Archive for March, 2012

ORGCon 2012

I attended the Open Rights Group Conference (ORGCon) this year.

We are at a weird moment where the Internet and the associated digital technologies it has spawned and supported are wreaking changes to the social, cultural and economic environment that don’t easily fit the current models of law and governance. Cory Doctorow makes this point more completely and more eloquently here (Lockdown: The coming war on general purpose computing).

As a result we are seeing law and regulation that is driven much more by lobby groups rather than politicians. The politicians that understand these changes are few and far between and made more notable for that irrespective of their party allegiance (For example Tom Watson and Francis Maude). I am heartened by the ORG as they represent the other side of the coin from the industry lobby groups.

Documenting an As-Is Security Architecture, part two

This is a continuation from part one.

Documenting current environments

This activity is focused on identifying the physical and logical environments in scope for the business architecture.

A logical and physical model will be created to hold entities describing physical facilities, wide area networks and systems that store, process or transmit information assets that fall within scope of the business architecture. It is likely there will be gaps identified and that these will need to be investigated with stakeholders and partners. This is a model that will evolve with more detail as the projects move into delivery and suppliers are contracted and systems are implemented. (more…)

Documenting an As-Is Security Architecture, part one

This is the first of a two part post, part two is available here.

The following list is a set of activities that need to completed at least once to document an existing As-Is security architecture view for a business architecture and then need to be maintained over time through repeat reviews.

Twitter RSS