PRACTICAL SECURITY

ARCHITECTURE
WAYNE TUFEK
15TH – 16TH OF FEBRUARY 2019
SACON
BANGALORE
 PUTTING IT ALL TOGETHER

2
Sensitivity: Confidential
 PUTTING IT ALL TOGETHER

• Strategy, Planning and Design

• Establish management support
• Establish governance committee
• Asset identification and management
• Identify and classify sensitive data at rest and in transit
• Determine business drivers for security
• Carry out a threat profile on the organisation
• Carry out a risk assessment
• Develop security architecture
• Identify solutions per architecture level
• Establish goals and metrics

3
Sensitivity: Confidential
 PUTTING IT ALL TOGETHER

• Implement
Develop and implement security policies, procedures, standards, baselines
•
and guidelines
• Assign roles and responsibilities
• Implement programs
• Risk management
• Vulnerability management
• Compliance
• Identity management and access control
• Change control
• Software development life cycle
• Business continuity planning
• Awareness and training
• Physical security
• Incident response
• Auditing and monitoring

4
Sensitivity: Confidential
 PUTTING IT ALL TOGETHER

• Operate and Maintain

• Operate, measure and run programs
• Carry out internal and external audits
• Monitor and evaluate
• Review logs, audit results, collected metric values and SLAs per
program
• Assess goal accomplishments per program
• Carry out quarterly meetings with governance committee
• Develop improvement steps and integrate into the plan and organise
phase
• Assess and review risks

5
Sensitivity: Confidential
 QUESTIONS?

Questions

6
Sensitivity: Confidential
 PA S S I O N • I N T E G R I T Y • E X P E R I E N C E • R E S U LT S
7
Sensitivity: Confidential
 VERTICAL DEFENCE IN DEPTH

Source: Cylance
https://www.slideshare.net/PECBCERTIFICATION/trust-and-the-economics-in-the-age-of-information-security

8
Sensitivity: Confidential
 VERTICAL DEFENCE IN DEPTH

Source: Sabsa

9
Sensitivity: Confidential