Conceptual Architecture
The Conceptual Security Architecture is based on the view of “The Architect” and is a conceptualized vision of the requirements gathered from the Contextual layer. This vision is very high-level, as it is primarily meant to ensure all the business requirements are defined with principle and fundamental concepts that guide the selection and organization of the logical and physical elements at the lower layers of the abstraction (Sherwood, J., Clark, A., Lynas, D., 2005). In this layer:
- the assets (what) are defined by the Business Attributes Profile
- the motivation (why) maps to the Control Objectives
- the process (how) maps to Security Strategies and Architectural Layering
- the people (who) are defined in the Security Entity Model and Trust Framework
- the location (where) is defined within the Security Domain Model
- the time (when) is defined by the Security-related Lifetimes and Deadlines