SlideShare a Scribd company logo

The Future of Security Architecture Certification

D
danb02

Would you drive over a Bay Bridge built from an amateur building architect's blueprints? What if the architect passed a multiple choice test first - is that good enough? Society's answer to these questions is obviously NO. But unlike building architects, security architects are not always required to have Certificates or Degrees and standards for such are lacking. As information gains value, and we move from "information security" to also securing the Internet of Things, security architecture becomes increasingly consequence-laden and the question of required training and accreditation more pressing. The slides are from a webinar in which Linked In Security Architecture group participants collaboratively explored the Future of Security Architecture Certification.

Internet
1 of 20
The Future of Security Architecture Certification By Dan Blum, Managing Partner March 18, 2015 1Copyright (c) 2015 Security Architects, LLC
About Us • We are a consulting firm dedicated to helping organizations plan, specify and develop security programs, policies and technology solutions. Copyright (c) 2015 Security Architects, LLC 2 About Us Clients Enterprise Security Teams Cloud service providers (CSPs) Other Audiences Areas of Expertise Cloud Security Identity and Privacy Endpoint Security Cyber Security
Our Services Security Assessments Security Architectures Custom Consulting Security Workshops Consulting Services 3Copyright (c) 2015 Security Architects, LLC
Special Guests Copyright (c) 2015 Security Architects, LLC 4 Guest Organization Framework Bill Ross INFOSECURE, LLC N/A Jim Hietela The Open Group TOGAF Fred Cohen Management Analytics Standard of Practice (SoP) Maurice Smit SABSA SABSA
Problem Statement “Would you drive over a Bay Bridge built from an amateur architect's blueprints? What if the architect passed a multiple choice test first - is that good enough?” Society’s answer to these questions is clearly “NO.” Depending on the state, practicing architects need: • University Degrees • Licenses and Certifications • Separation of Duty • Liability 5Copyright (c) 2015 Security Architects, LLC
Problem Statement • As the information economy and the Internet of Things (IoT) matures, a Security Architect’s practice becomes more consequence-laden • Industry lacks consensus on exactly what a Security Architect is or should be • One non-attendee challenged this webinar – “I think the basic assumptions of this proposal are not sufficiently defined or developed to the level required for meaningful result.” Copyright (c) 2015 Security Architects, LLC 6
Questions to Consider • What is a Security Architect and how does our practice relate to others? • What frameworks should be used for our practice? • Should security architects be certified, and how? • What training or tests should be required? • Should security architects require a specialized Degree? Copyright (c) 2015 Security Architects, LLC 7
What is a Security Architect and How does our Practice Relate to Others? Actual Titles • Cyber Security Process Architect • Enterprise (Security) Architecture • Technical Architect (Security) • Chief Security Architect • Security Architecture & Cyber Security Lead • Director/Information Security Architect • Senior Security Architect/Consultant • Senior Technical Advisor/Enterprise Architect • Senior Security Architect • Network Security Architect • Solution Architect • Enterprise Security Architect • Enterprise Security Architect • Managing Architect • Information Security Architect • Information Security Architect Copyright (c) 2015 Security Architects, LLC 8 Types of titles • Process architect (1) • Enterprise security architect (4) • Security architect (9) • Network security architect (1) • Solution architect (1)
We’re International Copyright (c) 2015 Security Architects, LLC 9
We’re Multi-Faceted Copyright (c) 2015 Security Architects, LLC 10 Source: SABSA White Paper: Enterprise Security Architecture
Our Work May be Contained Within Enterprise Architecture Frameworks Copyright (c) 2015 Security Architects, LLC 11 SABSA and Open Group have been working to integrate enterprise security architecture into TOGAF Architecture Development Method (ADM) Source: The Open Group
What Frameworks Should be Used for Our Practice? Copyright (c) 2015 Security Architects, LLC 12 Source: SABSA TOGAF Integration White Paper
What Frameworks Should be Used for Our Practice? Copyright (c) 2015 Security Architects, LLC 13 Source: http://all.net
Should Security Architects be Certified, and How? Copyright (c) 2015 Security Architects, LLC 14 PROS CONS NICE TO HAVES IN CERT / TRAINING PROGRAMS Supports hiring and training efforts Too early, no equivalent of “building” standards Open source materials, low barriers to entry Facilitates compliance Too late, questionable frameworks in place(s), no consensus High standards for qualification, but low barriers for already- qualified experts Works for practice subsets that are mature Standards and mutual recognition of similar certifications Regulatory acknowledge Operate at the enterprise level Audience Supplied Answers
What Training or Tests Should be Required? Copyright (c) 2015 Security Architects, LLC 15 Source: ISC2 http://blogs.lt.vt.edu/sequencingscott /2013/12/10/you-have-a-choice/
Comparing SABSA and ISC2 Copyright (c) 2015 Security Architects, LLC 16 Source: http://www.slideshare.net/infosecforce/security-architecture-brief
Additional Certification Programs Copyright (c) 2015 Security Architects, LLC 17 CREST Registered Technical Security Architect Examination (CRTSA) Examination Format The examination is assessed in both Written Multiple Choice and Written Long Form. Syllabus The syllabus for this examination is available here Practitioner Certificate In Information Assurance Architecture (PCiIAA) Council of Registered Ethical Security Testers What format is the exam? Two hour ‘closed book’ Two sections with 85 multiple choice questions Pass mark is 65%
Beyond Multiple Choice Tests • SABSA applies Benjamin Bloom “Taxonomy of Educational Objectives” to measure cognition as well as knowledge – SABSA Chartered Foundation (SCF) Certificate – SABSA Chartered Practitioner (SCP) Certificates • Per architecture domain – SABSA Chartered Master (SCM) Certificates • Master level certification requires a candidate to pass three further test modules, each of 60 minutes duration and consisting of 40 multiple choice questions. In addition Master candidates must demonstrate advanced capabilities through either interview with a panel of experts appointed by SABSA Institute or through submission of an Enterprise Security Architecture dissertation / case study. The test modules required depend upon the chosen career stream most suited to the needs of the Architect and their employer. Copyright (c) 2015 Security Architects, LLC 18
Should Security Architects Need a Specialized Degree? Copyright (c) 2015 Security Architects, LLC 19 PROS CONS NICE TO HAVES IN DEGREE PROGRAMS Dramatically improve skills of new architects Too early – no agreement on standards Accredited, tiered and specialized curriculums Fundamentals of security don’t change dramatically Technology changes too fast, degrees get obsolete Work study program Practical experience may be more valuable than degree Code of ethics Life long training Audience Supplied Answers
Open Q&A Security Architects, LLC http://security-architects.com info@security-architects.com Copyright (c) 2015 Security Architects, LLC 20

