An IT Architecture for Emory University
Adopted by CIRT
Security Domain Architecture
February 20, 2002
ITA Version 1.9.8
© 2000 Emory University
Page 3-2
Classification is key. Classification is a key driver for implementing security. Once resources
are classified, it is easier to develop policies and procedures and apply technology to protect
them. Knowing the classification of a resource helps people make personal choices that are
more likely to protect the resource. Classification of data does not change no matter how it is
stored or displayed. Thus classification provides a way to determine the change in protective
measures needed when data changes form, such as when data stored on a computer system is
printed on paper.
Classification scheme. At the conceptual level, the security architecture seeks to make
possible giving assets the protection implied by their classification regardless of the
classification scheme. At the product level, the security architecture assumes use of security
classification guidelines for Emory whose approval is pending. Once the guidelines are
approved, classification of resources is part of the implementation of the architecture. In the
meantime, this document focuses on access control, since controlling access is one of the main
countermeasures for protecting a resource, and uses the ratings “Restricted,” “Confidential,”
and “Public.” The rating indicates the level of access protection needed according to the impact
on Emory of unauthorized access. Figure 9-1 on page 9-4 of this document shows a
recommended classification of certain enterprise IT resources using these ratings.
Stewards, Custodians and Administrators. For most Emory IT resources, such as a major
Emory IT system, Emory is the owner, and it has entrusted responsibility for the resource
(including its classification) to someone else called the “Steward” of that resource. The Steward
may employ someone called a “Custodian” to take care of the resource, and may delegate
classification to the Custodian or base the classification on information from the Custodian. The
Custodian in turn may depend upon an “Administrator” of the resource to supply advice and
take direct action. In the case of an IT resource, such action could involve making configuration
changes to an IT system to secure it.
Assets Information Database. The architecture envisions that the identity of assets, their
classification, and other information about them would be maintained in a database. An issue is
how to motivate people to put the
information in the database and keep it
up-to-date. The architecture envisions that
the Senior Emory leaders would drive
identification and classification of assets
by requiring it of owners and stewards.
The Vice Provost for IT would also take
leadership in this by encouraging
custodians and administrators. The
information in this database would also be
of potential use for purposes other than
security, and would be made available to
the Help Desk, local support, and others.
Some of it might be of wide enough
interest to appear in the Enterprise
Directory.
Figure 3-1. Assets information
Threats, Vulnerabilities, Risks, and Countermeasures. Threats continually appear and
vulnerabilities are continually found. Protecting systems requires knowing of vulnerabilities as
soon as they are discovered, quickly detecting intrusions, taking protective measures
VP for
IT
Custodians
Administrators
Drives
Keep asset
data up-to-date
Senior
Leaders
Owners
Stewards
Drives
Requirements
Asset
Information
Database
Enterprise
Directory
Service
Access
Control
Feed
Access by
Help Desk,
Local Support
& Others
classification
 |
 |
 |