Open Security Architecture Thu, 08 Dec 2016 00:01:59 +0000 Joomla! - Open Source Content Management en-gb Open Security Architecture

The OSA vision:

"OSA distills the know-how of the security architecture community and provides readily usable patterns for your application. OSA shall be a free framework that is developed and owned by the community.

OSA is licensed in accordance with Creative Commons Share-alike. We believe that Open Source principles result in more secure systems, and want the computing architectures that we depend on for our daily lives to be as secure and reliable as possible



]]> (Spinoza) Foundations Sun, 02 Dec 2007 01:00:43 +0000

Current release 12_02

The figure below shows the high level goals we have for the 13-14 releases. Think we should be more ambitious? We welcome your comments. If you register we'll notify you when new patterns are published

We aim for a major release on a yearly basis to allow time for new patterns to be developed and stabilize. The constant focus will be on extending pattern coverage as we believe this is the core value OSA provides. However we hope to find time to put together a decent threat catalogue, extend the control catalog with tests and mappings to common standards, and develop a solid frameworks so you can easily use in your environment.

Please find details for the specific releases we have planned in the list below. The naming convention is Year_Month.

Release 08_02_Alpha

  • Basic pattern modules completed and loaded to site.
  • Definitions for common terms.
  • Explanation for OSA.
  • Site infrastructure and content management system in place.
  • 2-5 common patterns completed for representative industries (patterns should include implementation guidance for that industry).

Release 08_02 Beta 1

  • Embedded hyperlinks in SVG patterns back to controls catalogue.
  • Discussion forum
  • OSA user personas described including the benefits that they perceive.
  • Confirm roles for actors- base upon standard e.g. ITIL.
  • Tutorial on how to write a pattern
  • Improved site based on feedback.

Release 08_02

  • Initial threat catalog. (considered but rescheduled to 09)
  • Initial patterns refined and quality assured.
  • Tests added to catalog. (considered but rescheduled to 09)

Release 09

  • Control catalog mapped against other standards e.g. ISO 17799, ISF SOGP, COBIT
  • Initial threat catalog (rescheduled pending demand for this artefact)
  • Increased number of patterns covering financial, manufacturing, pharmaceutical, IT verticals.
  • Comment module installed and tested (rejected)
  • Confirm life cycle to set context for OSA, e.g. SDLC, ITIL, COBIT.

Release 10/11

  • Consider addition of jurisdiction mappings e.g. FSA, SB1386, Privacy laws etc...
  • Increased number of patterns covering financial, manufacturing, pharmaceutical, IT verticals.
  • Additional foundation articles on security basics such as authentication, authorisation, encryption, monitoring, coding, testing...
  • How to use guide plus templates for standard security architecture artifacts (so you can quickly use OSA in your work).
  • Risk based checklists for common scenarios
  • Collaborative working infrastructure for community defined and possibly implemented.

]]> (Spinoza) Community Fri, 28 Dec 2007 15:11:46 +0000
IT Architecture

Before we head off into definitions and categorization, lets just ask the question of all questions..."Why does anyone need an IT Architecture?"

Luckily the answer is simple: you need to invest into abstract descriptions of your system because certain qualities do not just arise when you put one functional component next to the other. Architecture tries to achieve sustainability, dependability, scalability, performance, which are many of the things you do not get right the first time you design a system!

]]> (Aurelius) Definitions Thu, 03 Jan 2008 19:02:21 +0000