Architecture     Backups     Log analysis     Access control     Content filtering     About us  
 

Architecture

Foundations of a robust Infosec:

1. A short introduction
2. Why an Infosec architecture?
3. How to come up with an Infosec?
4. Some definitions
5. Implementation in an IT architecture:
6. How to measure an existing Infosec?
7. How to improve it?
8. How to manage the change?
9. Thanks & sources

1. A short introduction


The evolution of IT over the last decades could be considered common and out of date knowledge and irrelevant to Infosec but it holds the ability to demonstrate its increasing importance and complexity.
One could start this short history with the emergence of mainframes and already complex systems but it is more convenient and interesting to begin with the first generation of microcomputers (1971-1976; Wikipedia^®) and personal computers (1981; Wikipedia^®).
In those years microcomputers were mostly stand alone machines and rarely connected to other computers. However vulnerabilities and theirs related threats already existed. A good example of these at that time would be the appearance of floppy disk based self-replicating software that were originally used to trace software copy (1986; "(c)Brain"; Wikipedia^®) or to play jokes (1982; "Elk Cloner"; Wikipedia^®) and carried latter a more dangerous payload and are now commonly known as computer viruses.
These were considered utmost technical and proper to computer geeks.
Nearly at the same time the arising of networking (1980's; BBS; Wikipedia^®) came along with its load of vulnerabilities and associated threats. Again a good illustration would be the regular use of applications' maintenance hook by programmers against their exploitation by hackers through war dialing and password guessing or brute forcing.
This instance has been very well illustrated in the Sci-Fi US movie WarGames (1983; Lawrence Lasker & Walter F. Parkes) and that kind of perpetration was also considered utmost technical and only proper to computer nerds.
In 1985 (Wikipedia^®) the presentation by the Internet Architecture Board of TCP/IP v4 to the computer industry launches what everyone knows nowadays as the Internet.
This advent popularized the use of computer and connected technologies worldwide and it also changes the surroundings of Infosec.


2. Why an Infosec architecture?


...


3. How to come up with an Infosec?


...


4. Some definitions


...


5. Implementation in an IT architecture:

Infosec controls

Prevention   Detection   Response Event occurrence               Corporate Centralized authentication       Vulnerability remediation Application firewall     Cryptography         System hardening         Compartmentalized network       Access control Content filtering       Data sensitivity management               Tactics Penetration testing       BIA Log analysis Incident response plan Cyber forensics     Hostile code Intrusion detection Intrusion prevention     Network architecture Centralized logging             Operation Patch management   Log management     Anti malware software Performance measurement     Vulnerability assessments Monitoring     Backups             Strategy User awareness, training     Risk management IT Governance, compliances       Policies, standards & procedures     Event occurrence   Prevention   Detection   Response

6. How to measure an existing Infosec?


...


7. How to improve it?


...


8. How to manage the change?


...


9. Thanks & sources


...