Practical Cybersecurity Architecture
A guide to creating and implementing robust designs for cybersecurity architects
1. Auflage
Erschienen am 10. November 2023
388 Seiten
978-1-83763-028-8 (ISBN)
Beschreibung
Cybersecurity architecture is the discipline of systematically ensuring that an organization is resilient against cybersecurity threats. Cybersecurity architects work in tandem with stakeholders to create a vision for security in the organization and create designs that are implementable, goal-based, and aligned with the organization's governance strategy.
Within this book, you'll learn the fundamentals of cybersecurity architecture as a practical discipline. These fundamentals are evergreen approaches that, once mastered, can be applied and adapted to new and emerging technologies like artificial intelligence and machine learning. You'll learn how to address and mitigate risks, design secure solutions in a purposeful and repeatable way, communicate with others about security designs, and bring designs to fruition. This new edition outlines strategies to help you work with execution teams to make your vision a reality, along with ways of keeping designs relevant over time. As you progress, you'll also learn about well-known frameworks for building robust designs and strategies that you can adopt to create your own designs.
By the end of this book, you'll have the foundational skills required to build infrastructure, cloud, AI, and application solutions for today and well into the future with robust security components for your organization.
Alle Preise
Weitere Details
Weitere Ausgaben
Inhalt
- Cover
- Title Page
- Copyright & Credits
- Contributors
- Table of Contents
- Preface
- Part 1: Security Architecture
- What Is Cybersecurity Architecture?
- Understanding the need for cybersecurity
- What is cybersecurity architecture?
- Network versus application security architecture
- The role of the architect
- Secure network architectures
- Secure application architectures
- Case study - the value of architecture
- Architecture, security standards, and frameworks
- Architecture frameworks
- Security guidance and standards
- Security architecture frameworks
- Architecture roles and processes
- Roles
- Process overview
- Key tasks and milestones
- Summary
- Architecture - The Core of Solution Building
- Terminology
- Understanding solution building
- Establishing the context for designs
- Understanding goals
- Identifying business goals
- Dimensions of success
- Structures and documents
- Policies, procedures, and standards
- Applying to architectural frameworks
- Additional frameworks
- Risk management and compliance
- Risk management and appetite
- Compliance
- Establishing a guiding process
- Understanding the business' high-level goals
- Understanding the technology goals
- Drawing implied goals from existing documentation
- Capturing (or defining) risk tolerances
- Accounting for compliance requirements
- Summary
- Part 2: Building an Architecture
- Building an Architecture - Scope and Requirements
- Understanding scope
- What's in this chapter?
- Setting architectural scope
- Enterprise security architecture
- Application security architecture
- Defining scope boundaries
- Scope - enterprise security
- Existing capability
- Risk management
- Strategic planning
- Case study - enterprise scoping
- Scope - application security
- The development and release process
- Components, services, and design patterns
- Team/organizational boundaries
- Technology considerations
- Case study - application scoping
- The process for setting scope
- Step 1 - consider high-level goals
- Step 2 - review contextual or other constraints
- Step 3 - set the initial scope
- Step 4 - validate and refine initial scope
- Summary
- Building an Architecture - Your Toolbox
- Introduction to the architect's toolbox
- Planning tools
- Analytical tools
- Informational tools
- Modeling and design tools
- Case study - data gathering
- Building blocks of secure design
- Information security policies
- Organization of information security
- Human resources security
- Asset management
- Access control
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- System acquisition, development, and maintenance
- Supplier relationships
- Information security incident management
- Information security aspects of business continuity management
- Compliance
- Summary
- Building an Architecture - Developing Enterprise Blueprints
- Requirements
- Blueprints
- Process
- Why ADM?
- The vision
- Establishing architectural principles
- Setting the scope
- Getting the desired future (target) state
- Case study - shared goals, vision, and engagement
- Creating a program
- Discovery, identification, and validation
- Documenting your high-level approach
- Creating the roadmap
- Architecture definition
- Accompanying documentation
- Summary
- Building an Architecture - Application Blueprints
- Application design considerations
- Life cycle models
- Environment
- Considerations for waterfall projects
- Requirements phase
- Design phase
- Implementation phase
- Verification phase
- Maintenance phase
- Case study - waterfall development
- Considerations for Agile projects
- Conception phase
- Inception phase
- Construction phase
- Release phase
- Production phase
- Retirement phase
- Case study - Agile development
- Considerations for DevOps projects
- Develop
- Build
- Unit test
- Deploy (integrate)
- Quality assurance
- Production
- Validate
- Case study - DevOps/DevSecOps development
- Process for application security design
- Systems security engineering
- Architecture definition process
- Architecture definition
- Documentation
- Validation
- Modifying the SDLC and development processes
- Summary
- Part 3: Execution
- Execution -Applying Architecture Models
- Process steps
- Technical design
- What specific provider do we use to do this?
- Do we need additional infrastructure (VPN, access points, etc.)?
- What client software do users require (if any)?
- Creating technical implementation strategies
- Assess constraints, synergies, and areas of opportunity
- Validating against likely threat paths and creating a skeleton solution document
- Validating implementation strategies
- Finalizing the documentation
- Operational integration
- Changing context and evolution
- Execution monitoring
- Case study - Operational integration
- Telemetry
- Selecting strategic metrics
- Selecting operational metrics
- Summary
- Execution - Future-Proofing
- Overcoming obstacles in project execution
- Scope and requirements
- Support failure and organizational issues
- Resource shortfalls
- Communication failure
- Technical and environmental issues
- Future-proofing designs
- Establishing a virtuous cycle
- Monitoring our own environment for changes
- Monitoring for external changes
- Specifics for machine learning projects
- Case study - future-proofing
- Summary
- Putting It All Together
- Virtuous cycles
- Adapting architectural processes
- Tips and tricks
- Hone your ability to listen
- Cultivate empathy
- Have just enough process
- When in doubt, over-communicate
- Be ready to walk away
- Gotchas
- Be aware of (but don't play) politics
- Don't shirk the preparation
- Stay engaged until the end
- Leave ego at the door
- Use a multi-disciplinary approach
- Case study: gotchas
- Summary
- Index
- Other Books You May Enjoy
