Book Image

Practical Cybersecurity Architecture

By : Ed Moyle, Diana Kelley
Book Image

Practical Cybersecurity Architecture

By: Ed Moyle, Diana Kelley

Overview of this book

Cybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization. With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs. By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.

Related Content you might be interested in

Current Title:

Small book image
Practical Cybersecurity Architecture
Ed Moyle | Diana Kelley
Nov, 2020 | 418 pages
Small book image
Hands-On Cybersecurity for Architects
Milad Aslaner | Neil Rerup
Jul, 2018 | 346 pages
Small book image
Cybersecurity and Privacy Law Handbook
Walter Rocchi
Dec, 2022 | 230 pages
Small book image
Mastering Information Security Compliance Management
Adarsh Nair | Greeshma M R
Aug, 2023 | 236 pages
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1:Security Architecture
Section 1:Security Architecture
Free Chapter
2
Chapter 1: What is Cybersecurity Architecture?
Chapter 1: What is Cybersecurity Architecture?
Understanding the need for cybersecurity
What is cybersecurity architecture?
Architecture, security standards, and frameworks
Architecture roles and processes
Summary
3
Chapter 2: The Core of Solution Building
Chapter 2: The Core of Solution Building
Terminology
Understanding solution building
Establishing the context for designs
Understanding goals
Structures and documents
Risk management and compliance
Establishing a guiding process
Summary
4
Section 2: Building an Architecture
Section 2: Building an Architecture
5
Chapter 3: Building an Architecture – Scope and Requirements
Chapter 3: Building an Architecture – Scope and Requirements
Understanding scope
Setting architectural scope
Scope – enterprise security
Scope – application security
The process for setting scope
Summary
6
Chapter 4: Building an Architecture – Your Toolbox
Chapter 4: Building an Architecture – Your Toolbox
Introduction to the architect's toolbox
Planning tools
Building blocks of secure design
Summary
7
Chapter 5: Building an Architecture – Developing Enterprise Blueprints
Chapter 5: Building an Architecture – Developing Enterprise Blueprints
Requirements
Blueprints
Process
The vision
Creating a program
Documenting your high-level approach
Summary
8
Chapter 6: Building an Architecture – Application Blueprints
Chapter 6: Building an Architecture – Application Blueprints
Application design considerations
Life cycle models
Considerations for Waterfall projects
Considerations for Agile projects
Considerations for DevOps projects
Process for application security design
Summary
9
Section 3:Execution
Section 3:Execution
10
Chapter 7: Execution – Applying Architecture Models
Chapter 7: Execution – Applying Architecture Models
Process steps
Technical design
Operational integration
Telemetry
Summary
11
Chapter 8: Execution – Future-Proofing
Chapter 8: Execution – Future-Proofing
Overcoming obstacles in project execution
Future-proofing designs
Summary
12
Chapter 9: Putting It All Together
Chapter 9: Putting It All Together
Virtuous cycles
Tips and tricks
Gotchas
Summary
13
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Chapter 1: What is Cybersecurity Architecture?

Let's face it, cybersecurity can be a scary, stress-inducing proposition. And it's no wonder. Cybersecurity in modern business is high stakes. We've all seen headlines about data breaches, attacks, even accidental exposures impacting some of the largest companies (not to mention governments) in the world. The truth is, if you do security wrong, you open yourself up to attack. In fact, even if you do everything perfectly, circumstances can still put you at risk anyway. It's a challenging field – and it can be difficult to get right.

We want to be clear right from the start that this book is not about a new security architecture framework, a new set of competing architectural methods to what already exists, and it's not a reference book. These all already exist and provide plenty of value to those actively using them. In fact, we might argue that the single biggest limiting factor to the discipline itself is the fact that more people aren't actively using, or have detailed knowledge of, that excellent source material.

Therefore, rather than contributing to that problem by muddying the waters or adding competing foundational material, our intent is to demonstrate clearly how to do the work. Meaning our intent is that this book reads more like a playbook designed to build muscle memory.

