What this book covers

Chapter 1, What is Cybersecurity Architecture?, provides an overview of cybersecurity architecture: what it is, why it's useful, the business value that it brings to the organization employing it, and the role of the cybersecurity architect within an organization. We highlight the history of cybersecurity architecture, important standards, frameworks, and approaches that the architect can draw upon, and lay out the fundamental requirements for the architect before they get started.

Chapter 2, The Core of Solution Building, helps the architect assess the important touchstones, contextual background, and goals of the organization. Architecture doesn't happen in a vacuum: the design must be reflective of the organization's needs, its business, and its mission. This chapter helps the architect understand that context the boundaries around what the organization considers important that will allow the architect to systematically and purposefully take action.

Chapter 3, Building an Architecture – Scope and Requirements, explains that with any project, the outcome must be dictated by what the organization needs. This section presents methods for discovering the scope within which the architect must design as well as the core information about requirements that their solution should address.

Chapter 4, Building an Architecture – Your Toolbox, is all about building out the toolbox that you will need as you approach the design process. Getting your tools ready ahead of time allows you to have them when you need them. Any project you undertake has a set of tools that will let you do the job successfully. With them, the job is easy – without them, there's nothing harder.

Chapter 5, Building an Architecture – Developing Enterprise Blueprints, outlines how to gather, document, and validate the necessary information that will allow you to create a high-level architectural definition. This lets you select a solution approach that is consistent with what the organization needs, is documented in such a way to protect the organization and streamline efforts, and ensures that technical implementation approaches are optimal.

Chapter 6, Building an Architecture – Application Blueprints, provides specific guidance on application security architecture efforts. In many ways, building a cybersecurity architecture for an application is similar to doing so for the organization in aggregate or for a network. However, because there are different audiences that we must present designs and approaches to (and that we must of necessity work collaboratively with), there are some elements of the process that are different.

Chapter 7, Execution – Applying Architecture Models, walks through how to implement your design concept technically, walking you through elements of execution and realization of the implementation. At this point, you will have created a high-level model, a design that meets the organization's needs. However, the best ideas on paper don't actually provide value until they are implemented.

Chapter 8, Execution – Future-Proofing, goes through the process of ensuring that a design (and subsequent implementation) that you've deployed stays meaningful over time. It discusses ways to ensure that you keep apprised of changes, that you monitor the effectiveness of your solution over time, and that you build in and adapt instrumentation (such as metrics) to keep things running smoothly after deployment.

Chapter 9, Putting It All Together, closes the book with strategies that you can use to improve your architecture skills, improve the processes you follow, and ensure that with each project you take on you optimize what you do. We present guidance about common issues that architects run into, how to avoid them, and advice for the architect drawn from the experiences of those in the field.