2.2 - Describe the features of common frameworks for security architectures Flashcards
What is the ISO 9001 Deming cycle?
Plan-do-check-act (PDCA)
What is the first layer of SABSA?
Contextual: Business view, assets to be protected in context.
What is the second layer of SABSA?
Conceptual: Architects view: High-level view of services to protect the assets.
What is the third layer of SABSA?
Logical: Designers view: Node-level view of services and relationships.
What is the fourth layer of SABSA?
Physical: Builders view: Detailed node level view and how deployed with physical assets.
What is the fifth layer of SABSA?
Component: Tradesman/Technician’s view: Component view of individual security services.
What is the sixth layer of SABSA?
Operational: Facility Manager’s view: Security operations.
Name the 5 cobit key principles
- Meeting stakeholder needs 2. Covering the enterprise end to end 3. Applying a single integrated framework 4. Enabling a holistic approach 5. Separating governance from management
How many enterprise goals and IT-related goals does cobit specific?
17 each
What is ITIL defacto of?
IT Service Management
What are the main components of ITIL?
Service strategy, Service Design, Service operation, service transition
Name the first cobit process
Align, plan and organise
Name the second cobit process
Build, acquire and implement
Name the third cobit process
Deliver, service and support
Name the fourth cobit process
Monitor, Evaluate and assess
Name the fifth cobit process
Evaluate, direct and monitor
Name the first enabler of cobit
Principles, policies, frameworks
Name the second enabler of cobit
Processes
Name the third enabler of cobit
Organizational structures
Name the fourth enabler of cobit
Culture, ethics and behaviour
Name the fifth enabler of cobit
Information
What are the different views of TOGAF?
Business, Data architecture, application, technology
How is TOGAF architecture reviewed? A) Monthly B) Annually C) Continuously D) Never
C) Continuously
What is an enterprise?
“enterprise” in this context is any collection of organizations that has a common set of goals and/or a single bottom line
What is enterprise architecture?
Both an entire enterprise, encompassing all of its information systems, and a specific domain within the enterprise
What is TOGAF?
An architecture framework.
What is an architecture framework?
An architecture framework is a tool which can be used for developing a broad range of different architectures
What is the TOGAF Enterprise Continuum?
The Enterprise Continuum, which is a “virtual repository” of all the architecture assets - models, patterns, architecture descriptions, etc
What is an architecture description?
An architecture description is a formal description of an information system
What is the TOGAF Architecture Development Method (ADM)?
Used to develop an organization-specific enterprise architecture that addresses business requirements.
TOGAF Resource Base
set of resources - guidelines, templates, checklists - supporting the TOGAF ADM.
What are the five NIST cybersecurity framework functions?
Identify, Protect, Detect, Respond, Recover
The 6 security actions of the Cisco Security Control Framework
Identify, Monitor, Correlate, Harden, Isolate, Enforce
What are the 3 goals of the Cisco Security Control Framework?
- Protect the IT infrastructure
- Protect the IT assets using network-based controls
- Mitigate and respond to security incidents using network-based controls
Go through the step-by-step process of TOGAF ADM
architecture vision, buisness, information system, technology architecture, solutions, migration, planning, implementation governanace and change management
Name All SABSA Layers
Contextual
Conceptual
Logical
Physical
Operational
What is the number of columns and rows in the SABSA Matrix
6x6
How many columns and rows are there in the Zachman Framework?
6x6
Why is governance important?
Governanace is about making sure management are not taking shortcuts to achive their goals (make money or promotion or meet business objectives)
