Back to Security Pattern Catalog
Enterprise Security Services
: Security Pattern Space
Effective integration of security in the business model is contingent upon the identification of security services. The selection of security services need to follow the security approach that has been chosen. Some services, such as access control, emphasize a prevention approach.
Other services, such as accounting, emphasize detection and response. Still others, such as identification and authentication, support both prevention and detection.
How do you select and integrate security services across the organization to support security properties using preferred security approaches?
Specify an integrated set of security services to address identified security approaches and security properties for each asset type. The process emphasizes two perspectives.
One perspective is to think about the assets individually. Create an association of security approaches and security services to apply them effectively on asset categories.
Another perspective is to think of the enterprise as a whole. Ensure that the security services adopted for assets complement and reinforce each other.
ISO 13335-4 discusses services and mechanisms. NIST800-33 describes a security service model.
Enterprise Security Approaches
Prevention, Detection, Response
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz