SlideShare une entreprise Scribd logo

Soa Governance And Security V1.1

Dr. Mehmet Yildiz
Dr. Mehmet Yildiz

This is a presentation for the paper "Governance of Information Security Elements in Service-Oriented Enterprise Architecture" published in the proceedings of 10th International Symposium on Pervasive Systems, Algorithms, and Networks

Technologie
1  sur  14
Télécharger pour lire hors ligne
I-SPAN09 – IASM 10th International Symposium on Pervasive Systems, Algorithms, and Networks Governance of Information Security Elements in Service-Oriented Enterprise Architecture Mr Janne J. Korhonen Dr. Mehmet Yildiz Dr. Juha Mykkänen Department of Computer Science Certified Executive IT Architect HIS R&D Unit and Engineering IBM Australia and New Zealand University of Kuopio Helsinki University of Technology Melbourne, Australia Kuopio, Finland Helsinki, Finland Proposed Abstract: This paper identifies and analyzes governance roles and tasks in SOA security governance at macro level. Drawing from Information Security Management standards and frameworks on one hand and SOA considerations on the other hand, the identified governance elements are mapped to a governance structure that specifies planning and execution aspects at four organizational decision- making levels, resulting in a prescriptive model with practical relevance. This constructive study combines theoretical models and standards with industry experience of the authors. 1
IASM Agenda -Introduction & Background -Methodology -Security governance meta-structure -Conclusion 2
IASM Biography of Authors • Janne J. Korhonen • Researcher at Helsinki University of Technology • Research areas: – Enterprise Architecture and IT Governance • Particular research interest: Agile Governance Model • Dr Juha Mykkänen, post-doctoral researcher • University of Kuopio, Health Information Systems R&D Unit • Research activities: interoperability, standardization, modelling, service-oriented architectures, application integration, enterprise architecture • projects developing and applying SOA and integration approaches • Dr. Mehmet Yildiz, Enterprise Architect, IBM • Resarch interests: enterprise architecture, service oriented arthitecture, cloud computing, self healing systems, social computing 3
IASM Background on EA and SOA in Dynamic Enterprise S A O EA ESB 4
IASM SOA Vendors for New Systematic Applications Gartner’s Magic Quadrant for Application Infrastructure for New Systematic SOA Application Projects There are many vendors investing on SOA Application Projects. Leveraging their experience is important 5 Ref: Gartner’s Magic Quadrant for New Systematic Applications
IASM Evaluation of Current Architecture Frameworks None of the assessed frameworks fully meets the major criteria in the Regensburg study. Hence use of combination of frameworks is suggested. 6 Ref: Susanne Leist and Gregor Zellner University of Regensburg, Institute of Information Management, Germany
IASM Key SOA Concepts … a service? … service orientation? A way of integrating your A repeatable business business as linked Composable services task – e.g., check customer credit; open and the outcomes that new account they bring Interoperable SOA SOA Re-Usable Loosely … service oriented Coupled … a composite architecture (SOA)? application? An IT architectural style A set of related & that supports integrated services that service orientation support a business process built on an SOA 7
IASM A SOA Reference Architecture Sample Enterprise Architecture Ref Architecture for Ref Architecture for a Service Areas Ref Architecture for a Program Single Project 8 Ref: IBM and Open Group
IASM Concerns at Layer 7 - QoS 1.Increased virtualization 2.Loose coupling 3.Widespread use of XML 4.The composition of federated services 5.Heterogeneous computing infrastructures 6.Decentralized SLAs 7.The need to aggregate IT QoS metrics to produce business metrics 9 Ref: IBM and Open Group SOA Reference Architecture
IASM Typical Security Architecture for an Enterprise Externally Highly Controlled Secure Zone External Business Zone External Internal Zone Uncontrolled Demilitarized Zone Special Domain 10
IASM SOA Security Reference Model by IBM 11 Ref: IBM SOA Security Red Book, Dr. Paul Ashley et al
IASM Strategic Strategy Tactical Macro Design Real-Time Operational Build / Micro Design Construct Run / Operate Design, Planning and Support Development and Execution 12
IASM Security Policy Strategic Organizational Security Compliance Tactical Asset Classification and Control Real-Time Operational Personnel Security Access Control Business Continuity Management System Development and Communications Maintenance and Operations Management Physical and Environmental Security Design, Planning and Support Development and Execution 13
IASM Conclusion of paper - Agile Governance Model promotes clarity in the role definition and requirements management related to the key security elements in enterprise architecture and SOAs. - The governance model, combined with suitable industry standards such as SOGP or ISO/IEC 17799 can be applied to the definition of roles and responsibilities of security governance activities in complex enterprise systems. - Specifically, it helps in positioning the security activities at the right organizational levels and at each level on either the planning or execution side so that all security requirements will be addressed adequately throughout the enterprise. 14

Recommandé

Ajay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesAjay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesGlobal Business Events
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1pk4
 
Expanding mission critical ci
Expanding mission critical ciExpanding mission critical ci
Expanding mission critical ciHP ESSN Philippines
 
Hybrid Cloud, BigData and Consumerization The 2012 Trends
Hybrid Cloud, BigData and Consumerization The 2012 TrendsHybrid Cloud, BigData and Consumerization The 2012 Trends
Hybrid Cloud, BigData and Consumerization The 2012 TrendsSoftware Park Thailand
 
TechBlue / Dux Diligens webinar - Business Value Analysis - Enterprise Archit...
TechBlue / Dux Diligens webinar - Business Value Analysis - Enterprise Archit...TechBlue / Dux Diligens webinar - Business Value Analysis - Enterprise Archit...
TechBlue / Dux Diligens webinar - Business Value Analysis - Enterprise Archit...Claye Greene
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalSOA Symposium
 
Service Oriented Enterprise Architecture and Service Oriented Enterprise
Service Oriented Enterprise Architecture and Service Oriented EnterpriseService Oriented Enterprise Architecture and Service Oriented Enterprise
Service Oriented Enterprise Architecture and Service Oriented EnterpriseYan Zhao
 
Rubik Solutions - Open Integration Portal
Rubik Solutions - Open Integration PortalRubik Solutions - Open Integration Portal
Rubik Solutions - Open Integration Portalviviankap
 

Recommandé

Ajay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesAjay dhir - The new CIO leader: Managing in challenging times
Ajay dhir - The new CIO leader: Managing in challenging timesGlobal Business Events
 
Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1Ea Relationship To Security And The Enterprise V1
Ea Relationship To Security And The Enterprise V1pk4
 
Expanding mission critical ci
Expanding mission critical ciExpanding mission critical ci
Expanding mission critical ciHP ESSN Philippines
 
Hybrid Cloud, BigData and Consumerization The 2012 Trends
Hybrid Cloud, BigData and Consumerization The 2012 TrendsHybrid Cloud, BigData and Consumerization The 2012 Trends
Hybrid Cloud, BigData and Consumerization The 2012 TrendsSoftware Park Thailand
 
TechBlue / Dux Diligens webinar - Business Value Analysis - Enterprise Archit...
TechBlue / Dux Diligens webinar - Business Value Analysis - Enterprise Archit...TechBlue / Dux Diligens webinar - Business Value Analysis - Enterprise Archit...
TechBlue / Dux Diligens webinar - Business Value Analysis - Enterprise Archit...Claye Greene
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalSOA Symposium
 
Service Oriented Enterprise Architecture and Service Oriented Enterprise
Service Oriented Enterprise Architecture and Service Oriented EnterpriseService Oriented Enterprise Architecture and Service Oriented Enterprise
Service Oriented Enterprise Architecture and Service Oriented EnterpriseYan Zhao
 
Rubik Solutions - Open Integration Portal
Rubik Solutions - Open Integration PortalRubik Solutions - Open Integration Portal
Rubik Solutions - Open Integration Portalviviankap
 
Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureSOA Symposium
 
Value Reference Model - Enterprise Architecture
Value Reference Model - Enterprise ArchitectureValue Reference Model - Enterprise Architecture
Value Reference Model - Enterprise ArchitectureArnaldo Colombo
 
Service Oriented Enterprise Architecture
Service Oriented Enterprise ArchitectureService Oriented Enterprise Architecture
Service Oriented Enterprise ArchitectureYan Zhao
 
Rubik Open Integration Portal
Rubik Open Integration PortalRubik Open Integration Portal
Rubik Open Integration PortalMarcelSteeg
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsSOA Symposium
 
Rubik Open Integration Portal
Rubik Open Integration PortalRubik Open Integration Portal
Rubik Open Integration Portalbob_ark
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsSOA Symposium
 
ITIL and IT Security Architecture
ITIL and IT Security ArchitectureITIL and IT Security Architecture
ITIL and IT Security ArchitectureLeo de Sousa
 
Integrate IT Strategic Planning with Performance Measurement
Integrate IT Strategic Planning with Performance MeasurementIntegrate IT Strategic Planning with Performance Measurement
Integrate IT Strategic Planning with Performance MeasurementYan Zhao
 
Enterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or CompetitorsEnterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or CompetitorsMia Horrigan
 
E biz blueprint
E biz blueprintE biz blueprint
E biz blueprintRudy Syafrudin Lubis
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Chris Madrid Master Data Management
Chris Madrid Master Data ManagementChris Madrid Master Data Management
Chris Madrid Master Data ManagementSOA Symposium
 
Inter-Enterprise Architecture
Inter-Enterprise ArchitectureInter-Enterprise Architecture
Inter-Enterprise ArchitectureYan Zhao
 
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShield
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShieldModel Runway, Part 3 Design Best Practices at Blue Cross BlueShield
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShieldRoger Snook
 
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...Dave Healey
 
IPM_E_3.2.12
IPM_E_3.2.12IPM_E_3.2.12
IPM_E_3.2.12Hemant_Kumar_Setya
 
IRM_E_13.03.2012
IRM_E_13.03.2012IRM_E_13.03.2012
IRM_E_13.03.2012Hemant_Kumar_Setya
 
Model Runway Part 2 Design Best Practices at Blue Cross BlueShield
Model Runway Part 2 Design Best Practices at Blue Cross BlueShieldModel Runway Part 2 Design Best Practices at Blue Cross BlueShield
Model Runway Part 2 Design Best Practices at Blue Cross BlueShieldRoger Snook
 
Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises
Innovative Marriage of Security and Performance in SOA Based Dynamic EnterprisesInnovative Marriage of Security and Performance in SOA Based Dynamic Enterprises
Innovative Marriage of Security and Performance in SOA Based Dynamic EnterprisesDr. Mehmet Yildiz
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Enterprise Architecture J.P Morgan Chase
Enterprise Architecture J.P Morgan ChaseEnterprise Architecture J.P Morgan Chase
Enterprise Architecture J.P Morgan ChaseHampus Ahlqvist
 

Contenu connexe

Tendances

Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureSOA Symposium
 
Value Reference Model - Enterprise Architecture
Value Reference Model - Enterprise ArchitectureValue Reference Model - Enterprise Architecture
Value Reference Model - Enterprise ArchitectureArnaldo Colombo
 
Service Oriented Enterprise Architecture
Service Oriented Enterprise ArchitectureService Oriented Enterprise Architecture
Service Oriented Enterprise ArchitectureYan Zhao
 
Rubik Open Integration Portal
Rubik Open Integration PortalRubik Open Integration Portal
Rubik Open Integration PortalMarcelSteeg
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsSOA Symposium
 
Rubik Open Integration Portal
Rubik Open Integration PortalRubik Open Integration Portal
Rubik Open Integration Portalbob_ark
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsSOA Symposium
 
ITIL and IT Security Architecture
ITIL and IT Security ArchitectureITIL and IT Security Architecture
ITIL and IT Security ArchitectureLeo de Sousa
 
