Whitepaper: A Reference Model for Enterprise Security

This paper describes a reference model, in UML, for (enterprise) IT security. It was presented at ICEIS 2007, and an expanded version of it is also included that provides a more complete description of the concepts.

Relationships

Related Elements	Define Logical Locations Model Define Logical Roles Model Define Technical Entities Model Define Technical Locations Model Define Technical Process Model Define Technical Roles Model Update Business Perspective Update Logical Models Update Technical Models Users, Actors and Roles

Main Description

This paper describes a reference model, in UML, for (enterprise) IT security. This framework defines a logical approach to enterprise security, but more importantly provides a cohesive structure for the definition and implementation of security services. The complete framework is described, but with a focus on subjects, and protected objects and how access is controlled. Multiple layers of security are defined, building upon the “defence in depth” concept, augmented with “domain” and “zone” concepts and associated protections. The dynamic use of roles is described, a concept that along with “user self-service” provides a practical approach for the management and use of roles for access control.

An expanded version of this IT architecture pattern is here: IT Security Reference Model

Description

Attached Files	A-Reference-Model-for-Enterprise-Security_ICEIS-2007.pdf Reference Model Definition (Wikipedia)