Recommended

Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
Marcelo Martins
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0
Maganathin Veeraragaloo
 
SABSA - TOGAF Integration White Paper
SABSA - TOGAF Integration White PaperSABSA - TOGAF Integration White Paper
SABSA - TOGAF Integration White Paper
SABSAcourses
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
SABSAcourses
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
MubashirAslam5
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0
Maganathin Veeraragaloo
 

Recommended

Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
Marcelo Martins
 
SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0SABSA Implementation(Part I)_ver1-0
SABSA Implementation(Part I)_ver1-0
Maganathin Veeraragaloo
 
SABSA - TOGAF Integration White Paper
SABSA - TOGAF Integration White PaperSABSA - TOGAF Integration White Paper
SABSA - TOGAF Integration White Paper
SABSAcourses
 
SABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 contextSABSA vs. TOGAF in a RMF NIST 800-30 context
SABSA vs. TOGAF in a RMF NIST 800-30 context
David Sweigert
 
Adaptive Enterprise Security Architecture
Adaptive Enterprise Security ArchitectureAdaptive Enterprise Security Architecture
Adaptive Enterprise Security Architecture
SABSAcourses
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Conceptual security architecture
Conceptual security architectureConceptual security architecture
Conceptual security architecture
MubashirAslam5
 
SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0SABSA Implementation(Part VI)_ver1-0
SABSA Implementation(Part VI)_ver1-0
Maganathin Veeraragaloo
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Priyanka Aash
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Kris Kimmerle
 
SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0
Maganathin Veeraragaloo
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summary
SABSAcourses
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
SABSAcourses
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
SIEM
SIEMSIEM
SIEM
vikasraina
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
Allen Baranov
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0
Maganathin Veeraragaloo
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
narenvivek
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
Priyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NetLockSmith
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0
Maganathin Veeraragaloo
 
" The Invisible Person ... the Security Architect "
" The Invisible Person ... the Security Architect "" The Invisible Person ... the Security Architect "
" The Invisible Person ... the Security Architect "
Bill Ross
 
Top 9 Certifications
Top 9 CertificationsTop 9 Certifications
Top 9 Certifications
Alexandre Pallota
 

More Related Content

What's hot

Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
Seccuris Inc.
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
narenvivek
 

What's hot (20)

Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Information Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your OrganziationInformation Security Architecture: Building Security Into Your Organziation
Information Security Architecture: Building Security Into Your Organziation
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0SABSA Implementation(Part V)_ver1-0
SABSA Implementation(Part V)_ver1-0
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
SABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summarySABSA: Key features, advantages & benefits summary
SABSA: Key features, advantages & benefits summary
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
SIEM
SIEMSIEM
SIEM
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy A Practical Example to Using SABSA Extended Security-in-Depth Strategy
A Practical Example to Using SABSA Extended Security-in-Depth Strategy
 
SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0SABSA Implementation(Part II)_ver1-0
SABSA Implementation(Part II)_ver1-0
 
Modelling Security Architecture
Modelling Security ArchitectureModelling Security Architecture
Modelling Security Architecture
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Enterprise Security Architecture
Enterprise Security ArchitectureEnterprise Security Architecture
Enterprise Security Architecture
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0SABSA Implementation(Part III)_ver1-0
SABSA Implementation(Part III)_ver1-0
 

Viewers also liked

Viewers also liked (19)

" The Invisible Person ... the Security Architect "
" The Invisible Person ... the Security Architect "" The Invisible Person ... the Security Architect "
" The Invisible Person ... the Security Architect "
 
Top 9 Certifications
Top 9 CertificationsTop 9 Certifications
Top 9 Certifications
 
Cloud Computing - ISO/IEC 17788
Cloud Computing - ISO/IEC 17788Cloud Computing - ISO/IEC 17788
Cloud Computing - ISO/IEC 17788
 
Integrating Zachman and TOGAF-ADM
Integrating Zachman and TOGAF-ADMIntegrating Zachman and TOGAF-ADM
Integrating Zachman and TOGAF-ADM
 
What is Elm and Why Should I care?
What is Elm and Why Should I care?What is Elm and Why Should I care?
What is Elm and Why Should I care?
 
Application Security Risk Rating
Application Security Risk RatingApplication Security Risk Rating
Application Security Risk Rating
 
Zachman Framework As Enterprise Architecture Ontology
Zachman Framework As Enterprise Architecture OntologyZachman Framework As Enterprise Architecture Ontology
Zachman Framework As Enterprise Architecture Ontology
 
Cobit from Mars ITIL from Venus - alignment
Cobit from Mars ITIL from Venus - alignmentCobit from Mars ITIL from Venus - alignment
Cobit from Mars ITIL from Venus - alignment
 
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
Comparative Analysis of SOA and Cloud Computing Architectures using Fact Base...
 
Cloud computing architecture and vulnerabilies
Cloud computing architecture and vulnerabiliesCloud computing architecture and vulnerabilies
Cloud computing architecture and vulnerabilies
 
SABSA overview
SABSA overviewSABSA overview
SABSA overview
 
TOGAF 9 Architectural Artifacts
TOGAF 9 Architectural ArtifactsTOGAF 9 Architectural Artifacts
TOGAF 9 Architectural Artifacts
 
NIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference ArchitectureNIST Cloud Computing Reference Architecture
NIST Cloud Computing Reference Architecture
 
Security architecture frameworks
Security architecture frameworksSecurity architecture frameworks
Security architecture frameworks
 
Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!Learn Togaf 9.1 in 100 slides!
Learn Togaf 9.1 in 100 slides!
 
El Filibusterismo - Mga Tauhan
El Filibusterismo - Mga TauhanEl Filibusterismo - Mga Tauhan
El Filibusterismo - Mga Tauhan
 
sadsVideo
sadsVideosadsVideo
sadsVideo
 
Makalah komunikasi
Makalah komunikasiMakalah komunikasi
Makalah komunikasi
 
Investigación acción
Investigación acciónInvestigación acción
Investigación acción
 

Similar to The Future of Security Architecture Certification

Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
DevOps.com
 

Similar to The Future of Security Architecture Certification (20)

Regaining the Defensive Advantage in Cybersecurity
Regaining the Defensive Advantage in CybersecurityRegaining the Defensive Advantage in Cybersecurity
Regaining the Defensive Advantage in Cybersecurity
 
Cloud Security Engineer Skills, Roles Responsibilities Salary Trends.pdf
Cloud Security Engineer Skills, Roles Responsibilities Salary Trends.pdfCloud Security Engineer Skills, Roles Responsibilities Salary Trends.pdf
Cloud Security Engineer Skills, Roles Responsibilities Salary Trends.pdf
 
