ABSTRACT
The conceptual security architecture is where we as security architects begin to add value. The experience reflects work done with numerous clients in many countries and different industries. Over the course of that work, it has become clear that although every business is unique, there are many commonly recurring themes. The Business Attribute Profile is the complete set of Business Attributes that represents your business, mapped to business drivers and business risks and with measurements producing metrics and specific performance targets defined for each one. A control objective is a statement of a desired result or purpose to be achieved by implementing controls within a particular business activity. Controls are implemented through policies, organizational structures, processes, practices and procedures and through technical systems. People often refer to the onion-skin model of security, where layer upon layer of defense is built up one on top of another.
