Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects, 2nd Ed

Practical Cybersecurity Architecture
Contributors
About the authors
About the reviewer
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
Part 1: Security Architecture
1
What Is Cybersecurity Architecture?
Understanding the need for cybersecurity
What is cybersecurity architecture?
Network versus application security architecture
The role of the architect
Secure network architectures
Secure application architectures
Case study – the value of architecture
Architecture, security standards, and frameworks
Architecture frameworks
Security guidance and standards
Security architecture frameworks
Architecture roles and processes
Roles
Process overview
Key tasks and milestones
Summary
2
Architecture – The Core of Solution Building
Terminology
Understanding solution building
Establishing the context for designs
Understanding goals
Identifying business goals
Dimensions of success
Structures and documents
Policies, procedures, and standards
Applying to architectural frameworks
Additional frameworks
Risk management and compliance
Risk management and appetite
Compliance
Establishing a guiding process
Understanding the business’ high-level goals
Understanding the technology goals
Drawing implied goals from existing documentation
Capturing (or defining) risk tolerances
Accounting for compliance requirements
Summary
Part 2: Building an Architecture
3
Building an Architecture – Scope and Requirements
Understanding scope
What’s in this chapter?
Setting architectural scope
Enterprise security architecture
Application security architecture
Defining scope boundaries
Scope – enterprise security
Existing capability
Risk management
Strategic planning
Case study – enterprise scoping
Scope – application security
The development and release process
Components, services, and design patterns
Team/organizational boundaries
Technology considerations
Case study – application scoping
The process for setting scope
Step 1 – consider high-level goals
Step 2 – review contextual or other constraints
Step 3 – set the initial scope
Step 4 – validate and refine initial scope
Summary
4
Building an Architecture – Your Toolbox
Introduction to the architect’s toolbox
Planning tools
Analytical tools
Informational tools
Modeling and design tools
Case study – data gathering
Building blocks of secure design
Information security policies
Organization of information security
Human resources security
Asset management
Access control
Cryptography
Physical and environmental security
Operations security
Communications security
System acquisition, development, and maintenance
Supplier relationships
Information security incident management
Information security aspects of business continuity management
Compliance
Summary
5
Building an Architecture – Developing Enterprise Blueprints
Requirements
Blueprints
Process
Why ADM?
The vision
Establishing architectural principles
Setting the scope
Getting the desired future (target) state
Case study – shared goals, vision, and engagement
Creating a program
Discovery, identification, and validation
Documenting your high-level approach
Creating the roadmap
Architecture definition
Accompanying documentation
Summary
6
Building an Architecture – Application Blueprints
Application design considerations
Life cycle models
Environment
Considerations for waterfall projects
Requirements phase
Design phase
Implementation phase
Verification phase
Maintenance phase
Case study – waterfall development
Considerations for Agile projects
Conception phase
Inception phase
Construction phase
Release phase
Production phase
Retirement phase
Case study – Agile development
Considerations for DevOps projects
Develop
Build
Unit test
Deploy (integrate)
Quality assurance
Production
Validate
Case study – DevOps/DevSecOps development
Process for application security design
Systems security engineering
Architecture definition process
Architecture definition
Documentation
Validation
Modifying the SDLC and development processes
Summary
Part 3: Execution
7
Execution –Applying Architecture Models
Process steps
Technical design
What specific provider do we use to do this?
Do we need additional infrastructure (VPN, access points, etc.)?
What client software do users require (if any)?
Creating technical implementation strategies
Assess constraints, synergies, and areas of opportunity
Validating against likely threat paths and creating a skeleton solution document
Validating implementation strategies
Finalizing the documentation
Operational integration
Changing context and evolution
Execution monitoring
Case study – Operational integration
Telemetry
Selecting strategic metrics
Selecting operational metrics
Summary
8
Execution – Future-Proofing
Overcoming obstacles in project execution
Scope and requirements
Support failure and organizational issues
Resource shortfalls
Communication failure
Technical and environmental issues
Future-proofing designs
Establishing a virtuous cycle
Monitoring our own environment for changes
Monitoring for external changes
Specifics for machine learning projects
Case study – future-proofing
Summary
9
Putting It All Together
Virtuous cycles
Adapting architectural processes
Tips and tricks
Hone your ability to listen
Cultivate empathy
Have just enough process
When in doubt, over-communicate
Be ready to walk away
Gotchas
Be aware of (but don’t play) politics
Don’t shirk the preparation
Stay engaged until the end
Leave ego at the door
Use a multi-disciplinary approach
Case study: gotchas
Summary
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book