| Summary: | Maintaining, updating, and modifying such a system based on changing enterprise needs and advancing technology is even more challenging. Decisions and informal rules that were made and enacted in the initial build are often lost, forgotten, or ignored when changes are needed. When the original system designers have moved on, the system is entrusted to an administrator who understands how the system works but not why it was designed to work that way. Without this higher-level understanding, the secure system devolves into a collection of loosely integrated partial solutions with security vulnerabilities at the seams and edges. This work presents a method of documenting the design logic of a secure enterprise information system, from basic principles to implementable requirements. Important design decisions are captured, along with the logic supporting them. Before changes to the system are made, an assessment is made against the core design decisions to ensure the original security goals are maintained. This provides clarity to the system owner and administrators to help guide future changes, and it provides a way to convey security goals to product vendors in a structured and logical way, which can help to reduce the back-and-forth arguing over whether a product meets security requirements. The Enterprise Level Security (ELS) architecture is used as an example of the application of this method to a real-world security system
|
|---|