Security Reference Model (SRM) - Revision history

User at 18:40, 2 April 2024

2024-04-02T18:40:42Z

User at 18:06, 14 April 2023

2023-04-14T18:06:38Z

User at 11:14, 17 January 2023

2023-01-17T11:14:41Z

User at 11:13, 17 January 2023

2023-01-17T11:13:09Z

User: The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

2021-02-06T18:14:07Z

The LinkTitles extension automatically added links to existing pages (https://github.com/bovender/LinkTitles).

User: The Security Reference Model (SRM) provides a common language and methodology for discussing security and privacy in the context of federal agencies’ business and performance goals.

2019-01-07T03:38:20Z

The Security Reference Model (SRM) provides a common language and methodology for discussing security and privacy in the context of federal agencies’ business and performance goals.

User: Created page with "'''Content Coming Soon'''"

2018-12-17T21:48:01Z

Created page with "'''Content Coming Soon'''"

New page

'''Content Coming Soon'''

← Older revision		Revision as of 18:40, 2 April 2024
Line 21:		Line 21:

	== See Also ==		== See Also ==
		+	*[[Federal Enterprise Architecture Framework (FEA)]]
	[[Enterprise Architecture]]		[[Enterprise Architecture]]

@@ Line 1: / Line 1: @@
-== What is Security Reference Model (SRM)? ==
+The '''Security Reference Model (SRM)''' is a framework used to define and organize the security requirements for an information system. It is part of the overall enterprise architecture and is used to guide the development and implementation of security controls.
-The '''Security Reference Model (SRM)''' provides a common language and methodology for discussing security and privacy in the context of federal agencies’ business and performance goals.
+The SRM defines the security domains and components of an information system, as well as the relationships between them. It provides a systematic approach to designing and implementing security controls based on the specific needs and risks of the organization.
-Security is integral to all architectural domains and at all levels of an organization. As a result, the Security Reference Model (SRM) must be woven into all of the sub-architectures of the overarching EA across all the other reference models and it must be considered up and down the different levels of the Enterprise. Enterprise Architecture Governance is the perfect place for security standards, policies, and norms to be developed and followed since it is an enforcement point for Information Technology investments. The SRM allows architects to classify or categorize security architecture at all scope levels of Federal Architecture: International, National, Federal, Sector, Agency, Segment, System, and Application. At the highest levels, the SRM is used to transform federal laws, regulations, and publications into specific policies. At the segment level, the SRM is used to transform department-specific policies into security controls and measurements. At the system level, it is used to transform segment controls into system-specific designs or requirements. Each level of the SRM is critical to the overall security posture and health of an organization and/or system.<ref>Purpose of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]</ref>
+The SRM is typically composed of three main components: the security objectives, the security reference architecture, and the security controls. The security objectives define the goals and requirements of the security program, such as confidentiality, integrity, availability, and compliance.
-The Federal Security Reference Model (SRM) has three areas: Purpose, Risk, and Controls; these are divided into six total subareas (see figure below). Each one of these subareas must be addressed at the enterprise, agency, and system level. The SRM uses the information from the purpose and risk at each level of the enterprise to find and classify the correct controls to secure the environment.<ref>Structure of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf owh]</ref>
+Security controls are the specific measures and techniques to protect the information system and its assets. These may include physical controls, such as access controls and surveillance systems, and technical controls, such as firewalls, encryption, and intrusion detection systems.
-[[File:Security reference model.png|400px|Security Reference Model (SRM)]]<br />
+The benefits of using an SRM include increased security effectiveness and efficiency, improved communication and collaboration among stakeholders, and better alignment between security objectives and business goals. It also helps organizations to meet regulatory and compliance requirements, such as the General Data Protection Regulation (GDPR) and the Payment Card Industry Data Security Standard (PCI DSS).
-== See Also ==
+[[File:Security reference model.png|400px|Security Reference Model (SRM)]]<br />
+== See Also ==
+[[Enterprise Architecture]]