Think about the difference between reading a book on ballistic physics versus working with a pitching coach. The physics book will almost certainly lead you to a deeper understanding of the mechanics, forces, and mathematics of a baseball in flight than you could ever possibly derive from working with a coach. Yet, even with the deepest understanding of the physics, you probably won't pitch a no-hitter for the Yankees. That is, you won't do so unless and until you also build the requisite muscle memory, put in the time to practice and hone your technique, and work with those who can help you improve. However, knowledge of the underlying physics can inform (to great effect) the value derived from working with a coach as those principles can help you hone your technique and realize even greater potential.

Our intention with this book, therefore, is to act as a sort of training guide for those looking to build the skills of cybersecurity architecture, either because they are in a new architectural role and they want to build the necessary practical skills, or because they're an existing practitioner who wants to improve. We do this by building on the theoretical models, drawing from them, and incorporating them to lay out specific, practical steps that can be followed by anyone willing to do the work. We are focusing here on one set of steps and techniques – those that have worked for us – and supplementing that with techniques that we've gathered from practitioners throughout the industry in architectural roles (either on a large or small scale).

Nor is this book a catalog of security controls. We have purposefully refrained from listing out in detail the hundreds – if not thousands – of possible controls, security techniques, technical countermeasures, and other specific technologies that you might choose to adopt as implementation strategies. Consider, by analogy, a primer on the techniques of cooking. Would such a book dedicate hundreds of pages to descriptions of every possible ingredient that the home cook or professional chef might encounter throughout their career? No. Such an exercise would make for boring reading (in fact, it would serve as a distraction from the book's utility), would rapidly become outdated, and would serve little purpose as that material is available through numerous other avenues. Instead, we've chosen to focus on the techniques and principles of architecture, leaving the detailed descriptions of specific technical strategies to the numerous standards and guidance that already exist.

Throughout the course of this book, we'll introduce you to a number of practitioners and provide their viewpoints, their philosophy, their advice about processes, where they've been successful, and where they've made mistakes. We've tried to assemble those who have different perspectives on the discipline of architecture: some from large companies, some from small, some heavily invested in formal architectural models and frameworks (in a few cases, those who've actually authored them), and those that espouse less formal processes. The one thing these professionals all have in common is they've all been successful as security architects.

As we do this, you may notice that some of the perspectives differ from each other – in some cases, their advice differs from our approach. This is to be expected. We hope that by presenting all the viewpoints to you, they will help you better synthesize and integrate the concepts, provide you with alternative approaches if the way we've done it isn't the way that's most comfortable, and provide a window into the many different strategies that you can use to achieve your security architecture goals.

So, to get the most value out of this book, we suggest that you follow along with us. You will still derive value from just reading the words and learning the concepts. However, we believe you will derive even more value if you seek to apply them – as they are presented to you so they are still fresh in your mind – to your job. If you've never done architecture before, try to develop and implement a plan, working side by side with us as you do so. If you're an existing practitioner, try these techniques as a supplement to your own.

Keeping in mind this philosophy, it's natural to be anxious to move directly into the practical steps of building a security architecture. Before we can get into the "nitty-gritty" though, there are a few things we need to level set. This first chapter is intended to cover these prerequisites. We believe that understanding the why of cybersecurity architecture (that is, why do it in the first place?) is perhaps the most valuable thing you can learn in this book or any other.

This first chapter then is almost entirely focused on two things. First, making sure you understand why cybersecurity architecture exists in the first place (that is, the value it provides, and how and why it helps organizations reach their security goals). Second, teeing up some of the background information necessary for us to leap right into Chapter 2, The Core of Solution Building. This chapter covers the following:

  • Understanding the need for cybersecurity
  • What is cybersecurity architecture?
  • Architecture, security standards, and frameworks
  • Architecture roles and processes
Previous Section
End of Section 1
Next Section