happenings.

Between April and June, I appeared on a radion show to talk about Identity theft and in early June I gave a presentation at the Gartner Security Summit in DC. And then I got a bit more visible on facebook after my Indianapolis IEEE-USA meeting...

Well more importantly, Obama won the Democratic nomination for President in June.

I haven't written anything on this blog on enterprise architecture, business process improbement, security or any of my passion. I have been working on Six Sigma certification, for all its worth and plan to apply for the CGEIT certification. Quite pricey, but I forseee some value in the cartification.

EISSAF

Enterprise Information Systems Security Architectural Framework (EISSAF) is a holistic security design methodology. It is the collection of resources and design tools for formalizing, visualizing, and modeling an information system security design.

This work includes the definition of information security that captures the objectives and parameters that affect security of information systems in an enterprise. At the heart of the EISSAF is the aggregation of the various architectural components, stakeholders and entity abstractions, entity and data relations and flows. The result is a set of diagrams, definitions and relationships. These are
developed as building blocks for the holistic design of information system security architecture. The objective is to enable enterprises develop, analyze, and measure security designs efficiently and cost-effectively.

Security affects, and is affected by, every component; objects and subjects, of an enterprise. Subjects act on objects. An enterprise consists of people, policies and technologies and there are security requirements (or attributes) for each of these. Also, an enterprise can be modeled hierarchically to account for decision and operational structures. This complex relationship can be visualized in a three dimensional Cartesian plane. The planes of the three dimensional representation are the architectural layers, the architectural perspectives, and the architectural security attributes. This three dimensional view demonstrate the nuance that is often missed in many discussion about security. The fundamental interplay of procedures, system level decisions, technology deployment and end user interaction, in the security of an enterprise. EISSAF capture these interactions.

The EISSAF design framework is organized into basic security attributes, architectural perspectives and enterprise hierarchy, or layers. At each layer, the various perspectives interact and depend on the various attributes. The three dimensional representation in Figure 2.1 present the basic idea.

Figure 2.1 EISSAF Construct in Cartesian Coordinates

The fundamental construct of EISSAF is the organization of an enterprise into four basic layers of organizational abstraction; strategic, business, systems, and operational. Every organization or enterprise consists of three basic components; people, policies, and technologies. These components are represented or can be mapped into the four organizational layers. These components are called perspectives. Security can be defined from these perspectives. A third construct of the EISSAF is what constitutes security. Research points to four essential attributes of a system by which its security is can be described. These four attributes are also the essential requirements information systems security controls are meant to protect. They are privacy, integrity, confidentiality, and availability. The EISSAF construct is presented in Figure 2.2
EISSAF provides a framework for a complete abstraction of the Enterprise Information System. The choice of abstraction is aimed at minimizing redundancy in definitions and constructs thereby improving the measurability. To facilitate clarity and assure consistency, definition of some of the basic constructs of the EISSAF are presented in the upcoming sections.

Figure 2.2 EISSAF construct showing layers, attributes and perspectives

Security Layers (Dimensions)

An architectural layer represents the fundamental hierarchy of architectural organization and depicts layers of details, abstraction and responsibility. EISSAF defines four layers; Strategic Layer, Business Layer, Systems Layer and Operational Layer.

Strategic Security Layer

This is a construct similar to Zachman's [28] layers. The EISSAF strategic layer abstracts the stakeholder's view of the enterprise's vision and objective. The architectural vision is defined, and the goals documented. Enterprise expectations and measures are specified. The output of this layer is the driver for business decisions and thus, the Business Layer. Business leaders and stakeholders always refer to an overarching big-picture or general direction and goals. The strategic layer typically describes two perspectives, people and policies. The technology perspectives are often then left to lower layers in the enterprise architectural development hierarchy.

Principals involved in the Strategic layers often include the enterprise architect, business owner(s) and enterprise stakeholders , regulatory bodies and standard development bodies.

In developing a security architecture (using EISSA), enterprise architects will require answers to layer-specific questions. The answers they obtain then serve as Architectural Development Guides (ADG). ADG help clarify concerns, performance requirements, and security attributes. Different questions will be asked as part of the ADG at different layers, each expected to produce increasing level of detail and abstraction. These answers also serve as basis for performance measure and security metrics computations. This process is the Architectural Development Process, ADP.

The level of details and enterprise abstraction developed as a result of the strategic layer ADP is critical to a successful architectural design. The details may also be used in determining the Maturity level of the enterprise [ [29], [30] ].

