Book Image

Practical Cybersecurity Architecture

By : Ed Moyle, Diana Kelley
Book Image

Practical Cybersecurity Architecture

By: Ed Moyle, Diana Kelley

Overview of this book

Cybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization. With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs. By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.
Table of Contents (14 chapters)
Section 1:Security Architecture
Section 2: Building an Architecture
Section 3:Execution

Scope – application security

"In the requirements phase, you need to ask both what security controls are needed, but also ask what shouldn't happen (account for those things as you find them). During design, threat modeling lets you ensure you understand what could go wrong so that you can design those considerations in. During implementation, incorporate security into IDE, modular code reviews, check-ins, and so on instead of waiting to reach the testing phase for a security-focused discussion to happen. During testing, evolve the security testing program to move from regular intervals to an irregular (unpredictable) or – better yet – continuous manner. Lastly, as you maintain, change the metrics from primarily KPI-driven (for example, the number of critical vulns in production systems) to KRI-driven (for example, – the number of critical vulns out of SLA in the production env)."

– Phoram Mehta, Director & Head of Infosec APAC...