Enterprise Cyber Secure Architecture- Abstract


This book is a handbook of cyber security architecture solutions for enterprises. It was designed to be a comprehensive engineer’s checklist of things that should be considered in designing a secure solution for an enterprise.  However, it was written to be clear and simple for executives of large enterprises who get confused by the lingo of security and the alphabet soup of security.  The challenge here was to not get too technical or too detailed but to be complete.  It would defeat the purpose of the handbook if it were very detailed.  On the other hand, it is a comprehensive checklist and thus useful for both types of readers.  It covers all the critical subjects necessary for a cyber-secure network.

There are only two types of threats to any enterprise.  The threats are active and passive attacks.  No active attacks can be prevented but it can be detected.  No passive attack can be detected but it can be prevented.  Cryptography must be used in both instances of attack.  It is inherent to Cryptography that they can detect active attacks and to prevent passive attacks.  This handbook shows how an enterprise can protect itself from both active and passive attacks.

This handbook describes IBM’s 10 point secure solutions approach for designing enterprise secure networks. The 10 steps are risk analysis, security policy creation, authentication of user, access control, confidentiality control, data integrity assurance, non-repudiation of transactions, network management with a NOC center, security management with a SOC center, and finally audit.  The methodology and techniques fit all of IBM’s existing platforms and operating systems. It also is AINSI compliant and Open Systems compliant. Accordingly, it fits the global marketplace no matter which mainframe is used.

The techniques associated with cyber secure enterprise networks fit both centralized computer systems as well as distributed computer environment networks.  The recently announced IBM zSeries mainframes imbed many of the features discussed here into the operating system of the zSeries.  Thus, this handbook can be useful in designing networks using zSeries.  In the meantime, if will take about 10 years for the zSeries to be generally installed.  During this time period, this handbook is directly relevant to the current installed base of computer systems and networks that are installed.