Opal Cyber Resiliency Framework

merging Authority Management and Systems Security Engineering to achieve a strong Cyber Resiliency posture


What is it?

Cyber resiliency is commonly thought of as the organizational resilience against cyber threats by effective implementation of security principles and practices, along with the continuity of operations.

The Opal Cyber Resiliency Framework - OCRF - provides a common language for understanding, managing and expressing high level system requirements and transforming them into low level, machine tangible objects that are highly resistant to cyber threats.


take control with

Authority Management

Authority Management is the practice of modeling abstract concepts such as authority and permissions into machine tangible and enforceable object - Authority Tokens, that can be manipulated like any other object in an information system.

These provide a lightweight, unforgeable, tamper-evident and fine-grained resource access control mechanism that allows for contextually sensitive policies where the focus is directly on the permissions with regards to that resource and the Authority that granted them.

follow your principles

At its heart, Authority Management heavily relies on one of the most fundamental principles in security, the Principle of Least Authority, or POLA — which is the anagram for OPAL.

It requires that only the minimum subset of permissions needed for any given action and context be provided to satisfy the requirements. This significantly reduces the risk for any given object or action.

 

so…

What can you do with it?

Connectivy Graphs

Resource Management

Mechanisms used for protecting, controlling and managing resources — where a resource is a consumable within any managed process that needs to be protected, tracked or measured and its access and usage is tightly controlled by formally modeled access/quota policy objects.


take the right first step with

System Security Engineering

The inevitability of a security breach laid the foundation for risk based cybersecurity approaches where systems are designed to meet the minimal viable standards deemed adequate for organizational goals.

The OCRF engages basic security principles early on in system design to form a secure foundation from the get-go…far exceeding the adequate security standards used today.