Book Image

Practical Cybersecurity Architecture

By : Ed Moyle, Diana Kelley
Book Image

Practical Cybersecurity Architecture

By: Ed Moyle, Diana Kelley

Overview of this book

Cybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization. With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs. By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.
Table of Contents (14 chapters)
1
Section 1:Security Architecture
4
Section 2: Building an Architecture
9
Section 3:Execution

The process for setting scope

"You're going to know some preliminaries about scope when you look at the environment from a data perspective. The data will help give you information about scope, as will your discussions with stakeholders. Data can drive decision making around scope initially (due to frameworks), but keep in mind that you can expand scope as you go forward with the inclusion of additional data elements, other areas of the organization, or other business processes."

– Dr. Richard Perez, vCISO

So now that you understand why we are approaching it this way and what factors are driving this (both from an enterprise cybersecurity architecture viewpoint as well as in an application context), the next step is to outline a process or recipe that we can follow to make it happen.

Before we get into details, we should point out that we're in a little bit of a catch-22 situation when it comes to scope. On the one hand, until we can validate with...