Security Policy Engineering
CDA has completed a research effort to improve security policy engineering by creating an environment that treats creating security policy as the difficult engineering task that it is. CDA can bring this experience to address your Enterprises needs. The technology (code named Espanola) is also available research and development.
Security Enforcement Policy that spans the Enterprise
Federal agencies have expressed a need for better development and administration of IT security policies across multiple heterogeneous security enforcement mechanisms. For example they want a single point to manage the DBMS, firewall and application enforcement policies so they are consistent and meet the constraints of the organization. Many agencies are struggling with excessive administration burdens caused by managing numerous security mechanisms, each with its own unique administration interface. To address these issues, the Cyber Defense Agency, LLC as developed Espanola, a security specification system that translates the security policy to be enforced consistently on multiple native enforcement mechanisms. Espanola treats security policy development like the hard design problem that it is. Espanola allows security policy patterns to be developed and shared like open source software. Espanola greatly reduces the day-to-day management of security mechanisms and improves security by ensuring approved good security policies are implemented.
Most organizations don't have enough trained security professionals to handle the demands of their numerous and dissimilar security systems. To properly secure an endpoint PC for example, typically requires a multitude of different security packages including anti-virus, anti-spyware, anti-adware, VPN, personal firewall, full disk encryption system, patch management system, email filters, network access control systems, web access control, and more. A similar problem exists with securing network based applications and equipment. Firewalls, intrusion detection and prevention systems, remote access systems, VPN gateways, mail servers, and more. No vendor today has a nicely integrated administration system for this plethora of unlike packages. Many vendors have difficulty integrating just their own products, let alone integrating with products from other suppliers. To add to the problem, most administration packages that do exist require administrators to be quite knowledgeable in security. Most organizations are simply drowning trying to administer all of these different systems.
Espanola treats security enforcement policy just like software development. Espanola comes with standard Java development libraries that allow for object-oriented development of the enforcement policy in a familiar language. However, once designed the complex policy specifications are incorporated into a GUI. Thus for the day-to-day administration a simple drag and drop interface is used to build an enterprise spanning role-based access control policy.
IT security is a dynamic, confusing, complicated and fragmented discipline. It is difficult, even for security professionals to understand and keep up with the ever-changing nature of the vulnerabilities, attacks, solutions, and regulations. Often a security professional with the necessary skills is simply not available. Organizations need tools that junior administrators can use with out violating an important policy goal.
ESPANOLA is an administration system designed to simplify and improve the effectiveness of designing, administering, enforcing, and maintaining an organization's IT security policy across heterogeneous systems.