Book Image

Practical Cybersecurity Architecture

By : Ed Moyle, Diana Kelley
Book Image

Practical Cybersecurity Architecture

By: Ed Moyle, Diana Kelley

Overview of this book

Cybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization. With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs. By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.
Table of Contents (14 chapters)
Section 1:Security Architecture
Section 2: Building an Architecture
Section 3:Execution

To get the most out of this book

To be as practical in our approach as possible, we've made a few assumptions about the reader, their skill level, and their needs. First, we assume that the reader will know the basics of cybersecurity (information security), such as having a working knowledge of common security controls. Second, we assume a baseline of enterprise technology knowledge.

We've also assumed that the organization in which the reader will be applying the techniques we discuss is like most: one that could benefit from increased architectural rigor but where rigor itself is not an end goal. Larger organizations that systematically follow a highly rigorous process – or service providers with contractual requirements to do so – will find that we have scaled back or streamlined some elements of processes to make them accessible and achievable for smaller teams. In general, we have stated explicitly where, how, and why we have made these changes in the sections where we do so.

Lastly, we suggest (but it is not required) that readers have one or more active "problems" that they can apply the techniques in this book to, meaning that they can apply the process sequentially as they learn it to the real-world challenges in their job. Being able to apply the concepts directly helps ensure that the principles are retained.