Conceptual Security Architecture - Enterprise and Application Architectures

Group 5: Alysse Ketner, Sabrina (Maria) Toubbeh, Nicholas Tuscano

University of San Diego

CSOL 520: Secure Systems Architecture

Dr. Umesh Varma

May 30, 2022

 Conceptual Security Architecture

This proposal aligns with the Sherwood Applied Business Security Architecture (SABSA)

Framework for a layered approach to enterprise security. The following outlines the scope for

both enterprise and application architecture within the proposal. Diabetes Health’s

organizational goals regarding the business, technology, and security are accounted for in the

scope and planning of this proposal.

Enterprise Architecture

The target of this proposal is a functional Customer Relationship Management (CRM)

system focused on operational success for the manufacturing and sales departments of

Diabetes Health. The scope of this proposal is therefore limited to the subset of the enterprise

architecture relating to the supply chain from manufacturing diabetes devices to selling devices

and subscriptions to the Diabetes Management Portal. The enterprise architecture is modeled in

Figure 1 below in a four-level decomposition model, where the levels are as follows:

- Level 1 - System

- Level 2 - Subsystems

- Level 3 - Processes

- Level 4 - Tasks
Figure 1: Enterprise Architecture Model
Existing Capability

The organization’s current enterprise architecture has evolved organically over time,

rather than strategically. Both the manufacturing and sales departments have workable, existing

processes and systems. Since the existing capabilities were not systematically planned out,

there is no interface or integration between the business units. The proposed design, as shown

in Figure 1, consolidates these subsystems in alignment with the business, technology, and

security goals.

Risk Management

The consolidation of these subsystems allows for a stronger risk management approach.

Each subsystem will align to the centralized security framework of the proposed design ensuring

adherence to security goals including least privilege and remote access.

Strategic Planning

This proposal aligns with the organization’s overall strategic plan to consolidate assets

across the enterprise where applicable. Figure 1 models the consolidation of multiple

subsystems which will decrease the overall attack surface.

 Application Architecture

Figure 2 below outlines the architecture at the application level for the proposed CRM

system.

Figure 2: Application Architecture Model

Existing Capability

Our application’s system architecture satisfies all of the basic needs of our users. While

it is simple in design, this only enables us to easily integrate any additional components or

functionalities that we may need as we move forward. Utilizing a platform like Amazon Web

Services grants us the potential for scalability if we were to expand, or add additional

functionality to our existing application.

Risk Management

NordVPN gives our users the ability to securely connect to our application, while our

firewall ensures that no foreign traffic finds its way into our network. If one of our VPN

connections were to be compromised, we can rest assured that our intrusion detection systems

would notify us before they make their way onto any of our servers. AWS also provides

snapshots and backup functionality if anything were to be corrupted, allowing us to quickly

restore and progress lost.

Strategic Planning

Deployment of our application begins with remote workers for the first quarter, and will

transition into becoming available for all qualified employees by the second quarter or when we

feel it is robust enough to handle more traffic. As we move forward, we plan on utilizing AWS’

elastic load balancing, enabling us to scale up or down depending on the amount of traffic our

application is receiving.
 References

Moyle, E., & Kelley, D. (2020). Practical Cybersecurity Architecture: A guide to creating and

implementing robust designs for cybersecurity architects. Packt Publishing.