Plan and design robust security architectures to secure your organization's technology landscape and the applications you develop
▶Book Description
Cybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization.
With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs.
By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.
▶What You Will Learn
⦁Explore ways to create your own architectures and analyze those from others
⦁Understand strategies for creating architectures for environments and applications
⦁Discover approaches to documentation using repeatable approaches and tools
⦁Delve into communication techniques for designs, goals, and requirements
⦁Focus on implementation strategies for designs that help reduce risk
⦁Become well-versed with methods to apply architectural discipline to your organization
▶Key Features
⦁Leverage practical use cases to successfully architect complex security structures
⦁Learn risk assessment methodologies for the cloud, networks, and connected devices
⦁Understand cybersecurity architecture to implement effective solutions in medium-to-large enterprises
▶Who This Book Is For
If you are involved in the process of implementing, planning, operating, or maintaining cybersecurity in an organization, then this security book is for you. This includes security practitioners, technology governance practitioners, systems auditors, and software developers invested in keeping their organizations secure. If you're new to cybersecurity architecture, the book takes you through the process step by step; for those who already work in the field and have some experience, the book presents strategies and techniques that will help them develop their skills further.
▶What this book covers
⦁ Chapter 1, What is Cybersecurity Architecture?, provides an overview of cybersecurity architecture: what it is, why it's useful, the business value that it brings to the organization employing it, and the role of the cybersecurity architect within an organization. We highlight the history of cybersecurity architecture, important standards, frameworks, and approaches that the architect can draw upon, and lay out the fundamental requirements for the architect before they get started.
⦁ Chapter 2, The Core of Solution Building, helps the architect assess the important touchstones, contextual background, and goals of the organization. Architecture doesn't happen in a vacuum: the design must be reflective of the organization's needs, its business, and its mission. This chapter helps the architect understand that context the boundaries around what the organization considers important that will allow the architect to systematically and purposefully take action.
⦁ Chapter 3, Building an Architecture – Scope and Requirements, explains that with any project, the outcome must be dictated by what the organization needs. This section presents methods for discovering the scope within which the architect must design as well as the core information about requirements that their solution should address.
⦁ Chapter 4, Building an Architecture – Your Toolbox, is all about building out the toolbox that you will need as you approach the design process. Getting your tools ready ahead of time allows you to have them when you need them. Any project you undertake has a set of tools that will let you do the job successfully. With them, the job is easy – without them, there's nothing harder.
⦁ Chapter 5, Building an Architecture – Developing Enterprise Blueprints, outlines how to gather, document, and validate the necessary information that will allow you to create a high-level architectural definition. This lets you select a solution approach that is consistent with what the organization needs, is documented in such a way to protect the organization and streamline efforts, and ensures that technical implementation approaches are optimal.
⦁ Chapter 6, Building an Architecture – Application Blueprints, provides specific guidance on application security architecture efforts. In many ways, building a cybersecurity architecture for an application is similar to doing so for the organization in aggregate or for a network. However, because there are different audiences that we must present designs and approaches to (and that we must of necessity work collaboratively with), there are some elements of the process that are different.
⦁ Chapter 7, Execution – Applying Architecture Models, walks through how to implement your design concept technically, walking you through elements of execution and realization of the implementation. At this point, you will have created a high-level model, a design that meets the organization's needs. However, the best ideas on paper don't actually provide value until they are implemented.
⦁ Chapter 8, Execution – Future-Proofing, goes through the process of ensuring that a design (and subsequent implementation) that you've deployed stays meaningful over time. It discusses ways to ensure that you keep apprised of changes, that you monitor the effectiveness of your solution over time, and that you build in and adapt instrumentation (such as metrics) to keep things running smoothly after deployment.
⦁ Chapter 9, Putting It All Together, closes the book with strategies that you can use to improve your architecture skills, improve the processes you follow, and ensure that with each project you take on you optimize what you do. We present guidance about common issues that architects run into, how to avoid them, and advice for the architect drawn from the experiences of those in the field.
