How to use OSA
A guide to getting the most value from OSA patterns, controls, and resources.
We offer reusable material across multiple abstraction layers: - An overall landscape, actors, terminology and taxonomy at the top level - Security patterns on the next level - Threat modeling plus a NIST-based controls catalog at the detailed level
OSA Landscape Relevance
Our landscape represents one approach to organizing security topics. We intentionally combine different abstraction levels because architecture is a synonym for a certain type of design and that this type of design can be applied on different levels.
Pattern Selection
You'll typically discover OSA while addressing specific architectural problems. The framework can serve multiple purposes: - As a checklist - Documentation support tool - Reference for consistent role definitions across different scenarios
Controls Implementation
Control implementation depends on three factors: - Your organization's risk appetite - Budget constraints - Established security policies that define baseline requirements
Mapping to Standards
Our controls catalog includes mappings to ISO and COBIT standards, supporting audit responses and controls review projects.
Advanced Resources
We offer full database extracts and consultation services for deeper OSA implementation guidance.