Introducing security frameworks
Before exploring security frameworks, let me describe the typical duties of a security architect. One of the best ways to identify them is to look at Certified Information Systems Security Professional (CISSP) certification, which is the most wanted certification for security professionals. The CISSP exam covers the following topics:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management (IAM)
- Security Assessment and Testing
- Security Operations Center (SOC)
- Software Development Security
The list is composed of both IT and technical security topics. I don't know about you, but as a cloud architect I am heavily exposed to security demands, and I consider that being able to talk the language of a security architect is a key asset to overcome some hurdles.
A properly driven security organization revolves around...