Modeling Information Security

There is a new menu option dedicated to modeling called Models. The current model is in the Archi format and is easily downloadable. It covers all the capabilities we have discussed up to this point. As we move forward we will add more to this model and build out other artifacts that support our architecture vision. We may even get adventurous and include a PowerPoint or two. Up Next More architecture of course!

Security Capabilities All The Way Down

All the Way Down We continue our series on using capabilities to our advantage in creating design and architecture. We will cover how we can model information security all the way down. This section, like the section on Cloud Capabilities, begins with the layout of those abilities. We also have to remember that capabilities are the highest level or the highest description we will be using. The actual behaviors and implementations will be much more detailed.

Quality Wardley Maps

Mapping If you are not familiar with Simon Wardley and his world of mapping you need to first jump over to his blog-book on mapping. It is a detailed set of pages that are well worth your time to read through and practice. Quality Attributes Quality Attributes (QAs) are those non-functional traits that we try to describe and require when designing processes, systems, and software. They describe a quality of the thing in question.

Foundations for Cloud Capabilities - Continued

If you missed it, read the first post on Foundations for Cloud Capabilities. We will be building on that as we expand our design. Foundational Areas We covered these foundational areas in the first post. We will finish out our list so we can begin looking at architecture mapping processes. Governance Environments Request and Provisioning Backup and Recovery Disaster Recovery Cost Management We will finish the descriptions for the rest of the list.

Foundations for Cloud Capabilities

A Survey If you missed it, read the post on Cloud Capabilities first. We will be building on that as we expand our design. This is a pretty long and involved topic so will be broken into a couple of posts. The first post or two will describe all the foundational elements that may be needed. Then we will move into more architectural direction and artifacts to use in the process.

Cloud Capabilities

Cloud Service Provider Capabilities What do we have the ability to do? Or even better, what do we want to be able to do? It sounds like an easy question and it is asked all the time for all domains. As we do any type of design it always helps to have definitions and groupings of your abilities. This allows you to compare, explain changes, and explain gaps in a consistent manner.

Security BSides Chattanooga 2018

Security BSides You probably already know about Security BSides and how they came about. If not jump on over to BSides to get the scoop. There are many BSides events around the Chattanooga area. We have them in Knoxville, Nashville, Asheville, Atlanta, and Huntsville just to name the ones that come to mind. Chattanooga is a growing tech community and has many large and small businesses that have security concerns.

Ready, Set, Architect!

A Quick Talk This is a quick tour through why we need to architect, a couple of the frameworks, and finally several helpful tools. It started out as a 5-minute lightning talk but turn more into an 8-minute flashflood. I want to thank the @chadevs for giving me the time to come and speak to the great group there. There was a good crowd that filled up the room. If you haven’t attended a Chattanooga Developers, ChaDevs, Lunch Meeting then check them out on Meetup.

Session Box

I draw a lot of diagrams. With all these diagrams there are an endless number of revisions and refinements created in the process. Some of the changes are necessary while others are definitely not earth-shattering. Timeboxing In time management, timeboxing allocates a fixed time period, called a time box, to each planned activity. It is also used for individual use to address personal tasks in a smaller time frame.

The Certified Cloud Security Professional Test

First things first The most important point, for me anyway, is that I passed the test. It was helpful for me to hear how other people passed their tests and how they obtained their certifications. I can’t guarantee that you will pass the test if you read this but hopefully you will pick up a couple of tips that may help you along the way. What is the CCSP The (ISC)2 CCSP is a joint effort between the (ISC)2 and the Cloud Security Alliance.