Practical Cybersecurity Architecture

By : Ed Moyle, Diana Kelley

Practical Cybersecurity Architecture

By: Ed Moyle, Diana Kelley

Overview of this book

Cybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization. With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs. By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Section 1:Security Architecture

Free Chapter

Chapter 1: What is Cybersecurity Architecture?

Understanding the need for cybersecurity

What is cybersecurity architecture?

Architecture, security standards, and frameworks

Architecture roles and processes

Summary

Chapter 2: The Core of Solution Building

Terminology

Understanding solution building

Establishing the context for designs

Understanding goals

Structures and documents

Risk management and compliance

Establishing a guiding process

Summary

Section 2: Building an Architecture

Chapter 3: Building an Architecture – Scope and Requirements

Understanding scope

Setting architectural scope

Scope – enterprise security

Scope – application security

The process for setting scope

Summary

Chapter 4: Building an Architecture – Your Toolbox

Introduction to the architect's toolbox

Planning tools

Building blocks of secure design

Summary

Chapter 5: Building an Architecture – Developing Enterprise Blueprints

Process

Documenting your high-level approach

Summary

Chapter 6: Building an Architecture – Application Blueprints

Application design considerations

Life cycle models

Considerations for Waterfall projects

Considerations for Agile projects

Considerations for DevOps projects

Process for application security design

Summary

Section 3:Execution

Chapter 7: Execution – Applying Architecture Models

Process steps

Technical design

Operational integration

Telemetry

Summary

Chapter 8: Execution – Future-Proofing

Overcoming obstacles in project execution

Future-proofing designs

Summary

Chapter 9: Putting It All Together

Virtuous cycles

Tips and tricks

Gotchas

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Preface

Cybersecurity is quickly becoming a "make or break" topic area for most businesses. We all can cite numerous examples of headlines describing security issues, notifications from companies or online services that we use, and (in some cases) even breaches that have impacted organizations that we've worked for. We all know the stories of vulnerable software, scammed users, accidental misconfiguration of hardware or software, and numerous other events that can have potentially disastrous consequences for us as individuals and the organizations that we work for.

To avert situations such as these, organizations are placing increasing importance on cybersecurity. They are making it a higher priority and investing in it accordingly. But how can an organization know if they are investing in the right places? Resources are finite, which means that they need to be selective about what security measures they implement and where they apply their limited security budgets. How can organizations know when they have enough security? How do they know that they've attained their security goals when the steps they take are dependent on factors unique to them: what the organization does, how they do it, who's involved, and why? Everything from culture, to business context, to governing regulation, to geography, to industry can play a role here.

Cybersecurity architecture is one way to systematically, holistically, and repeatably answer these questions. Much as a software architect creates a vision for how to achieve a user's goals in software or a network engineer creates a vision for how to achieve the performance and reliability targets for network communications, the cybersecurity architect works to create a vision for cybersecurity. This can be for an application, for a network, for a process, for a business unit, or for an entire organization.

This book takes a practical look at the nuts and bolts of defining, documenting, validating, and ultimately delivering an architectural vision. It draws on existing standards and frameworks for cybersecurity architecture, outlining where (and more importantly how) they can be applied to the architecture process in your organization. The book does this by walking through the architecture process step by step, discussing why each step provides the value it does and how to use it to maximum benefit, and provides tips, gotchas, and techniques from numerous working architects in the field to supplement our own perspective.

Practical Cybersecurity Architecture

By : Ed Moyle, Diana Kelley

Practical Cybersecurity Architecture

By: Ed Moyle, Diana Kelley

Overview of this book

Related Content you might be interested in

Current Title:

Practical Cybersecurity Architecture

Hands-On Cybersecurity for Architects

Cybersecurity and Privacy Law Handbook

Mastering Information Security Compliance Management

Preface