How to stop dreaming about security and start implementing
How to stop dreaming about security and start implementingHow to stop dreaming about security and start implementing
How to stop dreaming about security and start implementing
 
The Cloud Challenge
The Cloud ChallengeThe Cloud Challenge
The Cloud Challenge
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
 
Are You an Accidental or Intention Software Architect
Are You an Accidental or Intention Software ArchitectAre You an Accidental or Intention Software Architect
Are You an Accidental or Intention Software Architect
 
David Slater G-Cloud Meet Up
David Slater G-Cloud Meet UpDavid Slater G-Cloud Meet Up
David Slater G-Cloud Meet Up
 
Are You an Accidental or Intentional Architect?
Are You an Accidental or Intentional Architect?Are You an Accidental or Intentional Architect?
Are You an Accidental or Intentional Architect?
 
March cybersecurity powerpoint
March cybersecurity powerpointMarch cybersecurity powerpoint
March cybersecurity powerpoint
 
Embedding Security in IT Projects
Embedding Security in IT ProjectsEmbedding Security in IT Projects
Embedding Security in IT Projects
 
Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?Does Anyone Remember Enterprise Security Architecture?
Does Anyone Remember Enterprise Security Architecture?
 
CCSP_Training_Certification_Course_content.pdf
CCSP_Training_Certification_Course_content.pdfCCSP_Training_Certification_Course_content.pdf
CCSP_Training_Certification_Course_content.pdf
 
CCSP_Training_v2_Course_syllabus &content.pdf
CCSP_Training_v2_Course_syllabus &content.pdfCCSP_Training_v2_Course_syllabus &content.pdf
CCSP_Training_v2_Course_syllabus &content.pdf
 
Application of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLCApplication of the Common Criteria to Building Trustworthy Automotive SDLC
Application of the Common Criteria to Building Trustworthy Automotive SDLC
 
When Your CISO Says No - Security & Compliance in Office 365
When Your CISO Says No - Security & Compliance in Office 365When Your CISO Says No - Security & Compliance in Office 365
When Your CISO Says No - Security & Compliance in Office 365
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
CISSP Vs. CISA Which is better for you.pdf
CISSP Vs. CISA Which is better for you.pdfCISSP Vs. CISA Which is better for you.pdf
CISSP Vs. CISA Which is better for you.pdf
 
The Sky Is The Limit (CCC)
The Sky Is The Limit (CCC)The Sky Is The Limit (CCC)
The Sky Is The Limit (CCC)
 
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...
 

Recently uploaded

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
nilamkumrai
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
nirzagarg
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
nirzagarg
 

Recently uploaded (20)

Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls 🎗️ 9352988975 Sizzling | Escorts | G...
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 

