IT Security Architecture

Get Started. It's Free
or sign up with your email address
Rocket clouds
IT Security Architecture by Mind Map: IT Security Architecture

1. IT Governance

1.1. Confidentiality

1.1.1. - Vendor management. - Outsorcing policy. - Data Classification – DLP. - NDA agreement with vendors.

1.2. Integrity

1.2.1. - Audit rights with vendor. - SoD. - SIEM tool – Splunk.

1.3. Availability

1.3.1. - Vendor management. - SLA & OLA. - Escrow agreement. - Audit rights with vendor.

2. Applications

2.1. Confidentiality

2.1.1. - SoD. - 2FA. - PAM tool – ARCOS. - Password policy. - Use HTTPS. - SOC report – SaaS sevices. - Seperation between environments. - Patch management of critical updates. - Authority Reviews.

2.2. Integrity

2.2.1. - SDLC process. - Testing process –unit, functional, integration, stress and regression. - UAT. - Release approvals. - SoD. - Dual authentication. - Github. - Source code review – Codebeat & Codacy. - PAM tool – ARCOS. - Automation testing – Selenium. - Reviewing testing results – Allure. - Password policy. - CI/CD – Jenkins. - Use HTTPS . - Segregation between environments. - Integrity monitor - Solidcore on ATM’s. - API key’s. - Fraud trap system.

2.3. Availability

2.3.1. - System Architecture. - Bug tracking – JIRA. - Migration plan – SaaS sevices. - High Availability setup. - Preventative Maintenance.

3. Database

3.1. Confidentiality

3.1.1. - Database Vault. - Patch management. - VA/PT. - Strong Encryption. - End Of Life databse versions. - Data masking. - SoD. - hardening configuration.

3.2. Integrity

3.2.1. - Change management. - SIEM tool – Splunk. - Database Vault. - Patch management. - VA/PT. - SoD. - PAM tool - ARCOS

3.3. Availability

3.3.1. - Nagios. - Capacity planning. - Bug tracking – JIRA. - High Availability setup. - Preventative Maintenance.

4. BCP

4.1. Confidentiality

4.1.1. - Physical security. - Visitors log. - Data Encryption in transit. - Backup encryption.

4.2. Integrity

4.2.1. - Physical security. - Backup encryption.

4.3. Availability

4.3.1. - Backup & Restore. - DRP. - Cyber security response plan. - Annual testing of BCP.

5. Network

5.1. Confidentiality

5.1.1. - VPN. - Encrytpion. - Web filtering content. - NAC. - Hardening Configuration. - Using Demilitarized Zone-DMZ. - IPS/IDS. - Patch management. - End Of Life devices. - Hardware Security module.

5.2. Intigrity

5.2.1. - Web filtering content. - SIEM tool – Splunk. - NAC. - Hardening Configuration. - IPS/IDS. - Change management. - PAM tool – ARCOS.

5.3. Availability

5.3.1. - Multiple sevice provider. - Network monitoring tools. - High Availability. - Network Diagram. - RIPE service. - High Availability setup.

6. Servers / PC’s

6.1. Confidentiality

6.1.1. - Firewall. - VPN. - Patch management. - VA/PT. - WAF. - Hardening configuration. - Physical access. - Email security. - IAM role – AWS. - SOC report – cloud. - End Of Life O.S.

6.2. Integrity

6.2.1. - Active Directory. - Change management. - SIEM tool – Splunk. - WAF. - Hardening configuration. - PAM tool - ARCOS - Anti-malware. - O.S testing. - Blocking USB/CD. - Email security. - VA/PT. - IAM role – AWS. - SOC report – cloud. - Mobile Device Management – MDM. - BIOS protection.

6.3. Availability

6.3.1. - VA/PT. - Anti-malware. - Manage Engine. - Nagios. - Capacity planning. - Physical access. - Bug tracking – JIRA. - SOC report. - High Availability setup. - Preventative Maintenance.

7. Cyber Security

7.1. Confidentiality

7.1.1. - WAF. - PT/VA. - Patch management. - DMZ. - Secure protocols – TLSv1.1 - Block all un-necessary ports. - Web filtering content. - Anti-malware. - Enrcryption. - Use https. - Use SFTP. - VPN. - 2FA. - NAC.

7.2. Integrity

7.2.1. - PT/VA. - Session time out. - Web filtering content. - Anti-malware. - Password policy. - IPS/IDS. - SIEM tool – Splunk. - Disable default accounts. - Patch management. - Hardening Configuration. - S3 bucket permissions.

7.3. Availability

7.3.1. - DMZ. - Network diagram. - Monitoring tool. - IPS/IDS. - Backup & Restore. - DDOS protection from ISP.