@@ Line 1: / Line 1: @@
-The Security Reference Model (SRM) provides a common language and methodology for discussing security and privacy in the context of federal agencies’ business and performance goals.
+== What is Security Reference Model (SRM)? ==
-Security is integral to all architectural domains and at all levels of an organization. As a result, the Security Reference Model (SRM) must be woven into all of the sub-architectures of the overarching EA across all the other reference models and it must be considered up and down the different levels of the Enterprise. Enterprise Architecture Governance is the perfect place for security standards, policies, and norms to be developed and followed, since it is an enforcement point for Information Technology investments. The SRM allows architects to classify or categorize security architecture at all scope levels of the Federal Architecture: International, National, Federal, Sector, Agency, Segment, System and Application. At the highest levels, the SRM is used to transform federal laws, regulations, and publications into specific policies. At the segment level, the SRM is used to transform department specific policies into security
+The '''Security Reference Model (SRM)''' provides a common language and methodology for discussing security and privacy in the context of federal agencies’ business and performance goals.
 controls and measurements. At the system level, it is used to transform segment controls into system specific designs or requirements. Each level of the SRM is critical to the overall security posture and health of an organization and/or system.<ref>Purpose of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]</ref>
@@ Line 14: / Line 15: @@
 == See Also ==
-*[[Computer Security]]

@@ Line 1: / Line 1: @@
-The Security Reference [[Model]] (SRM) provides a common language and [[methodology]] for discussing security and privacy in the context of federal agencies’ [[business]] and performance [[goals]].
+The Security Reference Model (SRM) provides a common language and methodology for discussing security and privacy in the context of federal agencies’ business and performance goals.
-Security is integral to all architectural domains and at all levels of an [[organization]]. As a result, the Security [[Reference Model]] (SRM) must be woven into all of the sub-architectures of the overarching EA across all the other reference models and it must be considered up and down the different levels of the Enterprise. Enterprise [[Architecture]] [[Governance]] is the perfect place for security standards, policies, and norms to be developed and followed, since it is an enforcement point for Information Technology investments. The SRM allows architects to classify or categorize security architecture at all scope levels of the Federal Architecture: International, National, Federal, Sector, Agency, Segment, [[System]] and [[Application]]. At the highest levels, the SRM is used to transform federal laws, regulations, and publications into specific policies. At the segment level, the SRM is used to transform department specific policies into security
+Security is integral to all architectural domains and at all levels of an organization. As a result, the Security Reference Model (SRM) must be woven into all of the sub-architectures of the overarching EA across all the other reference models and it must be considered up and down the different levels of the Enterprise. Enterprise Architecture Governance is the perfect place for security standards, policies, and norms to be developed and followed, since it is an enforcement point for Information Technology investments. The SRM allows architects to classify or categorize security architecture at all scope levels of the Federal Architecture: International, National, Federal, Sector, Agency, Segment, System and Application. At the highest levels, the SRM is used to transform federal laws, regulations, and publications into specific policies. At the segment level, the SRM is used to transform department specific policies into security
 controls and measurements. At the system level, it is used to transform segment controls into system specific designs or requirements. Each level of the SRM is critical to the overall security posture and health of an organization and/or system.<ref>Purpose of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]</ref>
-The Federal Security Reference Model (SRM) has three areas: Purpose, [[Risk]], and Controls; these are divided into six total subareas (see figure below). Each one of these subareas must be addressed at the enterprise, agency, and system level. The SRM uses the information from the purpose and risk at each level of the enterprise to find and classify the correct controls to secure the environment.<ref>Structure of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf owh]</ref>
+The Federal Security Reference Model (SRM) has three areas: Purpose, Risk, and Controls; these are divided into six total subareas (see figure below). Each one of these subareas must be addressed at the enterprise, agency, and system level. The SRM uses the information from the purpose and risk at each level of the enterprise to find and classify the correct controls to secure the environment.<ref>Structure of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf owh]</ref>
 [[File:Security reference model.png|400px|Security Reference Model (SRM)]]<br />
 source: [https://eapad.dk/gov/us/feaf2/consolidated-reference-model/ The EA Pad]
@@ Line 17: / Line 24: @@
 ===External References===
-Federal [[Enterprise Architecture]] [[Framework]] Version 2 [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]
+Federal Enterprise Architecture Framework Version 2 [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]

