Hi,
I'm trying to understand the model part related to security. Not an easy task as there is no report or references -- to standards or method -- related to it.
Do any exemple/prepopulated demo model about security_capability/solution/deployment/policy/controls relationships exist ?
Jean-Marie
(cyber)security modeling
-
jonathan.carter
- Posts: 1087
- Joined: 04 Feb 2009, 15:44
Hi Jean-Marie,
You are correct, there is not much in terms of Views at the moment, even though the meta model has been defined for some time.
Can I check with you that you are referring to the EA Support / Security Management part of the meta model?
We don’t have any good examples (repository content or Views) for using this part of the meta model but the idea of this part is as follows:
The Security Conceptual defines the requirements (the “what”) for security in the organisation. Like with our other Conceptual capabilities etc., these shouldn’t be describing types of security solution or security solutions themselves. We can define “what” we need, or will need, in terms of security in our enterprise with the Security_Capability instances. Security_Principles define the principles for how these capabilities will be implemented.
In the logical Security perspective, we can defined Security Solutions, that realise the capabilities that we’ve defined above. In addition, we can define Security Classification Schemes, the Security Classifications that are defined in each scheme and then Clearance levels. Classifications are applied to ‘resources’ and clearance levels to actors.
Security Physical describes actual security implementations that exist in our enterprise. These relate to the Security Solutions and to the elements to which this solution applies (business things, application things etc.)
The idea with all of this is to define the requirements for security, the solutions that we have to meet these requirements and understanding how each solution is deployed in the enterprise.
As with everything in Essential, we would be very happy to understand more about what you need to capture and View and evolve the meta model to support what you need.
Jonathan
You are correct, there is not much in terms of Views at the moment, even though the meta model has been defined for some time.
Can I check with you that you are referring to the EA Support / Security Management part of the meta model?
We don’t have any good examples (repository content or Views) for using this part of the meta model but the idea of this part is as follows:
The Security Conceptual defines the requirements (the “what”) for security in the organisation. Like with our other Conceptual capabilities etc., these shouldn’t be describing types of security solution or security solutions themselves. We can define “what” we need, or will need, in terms of security in our enterprise with the Security_Capability instances. Security_Principles define the principles for how these capabilities will be implemented.
In the logical Security perspective, we can defined Security Solutions, that realise the capabilities that we’ve defined above. In addition, we can define Security Classification Schemes, the Security Classifications that are defined in each scheme and then Clearance levels. Classifications are applied to ‘resources’ and clearance levels to actors.
Security Physical describes actual security implementations that exist in our enterprise. These relate to the Security Solutions and to the elements to which this solution applies (business things, application things etc.)
The idea with all of this is to define the requirements for security, the solutions that we have to meet these requirements and understanding how each solution is deployed in the enterprise.
As with everything in Essential, we would be very happy to understand more about what you need to capture and View and evolve the meta model to support what you need.
Jonathan
Essential Project Team
