HomeCompanyProduct
Search…
⌃K
Links

Security Context

Dynamically applying security to your application based on business context
Security context is the security-relevant business context being applied to an application architecture and its components.
Based on this context, oak9 dynamically applies security requirements and validates your application architecture against these requirements at the appropriate level of rigor. You can tailor the security context for a given component by updating the security context tags for that component (see figures below).
For example, a database that stores Business-sensitive data will have different security requirements applied to it than a database that is only storing Public data. \

Types of Security Context

End User Type:
  • Workforce: End users are workforce (employees/contractors)
  • Consumers: End users are B2C consumers
  • Business Partners: End users are B2B partners
Level of Access:
  • Physical: Person users have physical access to this component
  • Open: Person or non-person users have open access to this component
  • Limited Sensitive Data: Person or non-person users have limited access to business sensitive data
  • Broad Sensitive Data: Person or non-person users have broad access to business sensitive data
  • Security Privileged: Person or non-person users have security privileged access to business sensitive data
Type of Access:
  • External Access: Component is externally accessible (e.g. over the internet)
  • Internal Access: Component is only accessible over internal networks
  • Remote Access: Component is remotely accessible
  • Wireless Access: Component is wirelessly accessible (for specific wireless use-cases as opposed to externally or remotely accessible use-cases)
  • Outbound Access: Component has outbound access to external networks
Sensivity of Data:
  • Data Sensitivity: Public, Business Sensitive
  • Business Impact: Low, Medium, High
  • Public: Data that can be publicly shared (but whose integrity may still be required)
  • Business-Sensitive: Data that is considered sensitive to the business. This includes data that may be confidential or restricted
Business Impact (if this component were compromised):
  • Low: Minimal or no financial, legal or repuational impact to the business
  • Medium: Limited financial, legal or reputational impact to the business
  • High: Significant financial, legal or reputational impact to the business
Previous
Resource Properties
Next
Validation Panel
Last modified 7mo ago