Hi community
Does anyone have experience in managing security aspects of architecture in LeanIX? For example how to integrate a framework like SABSA. A quick search on the community/web did not yield good results.
Thanks for sharing,
Jonas
Date
Votes
10 comments
-
Official comment Dear customer champions, some great discussion points here.
There is a related discussion thread with some more details on this topic here: Control fact sheet type - any users? – LeanIX (zendesk.com)
Additionally, with the release of the following 2 new features, customers are fully equipped to create and configure new Fact Sheet types:
- Product Updates | Manage Fact Sheet types in Meta-Model configuration (leanix.net)
- Product Updates | Manage relation types in Meta Model configuration (leanix.net)
We hope these product updates help to address your needs for security architecture in LeanIX.
Should you have more feedback on this topic, please feel free to submit feedback here: 🧭 On roadmap - LeanIX Product Roadmap | Product Roadmap.
Best,
Frank
Principal CSM
-
Hi Jonas - We have not implemented Security architecture but since you asked I think you will need to create new FS types/re-use existing ones to capture the Business attributes (SABSA offered) and then map these business attributes with the applications. Also, maintain some values on this relation (security adherence/risk/etc.)
Now that we have the ability to create reports for any factsheet, I think creating a new FS should not be a problem from reporting perspective.
-
Hello Sagar
Thanks for your reply; would like to maximally leverage the out-of-the-box factsheets. You're right about the reporting, especially with the new matrix it is getting a lot easier/flexible.
Would you be interested in sparring on the topic (once the ideas are getting more concrete)?
Regards
Jonas
-
Hi Jonas,
We created a new factsheet for security and manage subtypes like (NIST, CIS, ISO2007). We are able to apply this to our reports and also link to applications factsheet as well. There is no other way to do it without adding a new factsheet.
Regards,
Odi
-
LeanIX have a semi-standard 'Control' fact sheet type, that can be deployed to customers on request. If you discuss with your CSM they can get it doployed into your sandbox so you can look at it.
We have had it deployed into our porduction instance now, and it works quite well for our needs. Basing off their sheet is probably cleaner in the long run than developing your own from scratch as it is more likely to fit with anything they release into the product later.
-
Thanks for sharing that, Adrian. Will request to activate the 'control' factsheet.
-
Hello Odirile, Adrian,
What do you think about sharing best practices, reports etc.?
I'm happy to do so after I have experimented with the new 'control'
Best regards
Jonas
-
Hi All, I have implemented Attributes and Control factsheets, Now I want to make relationships between Controls and Business Applications; Controls and Security applications. I am thinking of following relations, appreciate your comments, feedback and better approaches
- Business Capabilities --explicit relation--> attributes
- Attributes ----Requires---> Control Objectives ---Required by----> Business Applications, Data object, Interface and IT components (Something similar to attached model mapping)
I am happy to sparring thoughts if any one interested in this community
-
I've shared my progress over in another thread.
-
Hi Community,
When it comes to Security Services/Capabilities such as Security Operations, Identity and Access management, GRC etc... do you add them to Business Capability or Technical Category? Let me know your thoughts on below hierarchy
GRC = Business Capability
Risk Management = Application
Archer = IT Component
RSA = Provider
Please sign in to leave a comment.