Security Architecture, Cyber Security or IT Security Architecture is the coherent set of concepts and their principles that are (to be) implemented in an organization.
The better your implemented SecA is, the safer and more secure your company is.
Every company has a form of security architecture (a coherent set of concepts and their principles) implemented.
How mature your current state security architecture is aligned with your strategy and policies?
To find that out and get insights into an overview of your security architecture, one can collect data on and document the used concepts, principles, elements, rules, and standards.
With that data, one can create or generate architecture visualizations at a conceptual, logical, and physical level.
This page introduces an example of conceptual and logical level security architecture visualization.
The definition of Security
Security is often defined as a process to increase the reliability of a system in terms of confidentiality, integrity, and authenticity.
The Dragon1 open EA method proposes to sharpen that definition for security like this:
The security of a system is the coherent set of measures taken to improve control over access and usage of a system.
Security is not so much a process but a state of a system. Securing a system is a process, like defending is a process.
Why does this nuance matter?
This matters because you can have a great security management process but still bad security (control over the access and usage of your system).
Security Architecture Atlas
Most companies worldwide have never heard of security architecture, let alone document or visualize their security architecture.
Dragon1, as an open EA method, promotes daily updates and uses a security architecture atlas, meaning a coherent set of visualizations and views of security architecture for key stakeholders in your company.
Security Architecture Frameworks
Dragon1 promotes making use of a security architecture framework.
Dragon1 has defined a five-layer framework with concepts for governing security, detecting attacks and breaches, protecting systems, responding to attacks and breaches, and recovering from attacks and breaches.
This Dragon1 framework helps to measure, compare, control, and monitor the safety and security of your company's processes, applications, data and IT infrastructure, employees, and locations.
Security Architecture Concepts
Examples of generic and common security concepts are reliability, safety, identification, authentication, authorization, access, monitoring, auditing, and accountability.
Every company has a form of these concepts implemented.
The main security concept that ISO 27001, the international standard for Security, introduces is ISMS. An ISMS is an Information Security Management System.
An Information Security Management System (ISMS) is defined as a set of rules that a company needs to establish to make the company safer and more secure.
Dragon1 considers the following security concepts to be key for every company:
- Information Security Management System (ISMS)
- Monitor->Improve->Secure (MIS)
- Intrusion Detection
- Intrusion Detection System (IDS)
- Intruder Detection Lockout (IDL)
- Network Activity Monitoring
- Malicious Activity monitoring
- Event
- Incident
- Event Monitoring
- Incident Monitoring
- Process Chain Disruption
- Process Disruption
- Task/Activity Disruption
- Security Operation Center
- Zero Trust Security
- Privacy by Design
- Least Privilege
- Fault Tolerant
- Default Deny
- Layered Security
- Passive Attack
- Active Attack
- Denial of Service Attack
- Cryptographic Attack
- Spoofing
- Fishing
- Controling (Automated) Decision making in processes
- Application Access
- Data Access
- Application Hack
- Network Hack
- Data Breach
- Software Virus
- Ransomware
- Antivirus software
- Firewall
- Single Signon
- User Authentication
- Machine Authentication
- Demilitarized Zone (DMZ)
- Security Policy
- Security Measures
- Acces Control policies
- Authorization Policies (to access an application)
- Layering
- Abstractions
- Obfuscation
- Data Hiding
- Data Encryption
- Vital Infrastructure
- Tenet
- Segementation
- Micro Segmentation
- Compromised Network
- Compromised Machine
- Mission Critical Systems
The C-suite and senior management of every organization (government agency, foundation, and commercial company) should understand how well the above concepts are implemented and aligned with the strategy and policies. Download here the Security Architecture [PDF]
Security Architecture Elements
A concept consists of logical and functional elements at the physical level of technical components.
In architecture, we need both views of a concept.
Elements, in their turn, can be viewed as concepts themselves.
Let's take a look at the DMZ concept.
A DMZ or demilitarized zone is a physical or logical sub-network that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet (according to Wikipedia).
Common elements in a DMZ are services like web servers, FTP servers, Mail Servers, and VoIP Servers.
There are two main types of DMZs: The Single Firewall DMZ and the Dual Firewall DMZ.
So next to services, servers, firewalls are also common elements of a DMZ.
Using the above knowledge and information, is it possible to analyze whether or not the concept of DMZ is implemented, what type of DMZ there is, and what could and should be done to improve the quality (effectiveness) of the DMZ.
Security Architecture Principles
Every Security concept has one or more ways of working or working mechanisms. A working mechanism of a concept we call the concept principle.
Guidelines are recognized to help implement the principle.
The list below shows per concept a principle.
- Zero Trust Security - By never trusting anyone and always verifying someone's identity, the network becomes safer.
- Privacy by Design - By designing an IT system where sensitive and personal data is automatically protected from unauthorized access, the IT system, per definition, is made more secure.
- Least Privilege - By designing an IT system where only the necessary features are provided role-based, the IT system, per definition, is made more safe and secure.
- Layered Security - By building providing security controls at various places or levels in the IT-Infrastructure, breaching one place or level does not mean an entity has access to everything right away, thus making the entire system more safe and secure.
- Fault Tolerant - By creating a system that includes redundancy, fault isolation, fault detection and annunciation, and online repair, the system will be fault tolerant and highly available
- Default Deny - By denying a user access by default and only granting access after verification, a network and application are made more safe and secure.
More Reading on Security Architecture
Here you can read what you can do with Security Architecture: