Information Systems Security Engineering (ISSE) Process: • Discover Information Protection Needs; ascertain the system's purpose. • Identify information asset needs protection. • Define System Security Requirements; Define requirements based on the protection needs. • Design System Security Architecture; Design system architecture to meet security requirements. • Develop Detailed Security Design; Based on security architecture, design security functions, and features of the system. • Implement System Security; Implement designed security functions and features into the system. • Assess Security Effectiveness; Assess the effectiveness of ISSE activities.
Enterprise Security Architecture (ESA): • Presents a long-term, strategic view of the system • Unifies security controls • Leverages existing technology investments
Data Center Site Infrastructure Tier Standard Topology: Four-tiered architecture, each progressively more secure, reliable, and redundant: Tier 1: Basic data center site infrastructure (basic protection) Tier 2: Redundant site infrastructure capacity components Tier 3: Concurrently maintainable site infrastructure Tier 4: Fault-tolerant site infrastructure (life-dependent applications and services)