book

Practical Cybersecurity Architecture - Second Edition

by Diana Kelley, Ed Moyle

November 2023

Intermediate to advanced

388 pages

13h 56m

English

Packt Publishing

Read now

Unlock full access

ContributorsAbout the authorsAbout the reviewer
Who this book is forWhat this book coversTo get the most out of this bookConventions usedGet in touchShare Your ThoughtsDownload a free PDF copy of this book
Understanding the need for cybersecurityWhat is cybersecurity architecture?Network versus application security architecture The role of the architectSecure network architecturesSecure application architecturesCase study – the value of architectureArchitecture, security standards, and frameworksArchitecture frameworksSecurity guidance and standardsSecurity architecture frameworksArchitecture roles and processesRolesProcess overviewKey tasks and milestonesSummary
TerminologyUnderstanding solution buildingEstablishing the context for designsUnderstanding goalsIdentifying business goalsDimensions of successStructures and documentsPolicies, procedures, and standardsApplying to architectural frameworksAdditional frameworksRisk management and complianceRisk management and appetiteComplianceEstablishing a guiding processUnderstanding the business’ high-level goalsUnderstanding the technology goalsDrawing implied goals from existing documentationCapturing (or defining) risk tolerancesAccounting for compliance requirementsSummary
Understanding scopeWhat’s in this chapter?Setting architectural scopeEnterprise security architectureApplication security architectureDefining scope boundariesScope – enterprise securityExisting capabilityRisk managementStrategic planningCase study – enterprise scopingScope – application securityThe development and release processComponents, services, and design patternsTeam/organizational boundariesTechnology considerationsCase study – application scopingThe process for setting scopeStep 1 – consider high-level goalsStep 2 – review contextual or other constraintsStep 3 – set the initial scopeStep 4 – validate and refine initial scopeSummary
Introduction to the architect’s toolboxPlanning toolsAnalytical toolsInformational toolsModeling and design toolsCase study – data gatheringBuilding blocks of secure designInformation security policiesOrganization of information securityHuman resources securityAsset managementAccess controlCryptographyPhysical and environmental securityOperations securityCommunications securitySystem acquisition, development, and maintenanceSupplier relationshipsInformation security incident managementInformation security aspects of business continuity managementComplianceSummary
RequirementsBlueprintsProcessWhy ADM?The visionEstablishing architectural principlesSetting the scopeGetting the desired future (target) stateCase study – shared goals, vision, and engagementCreating a programDiscovery, identification, and validationDocumenting your high-level approachCreating the roadmapArchitecture definitionAccompanying documentationSummary
Application design considerationsLife cycle modelsEnvironmentConsiderations for waterfall projectsRequirements phaseDesign phaseImplementation phaseVerification phaseMaintenance phaseCase study – waterfall developmentConsiderations for Agile projectsConception phaseInception phaseConstruction phaseRelease phaseProduction phaseRetirement phaseCase study – Agile developmentConsiderations for DevOps projectsDevelopBuildUnit testDeploy (integrate)Quality assuranceProductionValidateCase study – DevOps/DevSecOps developmentProcess for application security designSystems security engineeringArchitecture definition processArchitecture definitionDocumentationValidationModifying the SDLC and development processesSummary

Process stepsTechnical designWhat specific provider do we use to do this?Do we need additional infrastructure (VPN, access points, etc.)?What client software do users require (if any)?Creating technical implementation strategiesAssess constraints, synergies, and areas of opportunityValidating against likely threat paths and creating a skeleton solution documentValidating implementation strategiesFinalizing the documentationOperational integrationChanging context and evolutionExecution monitoringCase study – Operational integrationTelemetrySelecting strategic metricsSelecting operational metricsSummary
Overcoming obstacles in project executionScope and requirementsSupport failure and organizational issuesResource shortfallsCommunication failureTechnical and environmental issuesFuture-proofing designsEstablishing a virtuous cycleMonitoring our own environment for changesMonitoring for external changesSpecifics for machine learning projectsCase study – future-proofingSummary
Virtuous cyclesAdapting architectural processesTips and tricksHone your ability to listenCultivate empathyHave just enough processWhen in doubt, over-communicateBe ready to walk awayGotchasBe aware of (but don’t play) politicsDon’t shirk the preparationStay engaged until the endLeave ego at the doorUse a multi-disciplinary approachCase study: gotchasSummary
Other Books You May EnjoyPackt is searching for authors like youShare Your ThoughtsDownload a free PDF copy of this book

Content preview from Practical Cybersecurity Architecture - Second Edition

3 Building an Architecture – Scope and Requirements

In the previous chapter, we went through how to establish the laws of the universe, which set the context for our architectural design work. Specifically, we examined the nuances of the organization that have the potential to guide or constrain our designs or their subsequent execution. This includes the organization’s risk tolerances, goals, compliance requirements, context, business, and anything else that may play a role in the overall approach.

All these things are important to establish context and provide us with a framework to work within. However, on their own, they are not the entirety of what you need to know to plan and field a design. More is required to do that – in particular, ...