HAVECA-modellen - En metod för att fortlöpande säkra ett internt nätverk mot tredjepart
DatavetenskapComputer science - networks and communicationsComputer science - electronic securityComputer science - generalSecurityModelVirtual networkTcp/ip
This thesis will address a problem concerning availability of information
systems at an enterprise within the financial sector and its external
suppliers, so called trusted third party. The information system resides on the
internal network of the enterprise and must be available to both employees of
the enterprise and the trusted third party simultaneously. This contradicts the
company policy which
disallows third parties access to the internal network. The HAVECA-model
introduced in this thesis provides a framework of methods, each solving a sub
problem identified in the model. The identified methods are hardening,
verification, control and assurance, together supplying a method for
continuously securing the internal network against a trusted third party. The
HAVECA-model will be applied to a scenario, providing real-world examples of
techniques of allowing the trusted third party to a restricted number of
servers on the network.