WIP

OSI Model

Open Systems Interconnect model has 7 layers to denote & explain conceptually networking communication between systems.

7. Application
6. Session
5. Presentation
4. Session
3. Network
2. Data link
1. Physical

Every layer 7 has equivalent component in layer 4. Eg — HTTP / HTTPS having corresponding…

Precursor:

IT -> Department with main responsibility for IT in an enterprise

I&T -> Information handled by an enterprise through various means and the technology support for the information handled.

EGIT -> Enterprise Goverance of I&T.

Introduction

COBIT is a framework for the governance and management of enterprise I&T.

COBIT defines

WIP

Prepare

  • Identify affected
    1. organizations / departments
    2. business areas
    3. landscape
    4. stakeholders

and their security requirements for each of the above dimension.
Capture these in an artifact.

  • Set up a team — cross-area, cross-department as required.
  • Define and roll-out process for
    1. Realization project execution
    2. Point of contact for all affected by the scope of triggering business landscape change

Explore

  • Identify task profiles required based on the organization chart and business process analysis.
  • Perform “Fit-to-Standard Analysis” if SAP delivered role templates could be used.
  • Identify and list functions to go into the roles.
    Functions include transactions, reports and web links.
  • List the results of above activities in an artifact — authorization matrix.
  • Define naming conventions for authorizations.

Realize

  • Design and implement the roles and authorizations.

Test & Deploy

WIP

This aims to describe a summary / overview of how an organization works on to achieve its security goals.

  1. Identifies threats to its business
  2. Determines security goals (core & extended) / requirements against threats to its business
  3. Determines safeguards against threats in alignment to security goals / requirements
  4. Defines generic organization wide security policies to achieve security goals through identified safeguards
  5. Derives IT security policy based on organizational security policy.
  6. Configures the systems according to policy defined based on cost-benefit analysis.
  7. Sustain configured security realization through secure operations.

Parent reference: SAP Certified Security Architect Exam Preparation

WIP

Technical safeguards

Organizational safeguards

Physical safeguards

Access Control

Firewalls

Encryption

PKI

Certificates

Security monitors

Application security

WIP

Environmental threats

Technical threats

Organization threats

  1. Penetration
  2. Authorization validation
  3. Repudiation
  4. Denial of Service
  5. Eaves dropping
  6. Buffer overflow
  7. Tampering
  8. Spoofing
  9. Masquerading
  10. Social Engineering
  1. Vulnerability

Weakness that exists in a system that can cause to compromise or not achieve the security goals.

2. Threat

Potential danger that is associated with exploiting the vulnerability present in a system.

List of system security threats.

3. Risk

Likelihood of a threat exploiting a vulnerability and its impact.

4. Safeguard / Control / Countermeasure

Aims to achieve security goals against threat eliminating or reducing risk.

List of system security safeguards.

Parent reference: Generic Security Fundamentals

KR

Perspective on security & privacy space.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store