Security Architecture Framework
What is Security Architecture?
Unfortunately, there is no single answer to this question. there are many interpretations and definitions on the internet which cover security architecture. Whether it be applied to software, computers, enterprises, networks etc. they all differ slightly. However, at Aspirenet Ltd. we follow the UK’s National Cyber Security Centre’s (NCSC’s) definition of Security Architecture [1] in that we believe Security Architecture is;
The practice of designing systems to achieve security goals.
We believe that those security goals are to IDENTIFY your business assets and the risks to them, PROTECT those assets and your business from attack, DETECT attacks to those assets, RESPOND to attacks & RECOVER your assets and ultimately reduce your business losses.
These security goals are achieved through the use of TECHNOLOGY, PEOPLE, and PROCESSES.
What are the elements of Security Architecture?
There are several elements which make up a good cyber security architecture framework. The underlying elements are those of assured and proven modular patterns which can be re-used and are scalable. These patterns save the business time and money when applying a security architecture which meets those security goals, to another area of the business or another project.
These patterns can contain multiple components cutting across different areas of the business, for example;
User training & awareness
Policies & Procedures
Baseline configurations for devices
Access controls
Testing
Incident response play books
Identification of roles & responsibilities
These are just a few examples of components which may be included in a pattern. Our blog discussing defence in depth (https://aspirenet.ltd/blog/f/defence-in-depth) gives more detail on those components which would make up a good pattern.
Another element is that of defined security principles which are derived from the business requirements. by aligning these security principles with your business requirements, you ensure that your cyber security architecture framework not only supports your business but also delivers benefits to your organisation.
No matter how small or large your business is, it will benefit from implementing security architecture through one of the security architecture frameworks.
What is a Security Architecture framework?
A security architecture framework defines those elements listed above, guidelines on how best to implement them & what level of the business should be engaged and when. Frameworks offer a modular approach to implementation, breaking down the areas required to meet the requirements which will meet compliance with the framework.
There are several security architecture frameworks available. Some are designed for large enterprises, some are designed for small to medium sized business, a few can be applied to both and then there are those which must be applied to specific industries.
Some examples of available security frameworks are;
ISO27001
Cyber Essentials & IASME Governance
NIST Cyber security Framework
SABSA
OSA
PCI-DSS
SOC
Aspirenet Security Architecture Services
With the ever changing and new technologies that become part and parcel of business life, and the integration of those technologies into the business, it becomes more difficult to visualise where the boundaries lie regarding what is being secured and how is it secured.
Bring security in line with your business strategy and goals and allow you and your business to confidently grow with the knowledge that your information which is processed, stored, and transmitted on those critical computer systems will remain confidential, available and maintain its integrity through its lifecycle.
By implementing and operating a Security Architecture Framework, you can give yourself the confidence that your business will not only identify & protect your information and computer systems, but also detect an attack when it occurs and recover from it quickly, minimising your business downtime and of course, your financial losses.
Contact us today to Assess, Advise, Apply and Achieve continual improvement in your business by successfully implementing a Security Architectural Framework.
[1] - https://www.ncsc.gov.uk/blog-post/how-ncsc-thinks-about-security-architecture
We are always keen to learn what our clients need or want
Please email support@aspirenet.ltd and let us know what you'd like to see, or contact us via our contact us page