Comments (6)
What is the intention of this suggestion? I am not clear on what we want to use this for. Is this a suggested use case?
from documentation.
My intention is to create discussion about establishing and maintaining trust in a system critical to operations, mainly to reach clarity around whether the architecture provides or requires those trust components. Ignoring this we run the risk of designing a vulnerable system.
from documentation.
It's a good idea to look at this.
from documentation.
I think we need to be a bit careful about getting into the weeds here. Not all cybersecurity operation stacks run in a zero trust model nor would we want to suggest that should even be required.... it would immediately limit the applicability of our work to only those organizations who are embracing such a model, which are still somewhat rare. Also, this is very application-stack specific. Two systems in the architecture may secure their communication channel many different ways.
from documentation.
I agree that we don't want to be so forward looking that we lose the ability to transition. Perhaps there's still something we can glean from looking at a zero trust architecture. Are there decisions we could make to day that would hinder embracing that model in the future? Are there base components in a zero trust architecture that are prevalent enough today to consider including/assuming?
from documentation.
I agree we should be looking at the question "how do you secure OCA systems?" As the original point made is valid that security systems are prime target. I agree with the comment that there are different ways to do this and different needs for different use cases and different legacy architectures. I recommend against getting too prescriptive too soon. We might want to start by gathering examples of how you could do OCA system security. And we should look at all aspects. Personally I'd start with some recursive aspects of the system feeding itself especially in any proof of concept. E.g. drink our own champagne
from documentation.
Related Issues (18)
- Need to define what this repo is for HOT 2
- Architecture: Security Automation Workflow Enumeration HOT 2
- Update readme
- Manager component - unclear what it is HOT 1
- Posture Collection System HOT 2
- Do usecase document in markdown instead of pdf to allow PR's HOT 1
- Architecutre diagram viewpoint HOT 17
- Fix broken images links in readme HOT 1
- Create System Landscape Diagram (C4) to capture high level OCA architecture
- Create C4 diagrams for Threat Intelligence Sharing System
- Need to evolve the architecture terminology document (iterative approach)
- Align SCAP with OpenDXL Ontology. HOT 2
- Evolve our current use cases to drive our architecture definitions
- Suggestion: Diagrams and Documents should include an Acronym Table HOT 1
- This repo need a license file HOT 4
- broken links on root README
- Architecture: Investigate C4 Model for Diagrams HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from documentation.