The Future of Security Architecture Certification

  • 1. The Future of Security Architecture Certification By Dan Blum, Managing Partner March 18, 2015 1Copyright (c) 2015 Security Architects, LLC
  • 2. About Us • We are a consulting firm dedicated to helping organizations plan, specify and develop security programs, policies and technology solutions. Copyright (c) 2015 Security Architects, LLC 2 About Us Clients Enterprise Security Teams Cloud service providers (CSPs) Other Audiences Areas of Expertise Cloud Security Identity and Privacy Endpoint Security Cyber Security
  • 4. Special Guests Copyright (c) 2015 Security Architects, LLC 4 Guest Organization Framework Bill Ross INFOSECURE, LLC N/A Jim Hietela The Open Group TOGAF Fred Cohen Management Analytics Standard of Practice (SoP) Maurice Smit SABSA SABSA
  • 5. Problem Statement “Would you drive over a Bay Bridge built from an amateur architect's blueprints? What if the architect passed a multiple choice test first - is that good enough?” Society’s answer to these questions is clearly “NO.” Depending on the state, practicing architects need: • University Degrees • Licenses and Certifications • Separation of Duty • Liability 5Copyright (c) 2015 Security Architects, LLC
  • 6. Problem Statement • As the information economy and the Internet of Things (IoT) matures, a Security Architect’s practice becomes more consequence-laden • Industry lacks consensus on exactly what a Security Architect is or should be • One non-attendee challenged this webinar – “I think the basic assumptions of this proposal are not sufficiently defined or developed to the level required for meaningful result.” Copyright (c) 2015 Security Architects, LLC 6
  • 7. Questions to Consider • What is a Security Architect and how does our practice relate to others? • What frameworks should be used for our practice? • Should security architects be certified, and how? • What training or tests should be required? • Should security architects require a specialized Degree? Copyright (c) 2015 Security Architects, LLC 7
  • 8. What is a Security Architect and How does our Practice Relate to Others? Actual Titles • Cyber Security Process Architect • Enterprise (Security) Architecture • Technical Architect (Security) • Chief Security Architect • Security Architecture & Cyber Security Lead • Director/Information Security Architect • Senior Security Architect/Consultant • Senior Technical Advisor/Enterprise Architect • Senior Security Architect • Network Security Architect • Solution Architect • Enterprise Security Architect • Enterprise Security Architect • Managing Architect • Information Security Architect • Information Security Architect Copyright (c) 2015 Security Architects, LLC 8 Types of titles • Process architect (1) • Enterprise security architect (4) • Security architect (9) • Network security architect (1) • Solution architect (1)
  • 9. We’re International Copyright (c) 2015 Security Architects, LLC 9
  • 10. We’re Multi-Faceted Copyright (c) 2015 Security Architects, LLC 10 Source: SABSA White Paper: Enterprise Security Architecture
  • 11. Our Work May be Contained Within Enterprise Architecture Frameworks Copyright (c) 2015 Security Architects, LLC 11 SABSA and Open Group have been working to integrate enterprise security architecture into TOGAF Architecture Development Method (ADM) Source: The Open Group
  • 12. What Frameworks Should be Used for Our Practice? Copyright (c) 2015 Security Architects, LLC 12 Source: SABSA TOGAF Integration White Paper
  • 13. What Frameworks Should be Used for Our Practice? Copyright (c) 2015 Security Architects, LLC 13 Source: http://all.net
  • 14. Should Security Architects be Certified, and How? Copyright (c) 2015 Security Architects, LLC 14 PROS CONS NICE TO HAVES IN CERT / TRAINING PROGRAMS Supports hiring and training efforts Too early, no equivalent of “building” standards Open source materials, low barriers to entry Facilitates compliance Too late, questionable frameworks in place(s), no consensus High standards for qualification, but low barriers for already- qualified experts Works for practice subsets that are mature Standards and mutual recognition of similar certifications Regulatory acknowledge Operate at the enterprise level Audience Supplied Answers
  • 15. What Training or Tests Should be Required? Copyright (c) 2015 Security Architects, LLC 15 Source: ISC2 http://blogs.lt.vt.edu/sequencingscott /2013/12/10/you-have-a-choice/
  • 16. Comparing SABSA and ISC2 Copyright (c) 2015 Security Architects, LLC 16 Source: http://www.slideshare.net/infosecforce/security-architecture-brief
  • 17. Additional Certification Programs Copyright (c) 2015 Security Architects, LLC 17 CREST Registered Technical Security Architect Examination (CRTSA) Examination Format The examination is assessed in both Written Multiple Choice and Written Long Form. Syllabus The syllabus for this examination is available here Practitioner Certificate In Information Assurance Architecture (PCiIAA) Council of Registered Ethical Security Testers What format is the exam? Two hour ‘closed book’ Two sections with 85 multiple choice questions Pass mark is 65%
  • 18. Beyond Multiple Choice Tests • SABSA applies Benjamin Bloom “Taxonomy of Educational Objectives” to measure cognition as well as knowledge – SABSA Chartered Foundation (SCF) Certificate – SABSA Chartered Practitioner (SCP) Certificates • Per architecture domain – SABSA Chartered Master (SCM) Certificates • Master level certification requires a candidate to pass three further test modules, each of 60 minutes duration and consisting of 40 multiple choice questions. In addition Master candidates must demonstrate advanced capabilities through either interview with a panel of experts appointed by SABSA Institute or through submission of an Enterprise Security Architecture dissertation / case study. The test modules required depend upon the chosen career stream most suited to the needs of the Architect and their employer. Copyright (c) 2015 Security Architects, LLC 18
  • 19. Should Security Architects Need a Specialized Degree? Copyright (c) 2015 Security Architects, LLC 19 PROS CONS NICE TO HAVES IN DEGREE PROGRAMS Dramatically improve skills of new architects Too early – no agreement on standards Accredited, tiered and specialized curriculums Fundamentals of security don’t change dramatically Technology changes too fast, degrees get obsolete Work study program Practical experience may be more valuable than degree Code of ethics Life long training Audience Supplied Answers
  • 20. Open Q&A Security Architects, LLC http://security-architects.com info@security-architects.com Copyright (c) 2015 Security Architects, LLC 20

Editor's Notes

  1. Reflecting Multiple “Tribes” of Security Excel cowboy Powerpoint wizard