Open Security Architecture Framework

Introductory Statement

Designing and implementing secure systems and applications requires permanent care - from decision making, through the system design, to system implementation, system testing and system maintenance. The Open Security Architecture Organization [OSAO] strives to create a framework for the security-centric development of IT systems. To achieve this goal, it touches numerous theoretical fields, from project management to software development processes and typical design decisions. The Open Security Architecture Framework [OSAF] is a work-in-progress and will be extended over time.

Target Audience

The Open Security Architecture Framework [OSAF] set forth by the Open Security Architecture Organization [OSAO] is intended for anyone working in IT projects that is either directly or indirectly making decisions concerning the design or the development process of security-centric IT systems - may it be project managers, system architects and engineers, component and software architects and engineers, as well as the higher management.
However, the provided framework does not go into detail when it comes to the secure implementation of applications. There are other sources like the Open Web Application Security Project [OWASP] that specifically cover this topic.

Structure

The Open Security Architecture Framework [OSAF] is divided into different chapters, which will become relevant in the course of an IT project. The chapters are ordered by detail, starting with general information, while later chapters dive deeper into the technological matters. A (still incomplete) list of upcoming chapters includes:

  • Project Management
    • Project Roles
    • Project Milestones
    • Project Rituals
    • Decision-Making
    • Artifacts and Deliverables
  • System Architecture
    • Tools and Methods
  • Component Architecture
    • Tools and Methods
  • Development
    • Tools and Methods
  • Operations
    • Tools and Methods