18th Annual Computer Security Applications Conference
December 9-13, 2002
Las Vegas, Nevada

FORUM - Enterprise Engineering and Security (Enterprise Frameworks and Architectures, and IA Patterns)

Chair: Jody Heaney, The MITRE Corporation, USA
Dr. Duane Hybertson, The MITRE Corporation, USA
Dr. Ann Reedy, The MITRE Corporation, USA
Susan Chapin, The MITRE Corporation, USA
Malcolm Kirwan, The MITRE Corporation, USA

Forum Theme

As the focus of software engineering has expanded from information technology supporting the department, to supporting the organization, and to supporting the enterprise, engineering communities have attempted to extend their focus using Enterprise Frameworks and Enterprise Architectures (EAs). Unfortunately in doing so, information assurance (IA) is seldom considered for inclusion in such frameworks and architectures. On the occasions when IA is included in the frameworks or architectures, it is not addressed in a complete and comprehensive manner. In addition, even when known IA solutions exist, they are often not effectively applied. Enterprise architects and systems/software engineers often do not know the basics of IA. Patterns have recently become common for conveying best practice approaches to development and integration for well-known technologies in the system and software engineering communities. However, the use of patterns to capture a full range of enterprise solutions and IA solutions is still very new.

This forum will provide lessons learned from a research and development effort to document IA best practices in patterns and to organize them within the context of Enterprise Frameworks and Architectures. Using the Zachman Framework as a starting point, the team has been developing an IA view that can be added to that framework. At the same time, the team also generated pattern templates that could be used to capture the best practices of IA usable to support the decision making process inherent in architecture development. Initial efforts have focused on the three traditional areas that are basic to any IA taxonomy: identification and authentication, accounting, and authorization. All forum participants have been key members of the team undertaking this effort.

Forum Speakers and Their Key Areas

Ms. Jody Heaney

Ms. Heaney will provide overall background for the project, and identify the key elements and their inter-relationships. Jody will identify the impacts of regulations such as OMB circular A-130 and why it will be essential to ensure that IA is included and always addressed in the early enterprise engineering efforts. Jody will also preface the use of patterns efforts for the development and integration of information technology.

Dr. Duane Hybertson

Dr. Hybertson will provide the background of enterprise architectures, and explain the use of the Zachman Framework on this project. Duane will discuss how the team isincluding IA as a view in the framework and how the view contributes to integrating the IA and Enterprise Engineering communities.

Dr. Ann Reedy

Dr. Reedy will establish the foundation for patterns and their role in capturing knowledge. Ann will present pattern templates devised to capture the IA best practices throughout the view for the Zachman Framework. Ann will also address the expansion of the breadth of pattern applicability to the enterprise level, and will discuss pattern integration through pattern trees and pattern languages.

Ms. Susan Chapin

Ms. Chapin will discuss the internal elements of representative IA patterns. Susan will show how the patterns, reflecting the Zachman Framework structure, establish support for the decision making processes at different levels of abstraction. Susan will also show how the patterns are related to each other.

Mr. Malcolm Kirwan, Jr.

Mr. Kirwan will present our pattern development in the areas of accounting and authorization. He will also describe how we are complementing the work of a larger security patterns community.