@@ Line 1: / Line 1: @@
-The Security Reference Model (SRM) provides a common language and methodology for discussing security and privacy in the context of federal agencies’ business and performance goals.
+The Security Reference [[Model]] (SRM) provides a common language and [[methodology]] for discussing security and privacy in the context of federal agencies’ [[business]] and performance [[goals]].
-Security is integral to all architectural domains and at all levels of an organization. As a result, the Security Reference Model (SRM) must be woven into all of the sub-architectures of the overarching EA across all the other reference models and it must be considered up and down the different levels of the Enterprise. Enterprise Architecture Governance is the perfect place for security standards, policies, and norms to be developed and followed, since it is an enforcement point for Information Technology investments. The SRM allows architects to classify or categorize security architecture at all scope levels of the Federal Architecture: International, National, Federal, Sector, Agency, Segment, System and Application. At the highest levels, the SRM is used to transform federal laws, regulations, and publications into specific policies. At the segment level, the SRM is used to transform department specific policies into security
+Security is integral to all architectural domains and at all levels of an [[organization]]. As a result, the Security [[Reference Model]] (SRM) must be woven into all of the sub-architectures of the overarching EA across all the other reference models and it must be considered up and down the different levels of the Enterprise. Enterprise [[Architecture]] [[Governance]] is the perfect place for security standards, policies, and norms to be developed and followed, since it is an enforcement point for Information Technology investments. The SRM allows architects to classify or categorize security architecture at all scope levels of the Federal Architecture: International, National, Federal, Sector, Agency, Segment, [[System]] and [[Application]]. At the highest levels, the SRM is used to transform federal laws, regulations, and publications into specific policies. At the segment level, the SRM is used to transform department specific policies into security
 controls and measurements. At the system level, it is used to transform segment controls into system specific designs or requirements. Each level of the SRM is critical to the overall security posture and health of an organization and/or system.<ref>Purpose of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]</ref>
-The Federal Security Reference Model (SRM) has three areas: Purpose, Risk, and Controls; these are divided into six total subareas (see figure below). Each one of these subareas must be addressed at the enterprise, agency, and system level. The SRM uses the information from the purpose and risk at each level of the enterprise to find and classify the correct controls to secure the environment.<ref>Structure of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf owh]</ref>
+The Federal Security Reference Model (SRM) has three areas: Purpose, [[Risk]], and Controls; these are divided into six total subareas (see figure below). Each one of these subareas must be addressed at the enterprise, agency, and system level. The SRM uses the information from the purpose and risk at each level of the enterprise to find and classify the correct controls to secure the environment.<ref>Structure of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf owh]</ref>
@@ Line 17: / Line 17: @@
 ===External References===
-Federal Enterprise Architecture Framework Version 2 [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]
+Federal [[Enterprise Architecture]] [[Framework]] Version 2 [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]

← Older revision		Revision as of 03:38, 7 January 2019
Line 1:		Line 1:
−	~~'''Content Coming Soon'''~~	+	The Security Reference Model (SRM) provides a common language and methodology for discussing security and privacy in the context of federal agencies’ business and performance goals.
		+
		+	Security is integral to all architectural domains and at all levels of an organization. As a result, the Security Reference Model (SRM) must be woven into all of the sub-architectures of the overarching EA across all the other reference models and it must be considered up and down the different levels of the Enterprise. Enterprise Architecture Governance is the perfect place for security standards, policies, and norms to be developed and followed, since it is an enforcement point for Information Technology investments. The SRM allows architects to classify or categorize security architecture at all scope levels of the Federal Architecture: International, National, Federal, Sector, Agency, Segment, System and Application. At the highest levels, the SRM is used to transform federal laws, regulations, and publications into specific policies. At the segment level, the SRM is used to transform department specific policies into security
		+	controls and measurements. At the system level, it is used to transform segment controls into system specific designs or requirements. Each level of the SRM is critical to the overall security posture and health of an organization and/or system.<ref>Purpose of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]</ref>
		+
		+
		+	The Federal Security Reference Model (SRM) has three areas: Purpose, Risk, and Controls; these are divided into six total subareas (see figure below). Each one of these subareas must be addressed at the enterprise, agency, and system level. The SRM uses the information from the purpose and risk at each level of the enterprise to find and classify the correct controls to secure the environment.<ref>Structure of the Security Reference Model [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf owh]</ref>
		+
		+
		+	[[File:Security reference model.png\|400px\|Security Reference Model (SRM)]]<br />
		+	source: [https://eapad.dk/gov/us/feaf2/consolidated-reference-model/ The EA Pad]
		+
		+
		+	===References===
		+	<references />
		+
		+
		+	===External References===
		+	Federal Enterprise Architecture Framework Version 2 [https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fea_v2.pdf Owh]