Integrate IT Strategic Planning with Performance Measurement
Integrate IT Strategic Planning with Performance MeasurementIntegrate IT Strategic Planning with Performance Measurement
Integrate IT Strategic Planning with Performance MeasurementYan Zhao
 
Enterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or CompetitorsEnterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or CompetitorsMia Horrigan
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Chris Madrid Master Data Management
Chris Madrid Master Data ManagementChris Madrid Master Data Management
Chris Madrid Master Data ManagementSOA Symposium
 
Inter-Enterprise Architecture
Inter-Enterprise ArchitectureInter-Enterprise Architecture
Inter-Enterprise ArchitectureYan Zhao
 
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShield
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShieldModel Runway, Part 3 Design Best Practices at Blue Cross BlueShield
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShieldRoger Snook
 
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...Dave Healey
 
Model Runway Part 2 Design Best Practices at Blue Cross BlueShield
Model Runway Part 2 Design Best Practices at Blue Cross BlueShieldModel Runway Part 2 Design Best Practices at Blue Cross BlueShield
Model Runway Part 2 Design Best Practices at Blue Cross BlueShieldRoger Snook
 

Tendances (19)

Anthony Carrato S O A Business Architecture
Anthony Carrato S O A Business ArchitectureAnthony Carrato S O A Business Architecture
Anthony Carrato S O A Business Architecture
 
Value Reference Model - Enterprise Architecture
Value Reference Model - Enterprise ArchitectureValue Reference Model - Enterprise Architecture
Value Reference Model - Enterprise Architecture
 
Service Oriented Enterprise Architecture
Service Oriented Enterprise ArchitectureService Oriented Enterprise Architecture
Service Oriented Enterprise Architecture
 
Rubik Open Integration Portal
Rubik Open Integration PortalRubik Open Integration Portal
Rubik Open Integration Portal
 
Radovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A PitfallsRadovan Janecek Avoiding S O A Pitfalls
Radovan Janecek Avoiding S O A Pitfalls
 
Rubik Open Integration Portal
Rubik Open Integration PortalRubik Open Integration Portal
Rubik Open Integration Portal
 
Thomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design PatternsThomas Erl Introducing S O A Design Patterns
Thomas Erl Introducing S O A Design Patterns
 
ITIL and IT Security Architecture
ITIL and IT Security ArchitectureITIL and IT Security Architecture
ITIL and IT Security Architecture
 
Integrate IT Strategic Planning with Performance Measurement
Integrate IT Strategic Planning with Performance MeasurementIntegrate IT Strategic Planning with Performance Measurement
Integrate IT Strategic Planning with Performance Measurement
 
Enterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or CompetitorsEnterprise Analysts And Business Analysts Companions Or Competitors
Enterprise Analysts And Business Analysts Companions Or Competitors
 
E biz blueprint
E biz blueprintE biz blueprint
E biz blueprint
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Chris Madrid Master Data Management
Chris Madrid Master Data ManagementChris Madrid Master Data Management
Chris Madrid Master Data Management
 
Inter-Enterprise Architecture
Inter-Enterprise ArchitectureInter-Enterprise Architecture
Inter-Enterprise Architecture
 
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShield
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShieldModel Runway, Part 3 Design Best Practices at Blue Cross BlueShield
Model Runway, Part 3 Design Best Practices at Blue Cross BlueShield
 
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...
Enterprise Content Management and Microsoft Office SharePoint Server 2007 - U...
 