The Strategic layer is about enterprise leadership and governance; it is for vision declaration and metric identification. Example Strategic level goals could include:

• Democracy – Assure Optimum Voter's Confidence in the Election System and its result
  
• Financial – Maximize customer's privacy and become the most customer friendly Bank in the United States as well as the most functionally efficient.
  
• Most Secure Online Service – Obtain highest industry rating in online-banking security.
  

The forgoing examples show a big-picture expectation and serve as the basis for performance measures. When the security metric is identified, the enterprise security architecture can then be designed to attain a given metric level or value averaged over a given period or consistent over a specified interval. An example will be "An election with security metric of 0.95, representing 95% errors free in all security attributes combined".

Business Security Layer
The Business or motivation layer addresses the goals in manners that lay out the how to achieve them. The Business layer is driven by the Strategic layer and is often the first design phase in the EISSA ADP. The enterprise's core security compliance requirements are addressed. Potential liabilities and risks associated with various decisions are also determined here. The Business layer often requires all three architectural perspectives; people, policies and technologies. It is common that technology is described with fewer details than at lower levels in the ADP hierarchy. Business Layer concerns itself with operational basis and process motivation. The directions for achieving these are specified and serve as the systems driver (Figure 2.3).

Sample Business Layer operations or objectives:

• An Election System business objectives might include :
  
  • Maximize Voter Participation and Confidence by ensuring all eligible voters are able to vote in compliance with the Voting Rights Act of 1959 as amended and re-authorized in 2006.
    
  • Reduce ballot fraud by to less than 1% in subsequent elections.
    
  • Assure 100% accuracy in vote counts by implementing appropriate technologies and procedures.
    
• A financial Enterprise business objectives might include:
  
  • Attain 10 million client level by reducing the customer-turnover to less than 10% from the current level of 50% and increasing new customer targeted advertisement to reach additional 20 million potential customers.
    
  • Enhance Operational Efficiency and eliminate wastes by improving unit productivity and eliminating stove-pipes and bottle necks.
    

The Business Layer is a fundamental level of performance measure and a feedback point to the strategic as well as lower abstraction layers including the systems and the operational dimension. Objectives are determined by people, governed by policies and achieved by the combination of people, policies, and technologies. Examples of people involved in the Business layers are:

• An Organization's C-Level Executives and Business-Leaders
  
• The Federal Election Commission , driven by the legal mandates of the congress
  
• The office of State's Secretary of state, for an election system.
  
• Council Board of Election is also a business level operative for an election.
  

Business layer policy abstractions may include:

• Industry standards such as ISO/IEC 17799 (ISO 2700-2005), aimed at providing operation guidance for achieving specific compliance requirements or mandate.
  
• State Election guidelines, regulations, and procedures
  

  Business layer technologies may include:
  

• An Enterprise Architectural technology or an Enterprise Resource Planning (ERP) tool will be an example Business Layer technology, enabling essential reporting and performance measures.
  
• The Business layer could mandate the use of a technology solution such as internet voting, or touch screen voting. It may not necessarily determine what vendor or what specific protocol to use.
  

  Systems Layer
  

This can also be called the technology or solutions layer or dimension. This layer addresses enterprise components integration and interrelations with ramifications for effectiveness, performance and security. This is where detailed technology specifications are provided as are details connection and operational protocols. The system layer derives directly from the Business Architecture and is designed with the Enterprise goals in mind.

The System layer includes definition of systems and module; abstraction articulation of inter-system and intra-system communication protocols for data flow and data transfer. The system layer includes a significant level of implementation details. Consider the business layer as analogous to the main-contractor, then the system layer will be analogous to the sub-contractor. Security profile becomes more apparent, thus this level is suitable to rigorous metric computation. Providing a feedback loop between the system and the business layer improves efficiency.

Security requirements and features are defined clearly at the systems layer. This provides for clear translation for measuring the performance of operational enterprise with respect to the business requirements of the enterprise.

At the Systems layer, people, policies and or technology are represented. Some examples of people at this layer of the EISSAF hierarchy include:

• Vendors, Evaluating Entities
  
• Developers, Implementation Engineers
  
• Election Management Personnel
  

At this layer, policies would typically be in the form of standards, best practices, guidelines, and regulations. Some examples include:

• Standards , Recommendations, Best Practices
  
  • CoBiT , ISO/IEC 17799-2005 (2700-2005)
    
  • SSE-CMM
    
• Corporate procedures and guidelines.
  

