Features
Features:

Product Tour >

Edraw AI >

Paid Plans:

Individuals >

Business >

Eduaction >
Resources
Blog

History

How-tos & Tips

Discovery

Biography

Business Analysis

Examples

AI concept Map

Free AI Mind Map Generator

Onenote Mind Map

Bcg Matrix Examples

Nike Marketing Strategy

Unilever SWOT Analysis

Make Mind Maps in Google Docs

Guide

FAQs

What's New

Resource Center
Templates
All Templates

Brain Storming Templates

Strategy and Planning Templates

Project Management Templates

Product Management Templates

Human Resources Templates

Agile Workflow Templates

Marketing Templates

Education Templates

Fun and Games Templates

User Gallery
Download
Pricing
Enterprise

MindMap Gallery SABSA Self Study

SABSA Self Study

This is a mind map about "SABSA Self Study".

Edited at 2020-12-23 10:02:57

Study Smarter

Recent works View more works>>

SABSA Self Study

Study Smarter

Recent works View more works>>

Recommended to you
Outline

use of ppen source intelligenc
- 1.1k
- 1
Oliveettom
semantic map
- 1.2k
- 5
- 2
Oliveettom
sexua assault
- 992
- 4
Oliveettom
theological conflict
- 757
- 6
Oliveettom
open education
- 1.2k
- 11
- 2
Oliveettom
6 steps of goal setting and achieving
- 1.1k
- 15
- 3
Study Smarter
How to Make Postitive Effects on Communication
- 761
- 24
- 6
Fiona_
Concepts about Money
- 1.4k
- 8
Lisa Anderson
Careers in Education and Training
- 280
- 7
Ashley
Adapted Physical Education Specialists
- 158
- 2
- 1
Ashley

SABSA Self Study

Domain Models

Security Domain

Set of elements subjected to a commonsecurity policy

Owned by a single Policy Authority

Can exist in multidimensions

Domain Registration Authority

Sets policy for the domain

Establishes identity and verifies credentials

Domain certification Authority

Provides chain of trust

Receives and certifies public keys

Types of domains

Subdomain

Set of elements under a single policy authorityand complies with a higher authority

Superdomain

A domain that contains one or more compliantsubdomains

Peer domain

Domains that share a common superdomainpolicy

Logical domain

Logical classification/department/line ofbusiness

Convert the enterprise policy to a moregranular one that can be understood locally

Can have multiple physical domain

Physical domain

Set of physical elements

Can have multiple logical domains

Serve the needs of the logical domain

Isolated domain

Enforces its own selfcontained policy

Boundary must be explicit

Trust is constant in the domain

Has no interdomain associations

Independent domain

Enforces its own selfcontained policy

Boundary must be explicit

Trust is constant in the domain

Trust between domains is not constant

Has gateway for interdomain associations

Physical access control contains many cells thathave their own parameters

Honeycomb domain

Contains many cells that have their ownparameter

Each cell has independent access policy

Combined domain

Combines independent/isolated domain withhoneycomb domain

Strengthin depth provision

Resolves variable trust and binary gatewayissues

Common in classified systems requiringclearance

Multitiered domain

Layered model of domains

New policy at each boundry

Communication

Interdomain policy associations

Simple

Interactions between two independentdomains or a superdomain and a subdomain

Complex

Via trusted third party domain

Domains must adhere to third party policy

Using mutually agreed policy

Policy authorities from the two domains agreeon a common policy

Is difficult to implement due to risk conflicts

Policy authorities enforces their policyindependently at the boundary/gateway

Attributes

Can be domain specific

Conceptual abstraction of a real requirement

Are multitier

Distribute responsibilities downwards

Aggregate performance upwards

Must be measurable

Articulate performance targets relative to thetargets of superdomains

Can be mapped to control objectives of variousstandards/regulations to achieve compliance toa number of standards/regulations

Examples

Business attributes

Reputable

Accurate

Security attributes

Integrity

Authentication

User attributes

Accessible

Accurate

Reliable

Regulatory attributes

Admissible

Compliant

Regulated

Service Architecture

Topdown process analysis

Vertical security consistency

Accurate representation of conceptual attributeat each layer

Horizontal security consitency

Process layers

Metaprocess

Contextual layer

Strategic view of process

Conceptual layer

Information flows and transformations

Logical layer

Data flows and system interaction

Physical layer

Protocols and step sequences

Component layer

Security services generally represented usingSOA model

Information types

Static

No changes in short term

Dynamic

Changes in short term

Service types

Implicit

Services in the same domain

Subtypes

Primary

Selfcontained in an element of the domain

Secures the element from within

E.g: authentication, authorization

Secondary

Operate between elements in a domain

Secures the communication between thelements

E.g: confidentiality, nonrepudation

Explicit

Services that are explicitly requested from onedomain to another

Service placement

Layer concept

Must be properly integrated and aligned

Trust exists by default between each layers

Layers

Processing layer

Antivirus & other security controls, local userauthentication, local services, backups andchange controls

Information transfer layer

Network

Data Management Subsystem

Middleware

Service management

Set of specialized organizational capabilities ateach layer

Matches business requirements for controlsand enablers

Make available the security capability andresources in a highly usable form

All activities in each layer need to be defined

Governance Model

Steps

Strategy & Planning

Develop business strategy

Set goals, objectives and expectations

Set performance targets, risk appetite

Set policy to meet objectives and targets

Design

Design process

Design systems

Design staffing model

Design controls and enablers

Implement

Establish process

Implement systems

Appoint and train people

Establish controls and enablers

Manage & Measure

Manage processes and operations

Manage people and systems

Monitor KRIs and KPIs

RACI model

Model

Responsible

Who is responsible for the activity

Accountable

Who is accountable for the activity

Consulted

Whose opinion is sought

Informed

Who are updated about the activity

All roles must be defined

Changes based on domain

Complexity directly proportional to the numberof level in domain

Can be extended with additional roles

Ex: Ownership, Assurance, Delegations

Ownership

Multifaceted

Depends on the position in the governancemodel and domain model

Can be of

asset

liability

cannot be deligated

impact

Owner

Sets goals, risk appetite and performancetargets

Accountable for performance of assets in thedomain

Trustee

Also called steward

Responsible for performance of assets in thedomain

Can set policy on behalf of domain authority orowner

Custodian

Policy authority not delegated

Responsible for performance of assets in thedomain

Complies with policies already set

Compliance role

To check and report on policy compliance andrisk appetite

Reports to the owner of the domain

Audit role

Appointed by thesuperdomain

Responsible for auditing performance of assetsin a subdomain

Reports to the owner of the superdomain

Trust Concepts

Terms

Claimant

One who is trusted

Ex: customer

Relying party

One who is relying on the trust

Ex: vendor

Types

Oneway trust

Unidirectional trust relationship

One party trusts the other

Twoway trust

Bidirectional trust relationship

Both parties trust each other

Transitive trust

Also known as passthrough trust

Uses a trusted third party

Third party performs the registration

Can be oneway or twoway

Mutual authentication

Direction of trust

In the direction of dependancy

Strength of trust

Is the strength of registration process

Complex trust relationships

Decomposed to simple trust relationships foranalysis

Contextual Layer

Gather business requirements

Define business drivers for security

Define business attributes

Map business drives and attributes

Types of goals

Strategic goals Defined in Contextual andConceptual layers

Longterm goals and plans

Have no end

Tactical goals Defined in Logical, Physicaland Component layers

Mediumterm goals and plans

Address an immediate problems

Operational goals Defined in Operations layer

Daytoday goals and plans

Based on business processes containingrepetitive procedures