture: • Defers the selection of Solution Building Blocks • Efficiencies: 27% cost, 30% time* (40% cost, 50% time if testing included) The Benefits of Model-Driven Engineering 4* Benefits of Model-based Development of Embedded Software Systems in Automobiles: Broy, Kirstan TU Munich
  • 5. What is a Security Model? 5 • Attack Trees • Threat Models • Privacy Flow Diagrams • Architectural Risk Diagrams • Assets to be protected • Entry and egress routes • Data and control flows • Attackers & their goals • Placement of Controls Various techniques currently in use
  • 6. What do we require of a Security Model? • Support all the tasks that Security Analysts perform; • Generate Artefacts from a single underlying model • Interactive Models 6
  • 7. The Holy Grail: a “universal” Security Model • Modelling Language • Modelling Tools  Limited scope  Technical focus  No architectural layering  Informal notation  Constructive ambiguity  Just an annotated diagram  not machine readable Nevertheless useful:  For common understanding  Focus for discussion  Any documentation is better than nothing! 7
  • 8. Could ArchiMate provide a solution? • Concise but expressive, semi-formal notation; • Layered core architecture; • Capable of expressing intent - Motivation & Strategy • Standardised (TOG) • Extensive tool support • Extensible (within limits) • Mature (v3.0 in 2017) • Machine readable • Widely adopted by other architects! 8
  • 9. SABSA  TOGAF  ArchiMate Only one MAJOR problem …. 9 ESA EA PRACTICETHEORY ? ?
  • 10. SABSA - ArchiMate Alignment SABSA Business Strategy Application Technology Physical ArchiMate 3.0 Security Motivation 10
  • 11. Modelling SABSA in ArchiMate ArchiMate extensibility via: • stereotyping of elements • user-defined properties • overloading relationships • fewer constraints on relationships in v3.0 Obstacles & limitations: • core language specification • features provided by tools Good news: It’s possible! 11 Details being prepared in a White Paper Planned launch for COSAC 2019
  • 12. Modelling Assets 12 • Security is concerned with the protection of assets; • ArchiMate has no concept of asset; • 2018 SABSA Matrix shifts focus to Business Value & Value Chains; • ArchiMate has a Value Element ; AssetValue Asset AssetValue AssetStakeholder Value Asset AStakeholder 1 Asset BStakeholder 2 Stakeholder 3AssetValue AssetStakeholder
  • 13. Principle ArchiMate 3.0 Specification Principle “represents a qualitative statement of intent that should be met by the architecture” “defines a general property that applies to any system in a certain context” We need to talk about Attributes ….. ArchiMate has no concept of SABSA Business Attributes 13
  • 14. Modelling SABSA Attributes as Principles Goal PrincipleOutcome Requirement Constraint 14 Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality A Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption Confidentiality B Adopt design convention: SBAs only participate by “influence” Limitation: Can’t be enforced inside the modelling tool Confidentiality Protection of Data at Rest Protection of Data in Transit Access Control Channel Encryption + ++
  • 15. Attribute Hierarchies 15 A few attention points: • re-use of Attributes –metrics • Singletons –structure –universality
  • 16. Goal Principle Motivational Element +influences associated with Outcome Requirement ConstraintDriver <<SABSA Business Attribute>> <<Impact>> <<Threat>> <<Vulnerability>> <<Risk>> Assessment <<Opportunity>> <<Control Objective>> <<Accept>> <<Mitigate>> <<Transfer>> <<Avoid>> <<Control>> <<Control>> Value <<Value Chain>>Meaning Stereotyping Core Elements ArchiMate has no “Security elements”: Threat, Vulnerability, Risk etc.: Limitation: << stereotype>> is just a naming convention! 16
  • 17. Adding User-defined security properties Users are free to add properties to ArchiMate concepts: Limitations: • simple key-value pairs • no intrinsic support for data type, validation, defaults, optional vs. mandatory • Tool support varies • no standardisation Business Information 17
  • 18. Overloading Relationships ArchiMate reuses relationship notations to mean different (but similar) things in different contexts: 18 Assignment Business Actor Business Role Application Component Application Function Device System Software Realisation Requirement Application Process Data Object Application Service Goal Artifact Business Information Flow Application Process A Application Process B data Business Actor A Business Actor B trust? Limitations: • Sometimes the preferred relationship is not legal • Compromises sometimes required in choice of element or relationship
  • 19. ArchiMate 2 Business Actor Business Process Business Service Application Service Infrastructure Service Application Function Infrastructure Function Fewer Relationship Constraints ArchiMate relationships less constrained by layers and directionality: Limitations: • The preferred relationship is not always legal • Workarounds required in choice of element or relationship 19 ArchiMate 3 Business Actor Business Role Identity Access Rights <<Principal>> <<Authorisation>> Conceptual Logical <<Account>> Contextual <<Application Role>> Business Actor Business Role Identity Access Rights <<Principal>> <<Authorisation>> Conceptual Logical <<Account>> Contextual <<Application Role>>
  • 20. Conclusions so far: • Possible to express security concepts in ArchiMate …. but work intensive! • Properties & stereotypes are ‘decoration’: – 2nd class aspect of the language – no schema – limited tool support – no standardisation • Good for generating documentation →No validation of completeness, consistency, validity etc …. Making Life Easier ArchiMate Security-Enhanced 20 But what about the ArchiMate Exchange Format? Exchange Format Transform Validate
  • 21. The Way Ahead 21 ESA EA PRACTICETHEORY Security Properties & Stereotypes Properties & Stereotypes Properties & Stereotypes Properties & Stereotypes Business Strategy Logical Physical Component Motivation
  • 22. Security Modelling: Future Directions What do these models have in common? 22
  • 23. Q&A The SABSA Institute Further information • The SABSA Institute: • ArchiMate Security Overlay • SABSA Matrix Artefacts in ArchiMate • COSAC Ireland (Oct 2019): • Tools & Methodology Interest Group • Workshop: Security Modelling in ArchiMate • COSAC Melbourne (Dec 2019): • Have You Ever Considered Modelling?
  • 24. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 www.pecb.com/events