Comparison of information security architectures

Authors

  • Михайло Володимирович Коломицев NTUU "KPI"
  • Світлана Олександрівна Носок NTUU "KPI"
  • Роман Олександрович Тоцький NTUU "KPI"

DOI:

https://doi.org/10.18372/2410-7840.22.14663

Keywords:

information security, architecture, comparison attributes, company, business goals, model

Abstract

The information security architecture helps to compare the current state of security with the desired one and determine how to achieve it in an optimal way. The architecture of information security is especially important in an unstable economic situation when there is no more money for everything you “want”, and all projects should be linked to the survival of the business in a crisis. Only a clearly built architecture allows you to stay on track and achieve your goals. Implementing security architecture is often a complex process in enterprises. Traditionally, a security architecture consists of some preventive, detective, and corrective controls that are used to protect enterprise infrastructure and applications. Some enterprises work better with security architectures by adding policy-based controls, including policies and procedures. Many traditional information security thinkers see information security architecture as nothing more than the presence of security policies, controls, tools, and monitoring. The world has changed; information security is not the beast as before. Today's risk factors and threats are not as simple and not as simple as they were before. New emerging technologies and capabilities, such as the Internet of Things, are changing dramatically how companies work and what their goals and objectives are. It is important for all security professionals to understand business goals and try to support them by introducing appropriate controls that can simply be justified to interested parties and involve business risks. That is why, the concept of information security architecture is used. This article will analyze the following information security architectures that may help achieve this goal: SABSA. Sherwood Applied Business Security Architecture (SABSA); O-ESA. Open Enterprise Security Architecture (O-ESA); OSA. Open Security Architecture (OSA).

Author Biographies

Михайло Володимирович Коломицев, NTUU "KPI"

candidate of technical sciences, associate professor of Institute of Physics and Technologies of the NTUU "KPI"

Світлана Олександрівна Носок, NTUU "KPI"

candidate of technical sciences, associate professor of Institute of Physics and Technologies of the NTUU "KPI"

Роман Олександрович Тоцький, NTUU "KPI"

student of the Institute of Physics and Technologies of the NTUU "KPI"

References

FIPS, "Standards for Security Categorization of Federal Information and Information Systems", FIPS PUB 199.

J. Sherwood, A. Clark, D. Lynas, "Enterprise Security Architecture, A business-driven approach".

Open Enterprise Security Architecture (O-ESA), "A Framework and Template for PolicyDriven Security", [Electronic resource]. Online access: https:// publications.opengroup.org/g112.

OSA, [Electronic resource]. Online access: http:// www.opensecurityarchitecture.org.

Published

2020-03-31

Issue

Section

Articles