Security Architectural Mo
Technical Security Architecture
Technical security architecture focuses on the mapping
between the control architecture and the protection processes, life
cycle issues, and contextual drivers, It typically defines standards
for protection settings that can be implemented by technical mechanisms
and identifies what is commonly called technical security policy, as
opposed to enterprise policy. The interaction between other elements is
the prime focus of technical security architecture but it commonly
encompasses the elements of context more than any other area. These are
the who, what, where, why, when, and how of the protection function. Here
are some typical questions that need to be addressed.
- Time: When can what be done with what?
- Location: Where can who or what do what?
- Purpose: Why can who do what with what?
- Behavior: How does what do what?
- Identity: Who can do what with what?
- Method: What can be done with what by whom?
The context of use is intimately tied to protection in
all forms, whether it be location limiting access or method limiting
behavior, these factors play into the technical measures taken and their
ability to operate effectively.
For more details and in-depth coverage of these issues, buy the Governance Guidebook.
This was first published in January 2006