Managing Risk and Information Security: Protect to Enable

by Malcolm Harkins

The architecture is based on four cornerstones: Trust Calculation. This unique element of the architecture handles user identity and access management, dynamically determining whether a user should be granted access to specific resources and, if so, what type of access should be granted. The calculation is based on factors such as the user’s client device and location, the type of resources requested, and the security controls that are available. Security Zones. The infrastructure is divided into multiple security zones that provide different levels of protection. These range from trusted network zones containing critical data, with tightly controlled access, to untrusted zones containing less-valuable data and allowing broader access. Communication between zones is controlled and monitored; this helps ensure users can only access the resources for which they have been authorized and prevents compromises from spreading across multiple zones. Balanced Controls. To increase flexibility and the ability to recover from a successful attack, the model emphasizes the need for a balance of detective and corrective controls in addition to preventative controls such as firewalls. This includes a focus on business intelligence analytical tools to detect anomalous patterns that may indicate attempts to compromise the environment. User and Data Perimeters. Recognizing that protecting the enterprise network boundary is no longer adequate, we need to treat users and data as additional se...