Security Architecture (SecA)

cyber security architecture

Security Architecture, Cyber Security or IT Security Architecture is the coherent set of concepts and their principles that are (to be) implemented in an organization.

The better your implemented SecA is, the more safe and secure your company is.

Every company has a form of security architecture (a coherent set of concepts and their principles) implemented.

The question is how much or mature your current state security architecture is aligned with your strategy and policies.

To find that out and get insights in, and overview of your security architecture, one can collect data on and document the used concepts, principles, elements, rules, standards.

With that data one can create or generate architecture visualizations at conceptual, logical and physical level.

On this page we introduce an example conceptual and logical level security architecture visualization (or diagram).

The definition of Security

Security is often defined as a process to increase the relialiblity of a system in terms of confidentiality, integrity and authenticity.

The Dragon1 open EA method proposes to sharpen that definition for security like this:

The security of a system is the coherent set of measures taken to improve control over access and usage of a system.

Security is not so much a process but a state of a system. Securing a system is a process, like defending is a process.

Why does this nuance matters?

This matters because you can have a great security management process, but still a bad security (control over the access and usage of your system).

Security Architecture Atlas

Most companies world wide never have heard of security architecture let alone document or visualize their security architecture.

Dragon1 as open EA method promotes to daily update and use a security architecture atlas, meaning a coherent set of visualizations and views of security architecture for key stakeholders in your company.

Security Architecture Frameworks

Dragon1 promotes to make use of a security architecture framework.

Dragon1 itself has defined a five layer framework with concepts for governing security, detecting attacks and breaches, protecting systems, responding to attacks and breaches and recovering from attacks and breaches.

This Dragon1 framework helps to measure, compare, control, monitor the safety and security of your companies processes, applications, data and IT infrastructure, employees and locations.

Security Architecture Concepts

Examples of generic and common security concepts are: reliablity, safety, identification, authentication, authorization, access, monitoring, auditing and accountability.

Every company has a form of these concepts implemented.

The main security concept that ISO 27001, the international standard for Security, introduces, is ISMS. An ISMS is an Information Security Management System.

An Information Security Management System (ISMS) is defined a set of rules that a company needs to establish in order to make the company more safe and secure.

Dragon1 considers the following security concepts to be key for every company:

  • Process chain disruption
  • Process disruption
  • Task/Activity disruption
  • Security Operation Center
  • Controling (Automated) Decision making in processes
  • Application Access
  • Data Access
  • Network Activity Monitoring
  • Application Hack
  • Network Hack
  • Data Breach
  • Software Virus
  • Ransomware
  • Antivirus software
  • Firewall
  • Single Singon
  • Firewall
  • DMZ (Demilitarized Zone)
  • Layering
  • Abstractions
  • Obfuscation
  • Data Hiding
  • Data Encryption
  • Vital Infrastructure
  • Critical Systems
  • ISMS

The C-suite and senior management of every organization (government agency, foundation and commercial company) in the world should have a very good udnerstanding of how well the above concepts are implemented and aligned with the strategy and policies.

Security Architecture Elements

A concept consists at logical of functional elements and at physical level of technical components.

In architecture we need both views of a concept.

Elements in their turn can be viewed as concepts themselves.

Lets take a look at the DMZ concept.

A DMZ or demilitarized zone is a physical or logical sub network that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet (according to wikipedia).

Common elements in a DMZ are services like webservers, FTP servers, Mail Servers and Voip Servers

There are two main types of DMZs: The Single Firewall DMZ and the Dual Firewall DMZ.

So next to services, servers, firewalls are also common elements of a DMZ.

Using the above knowledge and information is it possible to analyze whether or not the concept of DMZ is implemented and what type of DMZ there is and what could and should be done to improve the quality (effectiveness) of the DMZ.

Security Architecture Principles

  • Zero Trust
  • Privacy by Design
  • Least Privilege
  • Layered Security
  • Fault Tolerant
  • Default Deny
Default Deny

Security Architecture Standards

Security Architecture Rules

Security Architecture Policies

Security Architecture Models

Security Architecture Visualizations

Security Architecture Viewpoints

Security Architecture Views

Links

Here you can read what you can do with Security Architecture:

Architecting Solutions

DEMO: Concept Mapping Software

How to use Dragon1 EA Tool

Learn to generate architecture diagrams using repositories
DEMO: BPMN Onboarding Process Example

DEMO: BPMN Onboarding Process Diagram - Measure Rules Compliance

Manufacturing, Financial Solutions
DEMO: Enterprise Architecture Blueprint Template

DEMO: Generate an Enterprise Architecture Blueprint to discover and solve RISK

Banking, Logistics, Healthcare
DEMO: Process Application Map

DEMO: Generate Process Application Landscape for RPA

Government, Logistics, Banking
DEMO: Strategy Map Template

DEMO: Generate Strategy Map for CLOUD ADOPTION

Automotive, Financial Services, Health Care
DEMO: Data Mapping Software

DEMO: Generate Application Landscape for SECURITY

Retail, Agriculture, Oil & Gas