EISA (Enterprise Information Security Architecture) - detailed description of security processes and...
-
Upload
silas-mclaughlin -
Category
Documents
-
view
225 -
download
0
Transcript of EISA (Enterprise Information Security Architecture) - detailed description of security processes and...
TREASURY INFORMATION SECURITY
BUSINESS - INFORMATION - TECHNOLOGY +
SECURITY
DEVELOPMENT OF A METHODOLOGY FOR SECURITY PROCEDURES AND PROCESSES
EISA (Enterprise Information Security Architecture) - detailed description of security processes and procedures to develop compliance with strategic goals of the enterprise.
EISA implies optimization of business-processes, answers the questions when architecting business security, establishment of a secure network infrastructure, development of security policies and procedures, etc.
Due to introduction of EISA, we lay the groundwork to create flexibility within our organization, to adjust our system to a coming change.
2
Unification of the development tools
Dev –> QA –> Prd
RBAC + SoD
Transition to web-services
Unification of the development environment
Unification of DBMS being used
3
BUILDING A SECURE INFRASTRUCTURE
Threat source: DDoS; Hacktivists Opponents using software like Stuxnet, Shamoon Special services
Vulnerable users: Executive directors Heads of Departments Head of IT Super users
4
Documents/Records/Email
Database
Server/Operating System
Application
Network
Physical
External Users
Internal
Users
5
Internal Users
6
Build sustainable compliance programs
Reduce risk of insider threat and
attacks
Identity AccessData
Protection
7
STATE TREASURY AGENCYSTATE TREASURY AGENCY
TREASURY BRANCHTREASURY BRANCH
TREASURY BRANCHTREASURY BRANCH
TREASURY BRANCHTREASURY BRANCH
INTERNETINTERNET
XDMXXDMX
8
ASA 5515 X
ASA 5555 X ASA 5555 X
Cisco 2951 Cisco 2951
INTERNETINTERNET
DMZDMZ
Certeficat CenterCerteficat Center RADIUS ServerRADIUS Server
Mail ServerMail Server
XDMX
ServersServers
ASA 5515 X
9
ASA 5515 X ASA 5515 X
ASA 5555 X ASA 5555 X
Cisco 2951 Cisco 2951
INTERNETINTERNET
DMZDMZ
Certeficat CenterCerteficat Center RADIUS ServerRADIUS Server
Mail ServerMail Server
Privat NetworkPrivat Network
Treasury Branch 2
Treasury Branch 1
Treasury Branch N
ServersServers
XDMX
10
SwitchSwitch
DMZ
UsersUsers AdministratorsAdministrators
WEBWEB
FileServer
FileServer
Data BaseData Base
ProxyServerProxyServer
DNSServerDNS
Server
ADServer
ADServer
Policy
INTERNETINTERNET
Router
DNS (TCP/UDP 53)
HTTP (TCP 80)HTTPS (TCP443)
HTTPS (TCP 443)
GPO
Access List
Access List
ASA Out
ASA Internal
POP3 (TCP 110)SMTP (TCP 465)
Mail ServerMail ServerCerteficate ServerCerteficate Server
ServersServers
11
RECEIPT, USE OF THE DIGITAL CERTIFICATE
12
After conclusion of the contract with the State Treasury Agency, an organization’s email address receives an email with the link.
13
Unique 7 digit number of the organization
14
ID data is entered
15
CERTIFICATE DOWNLOAD SECTIONAND SETUP MANUAL
User certificates setup
SC certificate setup
Setup manual
16
After setting up the certificates, log on is done via a personal certificate.
17
THANK YOU FOR ATTENTION!
18