Back to Security Pattern Catalog




Enterprise Security Services


Classification Key : Security Pattern Space

Problem

Effective integration of security in the business model is contingent upon the identification of security services. The selection of security services need to follow the security approach that has been chosen. Some services, such as access control, emphasize a prevention approach. Other services, such as accounting, emphasize detection and response. Still others, such as identification and authentication, support both prevention and detection. How do you select and integrate security services across the organization to support security properties using preferred security approaches?

Solution

Specify an integrated set of security services to address identified security approaches and security properties for each asset type. The process emphasizes two perspectives. One perspective is to think about the assets individually. Create an association of security approaches and security services to apply them effectively on asset categories. Another perspective is to think of the enterprise as a whole. Ensure that the security services adopted for assets complement and reinforce each other.

Known Uses

ISO 13335-4 discusses services and mechanisms. NIST800-33 describes a security service model.

Related Patterns

Enterprise Security Approaches

Source

Wiley Book

Tags

Prevention, Detection, Response


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz