Wednesday, July 22, 2009

SecurityShapes

Click for larger image!

Click here for larger image.

Commentary:
Please help me pin the tail on the other donkeys re:green and red icons?

Somewhere below architecture, policy, ontology, taxonomy but above distinct methods/controls? Predicated on an existing trust, zone,domain model. Prescriptive but not restrictive. A hitch-hikers guide to data-flow security!

Can this help empower the guys on the ground to make decisions and know when to escalate something to the security team?

I kinda wanted this to be a cheat sheet for Ops/BAU engineers. Something pragmatic rather than a magic 8ball for PMs and Solution "Architects" too.