System layer technology perspective provides sufficient insight into the operational architectural view. It includes technology specifications, and serve as the operational driver. Some of the systems level technologies include:

• Enterprise Network (LAN, WAN, Wireless, Data, Voice, Converged)
  
• Identity Management (Access Control)
  
• Cryptography (Key Management)
  
• Service Audit (Logging, Monitoring)
  
• Recovery/ Availability (Clustering and Back-Up )/Disaster Management
  
• Platforms (Vendors / Systems )
  
• TLS / PKI / AES
  
• TCP / IP , OSI , ISO
  
• Network Architecture / Design / Implementation
  
• Control & Identity Infrastructures
  
• Desktop and Server Management Structures/ Technologies
  

Figure 2.5 EISSAF Architectural Layers

Operational Security Dimension

Systems layer perspectives drive the operational layer design as shown in Figure 2.5 above. The operational layer is the user-facing layer. This is the last layer of the ADP and the construct include all three Enterprise Architectural perspectives; people, policies and technologies. The Operational dimension is crucial in the EISSAF ADP, in the EISSA modeling and metric simulations. All the vision, mission, and objectives determined at the strategic layer and actualized here. Operational layer architecture often relates to specific events or activities. Emphasis is on technology and people view. The security solutions at the operational layer are directly traceable to the strategic objectives, thus measures computed here are traceable to measures determined at the strategic layer.

A well architected EISSA will include paths for reviewing the operational outputs from the Operational layer into the Systems, Business as well as the Strategic layers. This is important for agility, serving also as the basis for enhancing efficiency, performance and security.

Many enterprises today lack an efficient feedback process. One of the goals of this work is to provide a holistic mechanism for feedback and process improvement. Methodologies such as Six Sigma and Baldrige provide framework for process improvement. EISSAF can be used in support of these other frameworks.

Often Operational layer policies are in the form of procedures, guidelines and instructions. Since they are governed by laws, regulations, and standards their impact and effectiveness can be mapped to the regulations at the strategic layer.

Operational layer people will include personnel directly interfacing with the resulting enterprise. For an election system, these will include; election judges, poll workers, vendor representatives, voters, and potential adversaries.

At the operational layer, technology is definite. Details ranging from network connection types, links and equipments to operating systems and more. For information systems, the most data is available at this layer. Examples of technology views at this layer include

• Operating Systems type such as Windows 2003 release 2
  
• Application Server such as Apache 2.2 running on a FreeBSD 6.1 minimal build with OpenSSH 0.9d installed. Other details may also be provided.
  
• Diebold AccuVote TS Direct Recording Election System
  
• Diebold Global Elections Management System
  
• Sequoia Voting System Optech Insight machine
  
• Cisco 4510R switch with 384 optical ports
  

Each of the technology item identified in the enterprise must map into the system layer technology view architecture. The system layer architecture must map into the business layer. The business layer must also map into the strategic layer. Thus every perspective element in the lower layers must be traceable to a strategic requirement or element.

The EISSAF architectural development process requires feedback between adjacent layers and between all layers. This many-to-many feedback loop improves the visibility and agility of the enterprise. The EISSAF supports feedback through the metric framework. The feedback process is captured in Figure 2.6.

Figure 2.6 EISSAF ADP Hierarchy & Process Feedback

Book Review : Cisco NAC Appliance by Jamey Heary - 2007

Authors :Jamey Heary, CCIE (Chad Sullivan, CCIE; Jerry Lin, CCIE; Alok Agrawal)
Publisher : Cisco Press
ISBN -13:978-1-58705-306-1
Title : Cisco NAC Appliance : Enforcing Host Security with Clean Access


The Cisco Self Securing Network platform is currently structured around several cornerstone technologies of which the Cisco Clean Access technology is a leading component. The Cisco Clean Access technology is one of several industry wide Network Admission Control (NAC) technologies which rely on a combination of client-server components. The Cisco Clean Access suite includes a client component which could be host-installed applet or a browser based applet that can read basic configuration data from a host machine and communicate compliance to enterprise defined rules/policies which are pre-defined on a clean access server appliance and other coorperating systems. The book, Cisco NAC Appliance is a good guide for administrators deploying this complex set of solutions brought from Perfigo Inc. after Perfigo’s acquisition by Cisco 2006.

The book’s organization and tone is aimed at security architects, security managers and security administrators. While a security architect will better understand the various deployment options and thus the place of the Cisco NAC framework in an enterprise, security managers will get a comprehensive enough view of the Cisco NAC framework to make the judgment call on actual deployment of the infrastructure and of course make decisions on cost/facility and better grapple with the potential cost benefit requests from enterprise’s executive and the security administrator will have a quick guide handbook to help wade through the myriads of documentations from Cisco on its evolving SAFE architecture in general and the NAC framework in particular.

