Book Image

Practical Cybersecurity Architecture - Second Edition

By : Diana Kelley, Ed Moyle
Book Image

Practical Cybersecurity Architecture - Second Edition

By: Diana Kelley, Ed Moyle

Overview of this book

Cybersecurity architecture is the discipline of systematically ensuring that an organization is resilient against cybersecurity threats. Cybersecurity architects work in tandem with stakeholders to create a vision for security in the organization and create designs that are implementable, goal-based, and aligned with the organization’s governance strategy. Within this book, you'll learn the fundamentals of cybersecurity architecture as a practical discipline. These fundamentals are evergreen approaches that, once mastered, can be applied and adapted to new and emerging technologies like artificial intelligence and machine learning. You’ll learn how to address and mitigate risks, design secure solutions in a purposeful and repeatable way, communicate with others about security designs, and bring designs to fruition. This new edition outlines strategies to help you work with execution teams to make your vision a reality, along with ways of keeping designs relevant over time. As you progress, you'll also learn about well-known frameworks for building robust designs and strategies that you can adopt to create your own designs. By the end of this book, you’ll have the foundational skills required to build infrastructure, cloud, AI, and application solutions for today and well into the future with robust security components for your organization.
Table of Contents (15 chapters)
1
Part 1: Security Architecture
4
Part 2: Building an Architecture
9
Part 3: Execution

What this book covers

Chapter 1, What Is Cybersecurity Architecture?, provides an overview of cybersecurity architecture: what it is, why it’s useful, the business value that it brings to the organization employing it, and the role of the cybersecurity architect within an organization. We highlight the history of cybersecurity architecture and important standards, frameworks, and approaches that the architect can draw upon, and lay out the fundamental requirements for the architect before they get started.

Chapter 2, Core of Solution Building, helps the architect assess the important touchstones, contextual background, and goals of the organization. Architecture doesn’t happen in a vacuum: the design must be reflective of the organization’s needs, its business, and its mission. This chapter helps the architect understand that context – the boundaries around what the organization considers important – that will allow the architect to systematically and purposefully take action.

Chapter 3, Building an Architecture – Scope and Requirements, looks at how, as with any project, the outcome must be dictated by what the organization needs. This chapter presents methods for discovering the scope within which the architect must design as well as the core information about requirements that their solution should address.

Chapter 4, Building an Architecture – Your Toolbox, explains how any project you undertake has a set of tools that will let you do the job successfully. With them, the job is easy – without them, there’s nothing harder. This chapter is all about building out the toolbox that you will need as you approach the design process. Getting your tools ready ahead of time allows you to have them when you need them.

Chapter 5, Building an Architecture – Developing Enterprise Blueprints, outlines how to gather, document, and validate the necessary information that will allow you to create a high-level architectural definition. This lets you select a solution approach that is consistent with what the organization needs and is documented in such a way as to protect the organization, streamline efforts, and ensure that technical implementation approaches are optimal.

Chapter 6, Building an Architecture – Application Blueprints, looks at how, in many ways, building a cybersecurity architecture for an application is similar to doing so for the organization in aggregate or for a network. However, because there are different audiences to whom we must present designs and approaches (and that we must of necessity work collaboratively with), there are some elements of the process that are different. To accommodate this, we provide specific guidance on application security architecture efforts within this chapter.

Chapter 7, Execution – Applying Architecture Models, walks through how to implement your design concept technically, walking you through elements of execution and realization of the implementation, as at this point, you will have created a high-level “model”: a design that meets the organization’s needs. However, the best ideas on paper don’t actually provide value until they are implemented.

Chapter 8, Execution – Future-Proofing, goes through the process of ensuring that a design (and subsequent implementation) that you’ve deployed stays meaningful over time. It discusses ways to ensure that you keep apprised of changes, that you monitor the effectiveness of your solution over time, and that you build in and adapt instrumentation (e.g., metrics) to keep things running smoothly after deployment.

Chapter 9, Putting It All Together, closes the book with strategies that you can use to improve your architecture skills, improve the processes you follow, and ensure that, with each project you take on, you optimize what you do. We present guidance about common issues that architects run into, how to avoid them, and advice for the architect drawn from the experiences of those in the field.