Jaselská 6, Praha

skoleni@anywhere.cz

224 310 808

OESA - Open Enterprise Security Architecture

40 000  bez DPH

Luboš Fryc, TOGAF®, SABSA® and Business Architecture expert


Luboš Fryc je kouč a školitel podnikové a bezpečnostní architektury. Přednáší mj. standardy TOGAF®, SABSA® a Business Architecture, a to s důrazem na vysvětlení vzájemných vazeb s dalšími metodikami, jako řízení rizik a služeb, projektové a procesní řízení nebo ověřování kvality.

Aktivně spolupracuje na tvorbě standardů a na přípravě Bodies of Knowledge v rámci celosvětové komunity The Open Group Architecture & ArchiMate Forum.

Je držitelem certifikátů TOGAF® 9 CertifiedTOGAF® Essentials 2018 a The TOGAF® Standard – Version 9.2 a IRS within TOGAF®.


Anotace:

Dvoudenní školení zaměřené na strukturální popis rámce, určeného pro návrh, implementaci a operativu bezpečností architektury podniku.

I. den

General Description of an Enterprise Security Program

  1. Enterprise Security Program Framework
  2. Enterprise Security Architecture
  3. Housing Design Model
  4. The Enterprise Security System Design Model
  5. Community Standards vs. Corporate Standards
  6. Building Codes and Engineering Practices vs. Governance
  7. House Architecture vs. Security Technology Architecture
  8. Bill of Materials vs. Security Services
  9. Maintenance vs. Operations
  10. The Remodelling

Security Governance

  1. Governance Components and Processes
  2. Governance Process Overview
  3. Governance Process Roles
  4. Governance Model Policy Framework
  5. Governance Principles
  6. Security by Design
  7. Managed Risk
  8. Usability and Manageability
  9. Defense in Depth
  10. Simplicity
  11. Resilience
  12. Integrity
  13. Enforced Policy
  14. Design for Malice
  15. Mobility
  16. Policies
  17. Policy Development
  18. Policy Template – ISO/IEC 27002:2022
  19. Security Policy Language – XACML
  20. Standards, Guidelines, Procedures
  21. Enforcement
  22. Ongoing Assessment
  23. Governance Example
  24. Authentication Policy Example
  25. Password Quality Enforcement Standard Example
  26. Example Comments

Security Technology Architecture

  1. Components and Processes
  2. Conceptual Framework for Policy-Driven Security
  3. Conceptual Architecture for Policy-Driven Security
  4. PDP/PEP Detail
  5. Identity Management Architecture
  6. Identity Management Conceptual Architecture
  7. Identity Management Logical Architecture
  8. Identity Management Security Services Template
  9. Identity Management Physical Architecture
  10. Federated Identity Management
  11. Border Protection Architecture
  12. Border Protection Conceptual Architecture
  13. Border Protection Logical Architecture
  14. Border Protection Security Services Template
  15. Other Security Services Template
  16. Access Management Services
  17. Configuration Management Services
  18. Access Control Services
  19. Authentication Services
  20. Authorization Services
  21. Detection Services
  22. Virtualization
  23. Content Control Services
  24. Auditing Srvices
  25. Cryptographic Services
  26. Design and Development
  27. Design Principles
  28. Design Requirements
  29. Design Best Practices
  30. Re-Usable Tools, Libraries, Templates
  31. Coding Best Practices
  32. Testing Best Practices

II. den

Security Operations

  1. Asset Management
  2. Security Event Management
  3. Security Administration
  4. Security Compliance
  5. Vulnerability Management
  6. Reactive Process for Responding to Vulnerability Notifications
  7. Proactive Process for Vulnerability Identification and Response
  8. Event Management
  9. Incident Management
  10. Testing Security Architecture
  11. Security Metrics
  12. Operational and Business-Aligned Metrics
  13. Objectives
  14. What is a Security Metric?
  15. Types of Metrics
  16. Applying Security Metrics
  17. Types of Metrics
  18. Security Metrics Process

Toward Policy-Driven Security Architecture

  1. Policy Layers and Relationships
  2. Policy Automation Vision
  3. Policy Automation Model
  4. Policy Automation Model – HIPAA Example
  5. Policy Automation Roadmap

Conclusions and Recommendations

  1. Conclusions
  2. Recommendations
  3. Recommendations to User Organizations
  4. Recommendations to Vendors and Standards Organizations

A Glossary of Resources

  1. Annex 1 – Security Governance Resources and Tools
  2. Annex 2 – NIST References for O-ESA Implementation

Security Architecture Checklist