HAVECA-modellen
En metod för att fortlöpande säkra ett internt nätverk mot tredjepart
This thesis will address a problem concerning availability of information systems at an enterprise within the financial sector and its external suppliers, so called trusted third party. The information system resides on the internal network of the enterprise and must be available to both employees of the enterprise and the trusted third party simultaneously. This contradicts the company policy which disallows third parties access to the internal network. The HAVECA-model introduced in this thesis provides a framework of methods, each solving a sub problem identified in the model. The identified methods are hardening, verification, control and assurance, together supplying a method for continuously securing the internal network against a trusted third party. The HAVECA-model will be applied to a scenario, providing real-world examples of techniques of allowing the trusted third party to a restricted number of servers on the network.