IPM_E_3.2.12
IPM_E_3.2.12IPM_E_3.2.12
IPM_E_3.2.12
 
IRM_E_13.03.2012
IRM_E_13.03.2012IRM_E_13.03.2012
IRM_E_13.03.2012
 
Model Runway Part 2 Design Best Practices at Blue Cross BlueShield
Model Runway Part 2 Design Best Practices at Blue Cross BlueShieldModel Runway Part 2 Design Best Practices at Blue Cross BlueShield
Model Runway Part 2 Design Best Practices at Blue Cross BlueShield
 

Similaire à Soa Governance And Security V1.1

Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises
Innovative Marriage of Security and Performance in SOA Based Dynamic EnterprisesInnovative Marriage of Security and Performance in SOA Based Dynamic Enterprises
Innovative Marriage of Security and Performance in SOA Based Dynamic EnterprisesDr. Mehmet Yildiz
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditBob Rhubart
 
Enterprise Architecture J.P Morgan Chase
Enterprise Architecture J.P Morgan ChaseEnterprise Architecture J.P Morgan Chase
Enterprise Architecture J.P Morgan ChaseHampus Ahlqvist
 
Developer and Fusion Middleware 2 _Alex Peattie _ An introduction to Oracle S...
Developer and Fusion Middleware 2 _Alex Peattie _ An introduction to Oracle S...Developer and Fusion Middleware 2 _Alex Peattie _ An introduction to Oracle S...
Developer and Fusion Middleware 2 _Alex Peattie _ An introduction to Oracle S...InSync2011
 
Cogent Company Overview.11292009
Cogent Company Overview.11292009Cogent Company Overview.11292009
Cogent Company Overview.11292009Marc Hoppers
 
Cloud Computing and SOA from Enterprise Perspective
Cloud Computing and SOA from Enterprise PerspectiveCloud Computing and SOA from Enterprise Perspective
Cloud Computing and SOA from Enterprise PerspectiveYan Zhao
 
Developing An SOA Strategy V1
Developing An SOA Strategy V1Developing An SOA Strategy V1
Developing An SOA Strategy V1Salim Sheikh
 
Global forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobal forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobalForum
 
Executive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational EfficiencyExecutive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational Efficiencysean.mcclowry
 
Implementing Applications with SOA and Application Integration Architecture
Implementing Applications with SOA and Application Integration ArchitectureImplementing Applications with SOA and Application Integration Architecture
Implementing Applications with SOA and Application Integration ArchitectureBob Rhubart
 
Architecture And Engineering
Architecture And EngineeringArchitecture And Engineering
Architecture And Engineeringemeyman
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Sandro Pereira
 
Timelytrendsin appdelivery
Timelytrendsin appdeliveryTimelytrendsin appdelivery
Timelytrendsin appdeliveryKelly Emo
 
Service Oriented Approach to Application Modernization sept 2010
Service Oriented Approach to Application Modernization sept 2010Service Oriented Approach to Application Modernization sept 2010
Service Oriented Approach to Application Modernization sept 2010davemayo
 
Collaborative Lifecycle Managmenent - an Introduction
Collaborative Lifecycle Managmenent - an IntroductionCollaborative Lifecycle Managmenent - an Introduction
Collaborative Lifecycle Managmenent - an IntroductionStrongback Consulting
 
Application Lifecycle Management & VSTS
Application Lifecycle Management & VSTSApplication Lifecycle Management & VSTS
Application Lifecycle Management & VSTSMicrosoft Iceland
 
Getronics - Governance and the Cloud
Getronics - Governance and the CloudGetronics - Governance and the Cloud
Getronics - Governance and the CloudMaurice Remmé
 
Pariveda ECM Patterns for Large Enterprises - chicago
Pariveda ECM Patterns for Large Enterprises - chicagoPariveda ECM Patterns for Large Enterprises - chicago
Pariveda ECM Patterns for Large Enterprises - chicagomsteinbergtx
 

Similaire à Soa Governance And Security V1.1 (20)

Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises
Innovative Marriage of Security and Performance in SOA Based Dynamic EnterprisesInnovative Marriage of Security and Performance in SOA Based Dynamic Enterprises
Innovative Marriage of Security and Performance in SOA Based Dynamic Enterprises
 
Enterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to auditEnterprise Security Architecture: From access to audit
Enterprise Security Architecture: From access to audit
 
Enterprise Architecture J.P Morgan Chase
Enterprise Architecture J.P Morgan ChaseEnterprise Architecture J.P Morgan Chase
Enterprise Architecture J.P Morgan Chase
 
Developer and Fusion Middleware 2 _Alex Peattie _ An introduction to Oracle S...
Developer and Fusion Middleware 2 _Alex Peattie _ An introduction to Oracle S...Developer and Fusion Middleware 2 _Alex Peattie _ An introduction to Oracle S...
Developer and Fusion Middleware 2 _Alex Peattie _ An introduction to Oracle S...
 
Cogent Company Overview.11292009
Cogent Company Overview.11292009Cogent Company Overview.11292009
Cogent Company Overview.11292009
 
Cloud Computing and SOA from Enterprise Perspective
Cloud Computing and SOA from Enterprise PerspectiveCloud Computing and SOA from Enterprise Perspective
Cloud Computing and SOA from Enterprise Perspective
 
Developing An SOA Strategy V1
Developing An SOA Strategy V1Developing An SOA Strategy V1
Developing An SOA Strategy V1
 
Pulse Executive Panel
Pulse Executive PanelPulse Executive Panel
Pulse Executive Panel
 
Global forum 2012: Gaetano Santucci
Global forum 2012: Gaetano SantucciGlobal forum 2012: Gaetano Santucci
Global forum 2012: Gaetano Santucci
 
Executive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational EfficiencyExecutive Overview Using Soa To Improve Operational Efficiency
Executive Overview Using Soa To Improve Operational Efficiency
 
Implementing Applications with SOA and Application Integration Architecture
Implementing Applications with SOA and Application Integration ArchitectureImplementing Applications with SOA and Application Integration Architecture
Implementing Applications with SOA and Application Integration Architecture
 
Architecture And Engineering
Architecture And EngineeringArchitecture And Engineering
Architecture And Engineering
 
Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm Concepts integrationandbiztalksoa andbpm
Concepts integrationandbiztalksoa andbpm
 
Keynote Day 1 2009
Keynote Day 1 2009Keynote Day 1 2009
Keynote Day 1 2009
 
Timelytrendsin appdelivery
Timelytrendsin appdeliveryTimelytrendsin appdelivery
Timelytrendsin appdelivery
 
Service Oriented Approach to Application Modernization sept 2010
Service Oriented Approach to Application Modernization sept 2010Service Oriented Approach to Application Modernization sept 2010
Service Oriented Approach to Application Modernization sept 2010
 
Collaborative Lifecycle Managmenent - an Introduction
Collaborative Lifecycle Managmenent - an IntroductionCollaborative Lifecycle Managmenent - an Introduction
Collaborative Lifecycle Managmenent - an Introduction
 
Application Lifecycle Management & VSTS
Application Lifecycle Management & VSTSApplication Lifecycle Management & VSTS
Application Lifecycle Management & VSTS
 
Getronics - Governance and the Cloud
Getronics - Governance and the CloudGetronics - Governance and the Cloud
Getronics - Governance and the Cloud
 
Pariveda ECM Patterns for Large Enterprises - chicago
Pariveda ECM Patterns for Large Enterprises - chicagoPariveda ECM Patterns for Large Enterprises - chicago
Pariveda ECM Patterns for Large Enterprises - chicago
 

Dernier

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Dernier (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

Soa Governance And Security V1.1

  • 1. I-SPAN09 – IASM 10th International Symposium on Pervasive Systems, Algorithms, and Networks Governance of Information Security Elements in Service-Oriented Enterprise Architecture Mr Janne J. Korhonen Dr. Mehmet Yildiz Dr. Juha Mykkänen Department of Computer Science Certified Executive IT Architect HIS R&D Unit and Engineering IBM Australia and New Zealand University of Kuopio Helsinki University of Technology Melbourne, Australia Kuopio, Finland Helsinki, Finland Proposed Abstract: This paper identifies and analyzes governance roles and tasks in SOA security governance at macro level. Drawing from Information Security Management standards and frameworks on one hand and SOA considerations on the other hand, the identified governance elements are mapped to a governance structure that specifies planning and execution aspects at four organizational decision- making levels, resulting in a prescriptive model with practical relevance. This constructive study combines theoretical models and standards with industry experience of the authors. 1
  • 2. IASM Agenda -Introduction & Background -Methodology -Security governance meta-structure -Conclusion 2
  • 3. IASM Biography of Authors • Janne J. Korhonen • Researcher at Helsinki University of Technology • Research areas: – Enterprise Architecture and IT Governance • Particular research interest: Agile Governance Model • Dr Juha Mykkänen, post-doctoral researcher • University of Kuopio, Health Information Systems R&D Unit • Research activities: interoperability, standardization, modelling, service-oriented architectures, application integration, enterprise architecture • projects developing and applying SOA and integration approaches • Dr. Mehmet Yildiz, Enterprise Architect, IBM • Resarch interests: enterprise architecture, service oriented arthitecture, cloud computing, self healing systems, social computing 3
  • 4. IASM Background on EA and SOA in Dynamic Enterprise S A O EA ESB 4
  • 5. IASM SOA Vendors for New Systematic Applications Gartner’s Magic Quadrant for Application Infrastructure for New Systematic SOA Application Projects There are many vendors investing on SOA Application Projects. Leveraging their experience is important 5 Ref: Gartner’s Magic Quadrant for New Systematic Applications
  • 6. IASM Evaluation of Current Architecture Frameworks None of the assessed frameworks fully meets the major criteria in the Regensburg study. Hence use of combination of frameworks is suggested. 6 Ref: Susanne Leist and Gregor Zellner University of Regensburg, Institute of Information Management, Germany
  • 7. IASM Key SOA Concepts … a service? … service orientation? A way of integrating your A repeatable business business as linked Composable services task – e.g., check customer credit; open and the outcomes that new account they bring Interoperable SOA SOA Re-Usable Loosely … service oriented Coupled … a composite architecture (SOA)? application? An IT architectural style A set of related & that supports integrated services that service orientation support a business process built on an SOA 7
  • 8. IASM A SOA Reference Architecture Sample Enterprise Architecture Ref Architecture for Ref Architecture for a Service Areas Ref Architecture for a Program Single Project 8 Ref: IBM and Open Group
  • 9. IASM Concerns at Layer 7 - QoS 1.Increased virtualization 2.Loose coupling 3.Widespread use of XML 4.The composition of federated services 5.Heterogeneous computing infrastructures 6.Decentralized SLAs 7.The need to aggregate IT QoS metrics to produce business metrics 9 Ref: IBM and Open Group SOA Reference Architecture
  • 10. IASM Typical Security Architecture for an Enterprise Externally Highly Controlled Secure Zone External Business Zone External Internal Zone Uncontrolled Demilitarized Zone Special Domain 10
  • 11. IASM SOA Security Reference Model by IBM 11 Ref: IBM SOA Security Red Book, Dr. Paul Ashley et al
  • 12. IASM Strategic Strategy Tactical Macro Design Real-Time Operational Build / Micro Design Construct Run / Operate Design, Planning and Support Development and Execution 12
  • 13. IASM Security Policy Strategic Organizational Security Compliance Tactical Asset Classification and Control Real-Time Operational Personnel Security Access Control Business Continuity Management System Development and Communications Maintenance and Operations Management Physical and Environmental Security Design, Planning and Support Development and Execution 13
  • 14. IASM Conclusion of paper - Agile Governance Model promotes clarity in the role definition and requirements management related to the key security elements in enterprise architecture and SOAs. - The governance model, combined with suitable industry standards such as SOGP or ISO/IEC 17799 can be applied to the definition of roles and responsibilities of security governance activities in complex enterprise systems. - Specifically, it helps in positioning the security activities at the right organizational levels and at each level on either the planning or execution side so that all security requirements will be addressed adequately throughout the enterprise. 14