Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1 Chapter 3: Enterprise Security Using Zachman Framework

What is Security Architecture? Why Do We Need It? Architecture is the design of a complex structure that enable change and reuse –An office building blueprint –Peoplesoft solution architecture –An enterprise architecture Enterprise architecture is the architecture of an enterprise, e.g. –The Ohio State University –The State Department The goal of strategy and enterprise architecture is enterprise agility, i.e. what’s needed for competitiveness and success 10/8/2014 DRAFT2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Enterprises are Very Complex and Changing Imagine a complex building: The US Capitol –Its blueprints capture bricks, mortar, plumbing, electrical, HVAC Imagine an enterprise, such as the US Congress –Its enterprise architecture includes the building blueprints… plus: –The people, the furniture, the computers, electronics, and constant change Incorporating cybersecurity requirements in the enterprise change process –assures that changes result in secure systems and a secure enterprise 10/8/2014 DRAFT3 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

The Zachman Framework for Enterprise Architecture Periodic Table of Enterprise Architecture Invented by John A. Zachman in mid 1980s Utilized by over 3000 large enterprises to gain self understanding and agility 10/8/2014 DRAFT4 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

10/8/2014 DRAFT5 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Primitive Models versus Composite Models A primitive model resides only within 1 cell A primitive model can exhaustively answer one of the 6 fundamental interogatives (questions): What, How, Where, When, Who, Why, for example: –What are all of the roles in an enterprise (Who?) –What are all of the processes in the enterprise (How?) Composite model crosses between columns, e.g. a Role X Process matrix 10/8/2014 DRAFT6 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

How do Architecture Frameworks Help Us with Cyber Security? NIST Special Publication defines the role of Risk Executive –Risk executive is in charge of business continuity and disaster recovery, among other risks To do continuity and DR, an exhaustive list of enterprise processes is required, i.e. what we populate Zachman framework column 2 with (How?) –Risk executive needs a blueprint of the organization (Enterprise Architecture) to know whether or not to approve changes If you conduct changes without a blueprint, catastrophy is likely, e.g. building collapses 10/8/2014 DRAFT7 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Everyone Has Their Own Specifications Zachman rows represent the full range of specification perspectives –Executive –Business Management –Architect –Engineer –Technician –The Enterprise Examples of common cybersecurity specifications: System Security Plan, Plan of Actions and Milestores, Accreditation Letter 10/8/2014 DRAFT8 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

The Goldmine is in Row 2 Row 2 is the Business Management perspective –Business managers control investment decisions for the enterprise, i.e. the money Row 2 models are hierarchies –All of the primitives are categorized in the hierarchy –Closeness in the hierarchy implies similarity –A deep hierarchy represents a detailed understanding of each set of primitives 10/8/2014 DRAFT9 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Frameworks for Row 3 Row 3 contains models from the Architect’s perspective Architects do not specify every detail, that’s what engineers do in Row 4 –Architects specify the architecturally significant constraints, i.e. critical success factors Example Row 3 Frameworks –For defense industry: DODAF, MODAF –Solution Architectures: TOGAF, IEEE-1471, ISO/IEC –Telecomm and Finance: RM-ODP 10/8/2014 DRAFT10 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Architectural Problem Solving Patterns Business Question Analysis Document Mining Hierarchy Formation Enterprise Workshop Nominal Group Technique Minipatterns for Problem Solving Meetings 10/8/2014 DRAFT11 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Business Question Analysis Determines the appropriate metamodel for an enterprise architecture –“Metamodel” means what kinds of entities and relationships will we model Starts with questions from business owners –Proceeds with selection of primitives (columns) from the Zachman Framework –The business questions drive the relationships that will be modeled, i.e. using matrices across columns 10/8/2014 DRAFT12 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Document Mining Extracts primitives from enterprise documentation, i.e. populates row 1 Document mining can be exhaustive, i.e. capture all the primitive entities in a column Document Mining is preferable to interviewing because: –Documents usually represent a consensus of two or more people –1:1 interviews represent only 1 opinion on a certain day in a certain life 10/8/2014 DRAFT13 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Hierarchy Formation Hierarchy formation populates row 2 of the Zachman Framework A hierarchy is created using a cards on the wall exercise, group discussion –Non-experts can perform this task –Experts are used in an Enterprise Workshop to confirm and perfect the results Hierarchies help us understand the primitives and find commonality 10/8/2014 DRAFT14 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Enterprise Workshop Document Mining and Hierarchy Formation can be conducted by non-expert teams –The non-experts draft a 70% solution, imperfect, but much better than a blank page Business owners and experts are called into the Enterprise Workshop to take the 70% solution to 100%, in terms of accuracy and completeness 10/8/2014 DRAFT15 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Nominal Group Technique NGT is a classic idea creation technique, e.g. a powerful form of brainstorming –It very quickly generates results without substantial time wasted in discussing digressions NGT involves: –Silent writing – to formulate ideas quickly in a large group working in parallel –Group notes – recording of the ideas on a flip chart so that everyone can be a heads-up active participant –Group definitions – information sharing to define the ideas –Straw poll – prioritizing the ideas by casting multiple informal votes 10/8/2014 DRAFT16 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

Minipatterns for Problem Solving Meetings Get Organized Breakouts Flipcharts Time Management Groundrules Idea Parking Lot Other Problem Solving Catalogs 10/8/2014 DRAFT17 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

REVIEW CHAPTER SUMMARY Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions 10/8/2014 DRAFT18