The organization of this book is excellent for the intended audience; six parts covering the basics of host security landscape, design of Cisco NAC appliance, developing a host security policy, the Cisco NAC configuration, some deployment best practices, and of course NAC appliance maintenance and troubleshooting. The six parts are laid out in fifteen accessible chapters spanning more than 500 pages with generous amount of configuration examples and screenshots.

With Cisco now having more than 45% market share in the endpoint access control market, books like these can only increase in importance as a guide to organizations grappling with the decision on what and where to deploy these technologies.

And for this volume, the taste of the pudding remains in the eating. So if you don’t have a copy yet, go grab one (so long as you are interested in some endpoint security solutions now or at some point in the future). As for rating, I’ll give it my best rating so far, four star out of five.

Book Review : Cisco CSA by Chad Sullivan - 2005

As an endpoint protection solution, Cisco Security agent was a timely product, when it was released 2003, for being one of the industry’s first behavior based host protection solution and thus offering some hope of protection against the widely feared zero-day attack scenario. While the product is considered a great tool, its proper deployment in an enterprise is non-trivial. Hence the value of a book like Cisco Security Agent : Prevent security breaches by protecting endpoint systems with Cisco Security Agent(CSA) , the Cisco host Intrusion Prevention System.

While the books organization is not quit elegant (it leaves the planning and implementation process to the last part while address advanced concepts earlier on), its comprehensive content on the subject makes it a useful book all the same. The seven part book makes the case for Cisco Security Agent (or any endpoint security solution for that matter) in the first part, addresses the CSA architecture in the second and describes the agent installation as well as issues with the local agent in the third. Monitoring and reporting was handled in fourth part while the fifth part addresses CSA analysis in deployment. The author developed policies, implementation and CSA maintenance in part six while the last part (appendixes) addresses integration with other Cisco technologies.

Chad’s narrative while pedestrian provides ample guidance and example to appeal to an enterprise security administrator in a concise manner thereby compressing what could potentially have been a 1000 page manual into a less than 450 pages. Also the overall style of the presentation bellies Chad’s breadth of experience as a network security subject matter expert.

Given the state of enterprise information systems security today, a typical enterprise will need a combination of tools to achieve a secure pasture and this book by Chad Sullivan as well as the Cisco NAC appliance book he helped co-write are very useful guides for organizations planning to develop or deploy a robust and holistic end-point control solutions. While the book is dated (2005), I’ll still recommend it as a buy (even though I expect an update in the near future).

Enterprise Architecture

Enterprise Architecture is the formal organization (design or layout) of the components, structures and processes required or relevant to the attainment of the goals and visions invested or envisioned in an enterprise.

Often used in the context of information system's applications in an enterprise, Enterprise Architecture is really concerned with all aspects of an enterprise with information technology as a sub-context.

All organizations are built on some architectural framework or another, even when the choice is not fully conscious, just like every building or city could be said to have been built on some structural architectural framework, even when the choice has not been conscious, like in many developing nations. However, just like modern society now appreciate the value of a conscious structural architectural developmental process; culminating in the study of architecture in many major colleges and trade institutions, so would society benefit from the conscious application of such faculty to enterprise architecture.

At a Digital Government Summit in 2006, a gentleman from CA used the term Empire Architecture to describe the architectural paradigm required for many modern enterprises, which can be considered really as a combination of complex enterprises; and he is right. Modern Corporations, Government and even educational institutions are indeed an amalgam of complex sub-entities often a singular ultimate bottom line, but disparate intermediate business goals and requirements. Modern Enterprise Architecture thus can be viewed beyond the singular enterprise but also from the perspectives of empire architecture.

However, semantics aside, enterprise architectural practice as it is developing  today can support all nature of architectural definitions from single architectures to virtual enterprise architectures and empire architecture. Just like in structural architecture the procedures are essentially the same irrespective of the size or complexity. As a matter of fact, applying the same rigors irrespective of the size is beneficial to an Enterprise Architect who can then leverage lessons learned in one scenario to become better at another.

One problem that faces the the industry though remains the lack of a consistent outlook and the tendency of practitioners to be swayed by the most market-friendly buzzword in place of standardized terminologies which are necessary for a concepts this complex and with such great ramifications for business success. Many continue to use the term solely with software development, when in reality all know it is far beyond software development; just like all know that structural architecture is beyond the walls for a house or more than the trusses for a bridge.

We have developed an architectural framework for information security and will be making public more documentation regarding this framework. We are now working on a project to help harmonized the disparate knowledge and develop a standardized set of frameworks that will incorporate various existing platform for the maximum value to enterprises regardless of size.

For additional information, please send us an email at architect at eissaf dot com.