Create a Security Architecture

- Filter, Analyze and Solve your Security Weaknesses -

Use Zero Trust, Dark web, IoT and Anti-Spoofing principles

Are your architects addressing 70% of all security questions instantly? It can be.

Use Dragon1 to build an ISMS following ISO 27001. Protect your clouds, prevent supply chain attacks and malicious emails with security rules and artificial intelligence.

This tutorial introduces how you can make use of Dragon1 for Security Architecture.

Dragon1 is the ML/AI-enabled digital platform for Enterprise Architecture.

What is Security Architecture?

According to the Dragon1 open EA method, Security Architecture is the coherent set of security concepts (or security capabilities) of your organization.

Depending on your strategy and business model you need a need for certain security concepts to be implemented at a certain maturity level.

Security Architecture is the description and visualization of how security controls (= security countermeasures) of an organization are positioned and how they relate to the overall systems architecture.

These security controls serve the purpose to maintain the system's quality attributes such as confidentiality, integrity and availability (CIA).

Security architecture is a conceptual security blueprint of the organization as the bridge between the strategy and transformation of the organization.

Today, security plays a vital role in the Enterprise Governance of an organization. Dragon1 helps to get Security Architecture linked into the governance processes, IT policies, IT auditing and supports CxOs in selecting appropriate measures to be taken.

Read more about Security Architecture in the Resources section.

Building Common Insights to enable Impactful Decisions

In order to have a group of key stakeholders gain common insights and overview of the current security situation, and be ready to make impactful decisions for the benefit and the future of the organization, more and more organizations visualize their security architecture with specific visualizations, called management report views.

Security Architecture and Concepts

To create security architecture and concepts:

  • Go to the Collaboration application
  • Click the Architectures panel.
  • Click the Add button
  • Enter a name for a security architecture
  • Click Save
  • Go back to the Data Dashboard of the Collaboration application
  • Click the Concepts panel.
  • Click the Add button
  • Enter a name for a security concept. (for instance: Roles Based Access Control, DMZ, Email Spoofing or Data Hiding)
  • Click Save

Security Architecture Principles

To create security architecture principles:

  • Go to the Collaboration application
  • Click the Principles panel.
  • Click the Add button
  • Enter a name for a principle
  • Click Save

Security Architecture Capabilities

To create security architecture capabilities:

  • Go to the Collaboration application
  • Click the Capabilities panel.
  • Click the Add button
  • Enter a name for a capability
  • Click Save

Models and Relationships

Use the Collaboration application as before to add a model.

To create a relationship between the entered data entities:

  • Go to the Data Dashboard in the Collaboration application
  • Select a Panel.
  • Select a data entity in the list
  • Click Add Relationship
  • Select the model the relationship should be part of
  • Select the entity class and entity name to link to the data entity
  • Select a relationship type
  • Click ok

Security Views

Create the following common security views:

  • Management Overview – How well are the top 10 key strategic security measures taken
  • Roadmap View – When are certain security measures going to be implemented and what will the impact be on what part of the IT infrastructure?
  • Security Data Breach View – Where, when, why and how did security data breaches affect our IT infrastructure (networks and components), Data and IT System?
  • GDPR View – How well do we align with the GDPR rules for private and sensitive data?
  • Confidentiality View – How well do we secure, provide and maintain by the business required confidentiality of the IT infrastructure, Data and IT systems?
  • Integrity View – How well do we secure, provide and maintain the business-required integrity of the IT infrastructure, Data and IT systems?
  • Availability View – How well do we secure, provide and maintain the business required availability of the IT infrastructure, Data and IT systems?
  • Skills & Education View – What knowledge and skills do we have or do we need to gain/develop, as is required by the security architecture, to maintain a secure IT operation?
  • Documentation View – Which parts of the IT infrastructure are documented as is mandatory?
  • Compliance View – Which IT infrastructure components, data and systems are (not) compliant to the standards?
  • Business Process View – Which (lack of) compliance on standards in the IT infrastructure, has (positive/negative) impact on certain processes?

All the visualizations show relationships and dependencies between IT components, within a context.

Microsoft Cyber Security Architecture

Create the Microsoft Cyber Security Architecture on Dragon1 platform.

Download Brochure