Abstract
Security solutions are increasingly becoming a vital component of telecommunications and internetworking systems for all organizations. There are increased vulnerabilities due to online access that allow malicious intervention to IT and network systems from remote locations. Traditionally, the thought of insider attack has been viewed as the key risk affecting businesses, however the threat of cyber attacks upon the communications network has become a primary source of concern. A key challenge facing communication network providers is how to effectively manage and secure the enterprise Information and Communications Technologies (ICT). There are many prevailing standards and emerging products now available. However, the integration and cohesive design of these security solutions is becoming an obstacle to the effective deployment of security solutions. In this paper we propose a security enterprise architecture for communication network providers. The security architecture is based upon our experience in deploying enterprise architectures and security solutions world wide, whilst drawing upon key standards such as SABSA and TOGAF. The security architecture may be used as a blueprint and framework for network providers to ensure coverage in security, reduce risk of malicious threats, and for mitigating delivery risk due to integration and deployment challenges. The framework is also applicable to the broader industry seeking to develop their enterprise security architectures.
Keywords
Security, Cyber Threats, Enterprise Security Architecture, Cyber Attack, Network Operator Transformation.
References
eTOM. 2005. “Enhanced Telecom Operations Map (eTOM) The Business Process Framework for the Information and Communications Services Industry”, TeleManagment Forum Guidebook, GB921 v4.
Bahmani, F., Shariati, M., and Shams, F. 2010. “A survey of interoperability in Enterprise Information Security Architecture frameworks”. Conference on Information Science and Engineering. December, pp. 1794-1797.
Binde, B. E., McRee, R., and O’Connor, T. J. 2011. “Traffic to Uncover Advanced Persistent Threat”, SANS Technology Institute, May.
Cheng, W., Zhan, X., and Zhang, S. 2011. “Study on Service Oriented Security Architecture”. Information Technology and Artificial Intelligence Conference (ITAIC), 6th IEEE Joint International, August, (2), pp. 476 – 479.
Chetty, J. and Coetzee, M. 2010. “Towards an information security framework for service-oriented architecture”. Information Security for South Africa (ISSA), August, pp. 1 – 8.
Haigh, T. 1995. “Virtual enterprises and the enterprise security architecture”. Proceedings of New Security Paradigms Workshop. August, pp. 53 – 64.
ISO2700. 2009. “Information technology — Security techniques — Information security management systems — Overview and vocabulary”. International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 2700, First edition, May.
Jericho Forum, 2008, “Position Paper – COA Framework”, The Open Group, November, 2008.
McGee, A. R., Chandrashekhar, U., and Richman S. H. 2004. “Using ITU-T X.805 for Comprehensive Network Security Assessment and Planning”. Telecommunications Network Strategy and Planning Symposium. June, pp. 273 – 278.
M.3400. 2000. “TMN management functions”, International Telecommunications Union. ITU-T Recommendation M.3400. February.
O-SCOA. 2011. “Secure Collaboration Oriented Architectures (O-SCOA)”. The Open Group. Under Review for Standardization.
Oda, S.M. Fu, H., and Zhu, Y. 2009. “Enterprise information security architecture a review of frameworks, methodology, and case studies”. IEEE International Conference on Computer Science and Information Technology, August, pp.333 – 337.
Pavlovski, C. 2011. “Broadband Transformation through improved support systems”, Telecommunications Journal of Australia (61:4).
PSPF. 2011. “Protective Security Policy Framework”. Australian Government. Version 1.2 January. http://www.ag.gov.au/www/agd/agd.nsf/page/Protective_Security_Policy_Framework
Pipeline. 2011. “Technology for Service Providers”, [OSS and BSS Trends, Technology and news]. Pipeline Magazine. Available at http://www.pipelinepub.com/.
Sipior, J. C., and Ward, B. T. 2008. “A Framework for Information Security Management Based on Guiding Standards: A United States Perspective”. Issues in Informing Science and Information Technology (5).
ISO27002. 2008. “Information technology — Security techniques — Code of practice for information security management”, International Organization for Standardization. ISO/IEC 27002:2005. http://www.iso.org/iso/
Sherwood, J., Clark, A., and Lynas, D. 2009. “Enterprise Security Architecture”, Sherwood Applied Business Security Architecture (SABSA), White Paper.
Sun, J. and Chen, Y. 2008. “Intelligent Enterprise Information Security Architecture based on Service Oriented Architecture”. International Seminar on Future Information Technology and Management Engineering, November, pp. 196 – 200.
Tahajod, M., Iranmehr, A., and Darajeh, M. R.. 2009, “International Conference for Internet Technology and Secured Transactions”, November, pp. 1 – 5.
TOGAF. 2011. “The Open Group Architecture Framework”, Open Group Standard, Version 9.1, Enterprise Edition.
Wang, C-H., and Tsai, D-R. 2009. “Integrated installing ISO 9000 and ISO 27000 management systems on an organization”. International Carnahan Conference on Security Technology. October, pp. 265–267.
X.509. 2008. “Information technology – Open systems interconnection – The Directory: Public-key and attribute certificate frameworks”. ITU-T Recommendation X.509. November.
Journal of Enterprise Architecture