Conceptual Security Architecture
Conceptual, or architecture view, is the overall concept by which the business requirements of the enterprise may be met. This is where we focus on the business attributes of the concept and what those will be so we can capture then in a normalized form. Once we have these, we then need to know why the protection of these business needs are required and how we want to achieve the protection. After these are identified we can then choose where we want to achieve the protection in terms of our security domain and then when is the protection relevant. Only after these six questions are answered can we then begin to logically lay out our design.
For Conceptual layer to properly be utilized, one would have first began at the Contextual layer. For an example from my course work I had to assume that documents have been reviewed and changed potentially hundreds of times while at the Conceptual Layer. Therefore, there’s usually a good level of buy-in on the vision. Simply we would then use the same language for the business level attributes we are creating. After analyzing the strategy of our made up company for the course, I’m going to assume the following attributes:
Detailed definitions for these attributes are agreed with the business stakeholders.
The next step is to link these to the broader objectives for technology. Your CIO and CTO were able to assist with these. In order to properly develop this Conceptual layer of the model I had to assume the business attributes from the Contextual layer above. Each of these categories will have a number of child items that have to be considered. Below are the attributes associated to our framework:
For Conceptual layer to properly be utilized, one would have first began at the Contextual layer. For an example from my course work I had to assume that documents have been reviewed and changed potentially hundreds of times while at the Conceptual Layer. Therefore, there’s usually a good level of buy-in on the vision. Simply we would then use the same language for the business level attributes we are creating. After analyzing the strategy of our made up company for the course, I’m going to assume the following attributes:
- User Attributes; Management Attributes; Operational Attributes; Risk Management Attributes; Legal & Regulatory Attributes; Technical Strategy Attributes and finally Business Strategy Attributes.
Detailed definitions for these attributes are agreed with the business stakeholders.
The next step is to link these to the broader objectives for technology. Your CIO and CTO were able to assist with these. In order to properly develop this Conceptual layer of the model I had to assume the business attributes from the Contextual layer above. Each of these categories will have a number of child items that have to be considered. Below are the attributes associated to our framework: