<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
		<id>https://www.enterprisearchitecture.management/index.php?action=history&amp;feed=atom&amp;title=LEAD_Reference_Content%3AThe_Three_Pillars_of_Information_Security</id>
		<title>LEAD Reference Content:The Three Pillars of Information Security - Revision history</title>
		<link rel="self" type="application/atom+xml" href="https://www.enterprisearchitecture.management/index.php?action=history&amp;feed=atom&amp;title=LEAD_Reference_Content%3AThe_Three_Pillars_of_Information_Security"/>
		<link rel="alternate" type="text/html" href="https://www.enterprisearchitecture.management/index.php?title=LEAD_Reference_Content:The_Three_Pillars_of_Information_Security&amp;action=history"/>
		<updated>2026-07-02T13:35:08Z</updated>
		<subtitle>Revision history for this page on the wiki</subtitle>
		<generator>MediaWiki 1.24.2</generator>

	<entry>
		<id>https://www.enterprisearchitecture.management/index.php?title=LEAD_Reference_Content:The_Three_Pillars_of_Information_Security&amp;diff=6363&amp;oldid=prev</id>
		<title>Admin at 12:25, 25 January 2017</title>
		<link rel="alternate" type="text/html" href="https://www.enterprisearchitecture.management/index.php?title=LEAD_Reference_Content:The_Three_Pillars_of_Information_Security&amp;diff=6363&amp;oldid=prev"/>
				<updated>2017-01-25T12:25:25Z</updated>
		
		<summary type="html">&lt;p&gt;&lt;/p&gt;
&lt;table class='diff diff-contentalign-left'&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;col class='diff-marker' /&gt;
				&lt;col class='diff-content' /&gt;
				&lt;tr style='vertical-align: top;'&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;← Older revision&lt;/td&gt;
				&lt;td colspan='2' style=&quot;background-color: white; color:black; text-align: center;&quot;&gt;Revision as of 12:25, 25 January 2017&lt;/td&gt;
				&lt;/tr&gt;&lt;tr&gt;&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 44:&lt;/td&gt;
&lt;td colspan=&quot;2&quot; class=&quot;diff-lineno&quot;&gt;Line 44:&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;[[Category: Information Architecture]]&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;[[Category: Information Architecture]]&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;[[Category: Regulation]]&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;[[Category: Regulation]]&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td colspan=&quot;2&quot;&gt;&amp;#160;&lt;/td&gt;&lt;td class='diff-marker'&gt;+&lt;/td&gt;&lt;td style=&quot;color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;&lt;ins style=&quot;font-weight: bold; text-decoration: none;&quot;&gt;[[Category: Services]]&lt;/ins&gt;&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;tr&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;[[Category: System Architecture]]&lt;/div&gt;&lt;/td&gt;&lt;td class='diff-marker'&gt;&amp;#160;&lt;/td&gt;&lt;td style=&quot;background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;&quot;&gt;&lt;div&gt;[[Category: System Architecture]]&lt;/div&gt;&lt;/td&gt;&lt;/tr&gt;
&lt;/table&gt;</summary>
		<author><name>Admin</name></author>	</entry>

	<entry>
		<id>https://www.enterprisearchitecture.management/index.php?title=LEAD_Reference_Content:The_Three_Pillars_of_Information_Security&amp;diff=6353&amp;oldid=prev</id>
		<title>Admin: Created page with &quot;{{DISPLAYTITLE: The Three Pillars of Information Security}} == Business Security Services == '''Compliance &amp; Reporting Services:''' Measure the performance of the business and...&quot;</title>
		<link rel="alternate" type="text/html" href="https://www.enterprisearchitecture.management/index.php?title=LEAD_Reference_Content:The_Three_Pillars_of_Information_Security&amp;diff=6353&amp;oldid=prev"/>
				<updated>2017-01-25T10:57:06Z</updated>
		
		<summary type="html">&lt;p&gt;Created page with &amp;quot;{{DISPLAYTITLE: The Three Pillars of Information Security}} == Business Security Services == &amp;#039;&amp;#039;&amp;#039;Compliance &amp;amp; Reporting Services:&amp;#039;&amp;#039;&amp;#039; Measure the performance of the business and...&amp;quot;&lt;/p&gt;
&lt;p&gt;&lt;b&gt;New page&lt;/b&gt;&lt;/p&gt;&lt;div&gt;{{DISPLAYTITLE: The Three Pillars of Information Security}}&lt;br /&gt;
== Business Security Services ==&lt;br /&gt;
'''Compliance &amp;amp; Reporting Services:''' Measure the performance of the business and IT systems against the metrics established by the business. This uses audited and other information regarding overall system activity to compare actual system behaviors against expected system behavior.&lt;br /&gt;
&lt;br /&gt;
'''Identity &amp;amp; Access Services:''' Manage the creation and deletion of user identities across the enterprise. Often, they also ensure self-management of that identity after it is created.&lt;br /&gt;
&lt;br /&gt;
'''Data Protection, Privacy, and Disclosure Control Services:''' Deal with the protection of data across all five domains. The control points of these services are areas such as publishing a privacy policy, managing user consent to these policies, capturing user preferences around how to be contacted, and reporting on who has accessed what information.&lt;br /&gt;
&lt;br /&gt;
'''Trust Management Services:''' Manage the identification of trusted relationships between various differing entities within a business; for example, relationships among user ID’s, security domains, or different applications. A set of well managed business rules is defined that permits the related entities to transfer information and do business together.&lt;br /&gt;
&lt;br /&gt;
'''Non-Repudiation Services:''' Ensure that any two parties involved in a transfer of data between each other cannot falsely deny that the communication has taken place. Note that it does not protect the data itself but does ensure that the two parties involved have received and sent the data and cannot refute this claim.&lt;br /&gt;
&lt;br /&gt;
'''Secure Systems &amp;amp; Network Services:''' Cover areas such as intrusion detection, operating system security, malware detection, and patch management processes.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== IT Security Services ==&lt;br /&gt;
'''Identity Services:''' Usually, Identity Services must be able to manage the core function associated with storing and managing information around organizational entities, such as user, a role or user groups. This information is stored in some form of repository such as an LDAP directory. There might be multiple repositories within the enterprise, and these might need synchronizing through provisioning policies to ensure that identity information is consistent across the enterprise.&lt;br /&gt;
&lt;br /&gt;
'''Authentication Services:''' Authenticating the users within the enterprise is done through Authentication Services. These services could support multiple different approaches such as user name and password, hardware token based, or even biometric solutions to authenticate an individual based on fingerprinting or retinal pattern recognition.&lt;br /&gt;
&lt;br /&gt;
'''Authorization Services:''' After any authentication service, generally, an authorization service follows. This service determines if the user is authorized to perform the requested operation on the target resource. To allow authenticated users to perform tasks for which they have been authorized, there must be policies in place that describe the authorization decision for the appropriate authenticated service.&lt;br /&gt;
&lt;br /&gt;
'''Audit Services:''' For example, to meet certain compliance requirements or to perform incident analysis, audit trails must be available to show who accessed what and when. Audit Services maintain logs of critical activities. Typical examples of logged activity can be login failures, unauthorized attempts to access systems, modification of security and identity policies, and so on.&lt;br /&gt;
&lt;br /&gt;
'''Integrity Services:''' This service group attempts to monitor traffic intra- and inter-enterprise-wide to identify if data has been maliciously altered in some manner. Typically cryptographic techniques such as message integrity codes, authentication codes, and digital signatures are used.&lt;br /&gt;
&lt;br /&gt;
'''Confidentiality Services:''' They are applied to prevent disclosure of sensitive information traveling through untrusted communication networks, widely used over the Web. Even if a user is authenticated and authorized, the data requested must still be protected as it moves across systems boundaries.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Security Policy Management ==&lt;br /&gt;
'''Policy Administration Services:''' They maintain changes to security policies over the lifetime of the application. The policies need to be described in terms that make sense to the underlying architecture. For example, if used in an SOA context, then the policy Metadata should contain information about the services used and other information like the strength of encryption.&lt;br /&gt;
&lt;br /&gt;
'''Policy Distribution &amp;amp; Transformation Services:''' They distribute policies defining access to the applications or services themselves to the places where they are enforced. The policies themselves can be deployed using known standards such as WS-Policy or WS-Security Policy, so that the service or requestor can enable the security using its own local techniques.&lt;br /&gt;
&lt;br /&gt;
'''Policy Decision &amp;amp; Enforcement Services:''' They are logically connected to Policy Enforcement Points (PEP), which admin users use to update security requirements. The PEP’s in turn rely on Policy Deployment Points (PDP) or nodes to physically administer the policies across the enterprise. Challenges of multiple PDP’s and PEP’s are that different entities might administer them and coordination can become difficult. A central decision function that oversees these functions can sometimes assist greatly.&lt;br /&gt;
&lt;br /&gt;
'''Monitoring &amp;amp; Reporting Services:''' This function ensures the business can take the business policies and map them down to the IT services and report successfully on the degree of compliance by the IT Services deployed. It is necessary to keep track of current policies, historic policies, and compliance assessments against corporate policies. Traceability from the corporate policies down to the mechanism utilized to achieve those policies is critical to this function. Changes should be tightly controlled, access to them traced through reporting and monitoring, and audit trails supplied at any point in the process.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[[File:The Three Pillars of Information Security.png|thumb|800px|Figure 1: The Three Pillars of Information Security.]]&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
[[Category: Cyber Security]]&lt;br /&gt;
[[Category: Information Architecture]]&lt;br /&gt;
[[Category: Regulation]]&lt;br /&gt;
[[Category: System Architecture]]&lt;/div&gt;</summary>
		<author><name>Admin</name></author>	</entry>

	</feed>