Andre van der Schyff

My online home and blog

Useful resource for security architecture

One of the nice things of my job is that I’m challenged and pushed on a continual basis. Most recently, I had to produce a security architecture for a fairly complex system. Among the things that made this interesting is that the system exposes several public facing entry points, and uses a fair amount of interesting tech, things like:

  • In-memory data grid
  • Complex event processing / rules engine
  • Integration
  • Geographic redundancy
  • etc

These kind of things are quite interesting from a security perspective, and not being a security specialist, I needed to find some framework or reference architecture to benchmark against – basically a library of considerations and patterns that I could apply to the solution. I finally found the Open Security Architecture framework, and must say that I found it very, very useful to validate what I was doing.

Though it is clearly still a work in progress, it already contains lots of patterns (for example, Public Web Server) to compare against, and a catalogue of Controls that you can work through to ensure you’ve considered the security aspects of the system.

OSA Control Catalogue

Pretty useful stuff, and well worth a look. And best of all, it’s all licensed under Creative Commons so you’re actually allowed to use it – nice.

,

Leave a Reply