Security Framework

A wanted to define an overarching security framework to encapsulate all the core elements that needed to be considered as part of ‘Security’.   This forms a starting point to delve into specific areas which I’ve bulleted to delve deeper.

security

Identity & Access Management

  • Authentication
  • Authorisation
  • User groups, role, and permission management
  • Directory Services
  • Single Sign On (SSO) and Federation

Network & Infrastructure

  • DMZ, firewalls, and reverse Proxies
  • Intrusion and virus detection
  • Server hardening
  • Physical security

Compliance

  • Security policies (PCI, PII, privacy, cookie laws,)
  • ISO27001
  • Security Review and Risk Assessment
  • Penetration Testing
  • Audit & Logging
  • Monitoring & reporting

Data & Information 

  • Encryption & hashing
  • Transmission
  • Storage
  • Protocols
  • Archiving