The assignment for this section from my course performed a reverse analysis of the Internet's root DNS servers, attempting to create a logical security architecture deliverable; the security domains within those systems. However, the Logical Security Architecture layer of the SABSA® model takes the conceptual deliverables and creates a logical representation of them but it does require items out of scope of the SABSA® model. First, it requires that the business information model (e.g. information architecture) is provided by information technology architects. Additionally, the business process model must be given to the information security architect as they use these to create a logical security architecture. Thus, the deliverables from this phase include (Sherwood, Clark, & Lynas, 2005, pp 120):
References
- Security policy architecture - a hierarchical model of policy documentation and how it fits together
- Individual security policies, or templates and guidelines for producing them
- A list and description of logical security services which will be provided within the security architecture, and a mapping of these to control objects and security strategies
- The entity schema which will be applied in an enterprise-wide directory with associated models for privilege profiles, authorizations, authentication attributes, etc.
- The specific security domains with a description of their logical make-up, their individual security policies and the security associations that exist both intra-domain and inter-domain.
- A description of the logical security processing cycle, and
- An improvements program to gain short-term advantages and to deliver early wins from the security architecture program
References
- Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture - A Business-Driven Approach. Boca Raton: CRC Press.