An update about the Security Services Catalogue project of the major players in the security architecture field.
What this project is about
The Security Services Catalogue project is a joint effort of The SABSA Institute, The Open Group and the Open Security Architecture. It is managed by Pascal de Koning, senior security consultant at i-to-i. The security services catalogue is a register that supports filling in the logical layer of the architecture with security controls. Unlike existing control frameworks that contain requirements, the security services catalogue describes security building blocks that actually deliver protection. This architecture approach enables smooth integration of information security in the enterprise architecture.
The standardized approach contributes to the professionalization of the security management organization and facilitates a more efficient and cost effective way of working. One of the main advantages of the Security Services Catalogue is that it is a common terminology and reference framework for the domain of security management allowing better cooperation between the parties concerned.
At this moment, there are more than 90 participants worldwide. The project has started one year ago. All participants are doing this in their free time on a voluntary basis. Despite of this, we are making progress. Reality teaches us that it’s very hard to make a planning under the given circumstances. We are now in the phase of gathering the content and about 15% of that work is done. For this, the catalogue has been divided into 20 service groups. The content for each service group is developed by a separate workgroup. In April, we finished the first (pilot) workgroup that created the service taxonomy for Cryptography. After that, other service groups have started and some of them are still running. Current workgroups are:
- Cryptography - finished
- Risk Management
- Business Continuity Management
- Legal, Regulations, Investigations and Compliance
- Secure Service Delivery