𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects

✍ Scribed by Diana Kelley, Ed Moyle

Publisher
Packt Publishing
Year
2023
Tongue
English
Leaves
388
Edition
2
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Plan, design, and build resilient security architectures to secure your organization’s hybrid networks, cloud-based workflows, services, and applications

Key Features

  • Understand the role of the architect in successfully creating complex security structures
  • Learn methodologies for creating architecture documentation, engaging stakeholders, and implementing designs
  • Understand how to refine and improve architecture methodologies to meet business challenges
  • Purchase of the print or Kindle book includes a free PDF eBook

Book Description

Cybersecurity architecture is the discipline of systematically ensuring that an organization is resilient against cybersecurity threats. Cybersecurity architects work in tandem with stakeholders to create a vision for security in the organization and create designs that are implementable, goal-based, and aligned with the organization’s governance strategy.

Within this book, you'll learn the fundamentals of cybersecurity architecture as a practical discipline. These fundamentals are evergreen approaches that, once mastered, can be applied and adapted to new and emerging technologies like artificial intelligence and machine learning. You’ll learn how to address and mitigate risks, design secure solutions in a purposeful and repeatable way, communicate with others about security designs, and bring designs to fruition. This new edition outlines strategies to help you work with execution teams to make your vision a reality, along with ways of keeping designs relevant over time. As you progress, you'll also learn about well-known frameworks for building robust designs and strategies that you can adopt to create your own designs.

By the end of this book, you’ll have the foundational skills required to build infrastructure, cloud, AI, and application solutions for today and well into the future with robust security components for your organization.

What you will learn

  • Create your own architectures and analyze different models
  • Understand strategies for creating architectures for environments and applications
  • Discover approaches to documentation using repeatable approaches and tools
  • Discover different communication techniques for designs, goals, and requirements
  • Focus on implementation strategies for designs that help reduce risk
  • Apply architectural discipline to your organization using best practices

Who this book is for

This book is for new as well as seasoned cybersecurity architects looking to explore and polish their cybersecurity architecture skills. Additionally, anyone involved in the process of implementing, planning, operating, or maintaining cybersecurity in an organization can benefit from this book. If you are a security practitioner, systems auditor, and (to a lesser extent) software developer invested in keeping your organization secure, this book will act as a reference guide.

Table of Contents

  1. What is Cybersecurity Architecture?
  2. Architecture – The Core of Solution Building
  3. Building an Architecture – Scope and Requirements
  4. Building an Architecture – Your Toolbox
  5. Building an Architecture – Developing Enterprise Blueprints
  6. Building an Architecture – Application Blueprints
  7. Execution – Applying Architecture Models
  8. Execution – Future-Proofing
  9. Putting It All Together

✦ Table of Contents

Cover
Title Page
Copyright & Credits
Contributors
Table of Contents
Preface
Part 1: Security Architecture
What Is Cybersecurity Architecture?
Understanding the need for cybersecurity
What is cybersecurity architecture?
Network versus application security architecture
The role of the architect
Secure network architectures
Secure application architectures
Case study – the value of architecture
Architecture, security standards, and frameworks
Architecture frameworks
Security guidance and standards
Security architecture frameworks
Architecture roles and processes
Roles
Process overview
Key tasks and milestones
Summary
Architecture – The Core of Solution Building
Terminology
Understanding solution building
Establishing the context for designs
Understanding goals
Identifying business goals
Dimensions of success
Structures and documents
Policies, procedures, and standards
Applying to architectural frameworks
Additional frameworks
Risk management and compliance
Risk management and appetite
Compliance
Establishing a guiding process
Understanding the business’ high-level goals
Understanding the technology goals
Drawing implied goals from existing documentation
Capturing (or defining) risk tolerances
Accounting for compliance requirements
Summary
Part 2: Building an Architecture
Building an Architecture – Scope and Requirements
Understanding scope
What’s in this chapter?
Setting architectural scope
Enterprise security architecture
Application security architecture
Defining scope boundaries
Scope – enterprise security
Existing capability
Risk management
Strategic planning
Case study – enterprise scoping
Scope – application security
The development and release process
Components, services, and design patterns
Team/organizational boundaries
Technology considerations
Case study – application scoping
The process for setting scope
Step 1 – consider high-level goals
Step 2 – review contextual or other constraints
Step 3 – set the initial scope
Step 4 – validate and refine initial scope
Summary
Building an Architecture – Your Toolbox
Introduction to the architect’s toolbox
Planning tools
Analytical tools
Informational tools
Modeling and design tools
Case study – data gathering
Building blocks of secure design
Information security policies
Organization of information security
Human resources security
Asset management
Access control
Cryptography
Physical and environmental security
Operations security
Communications security
System acquisition, development, and maintenance
Supplier relationships
Information security incident management
Information security aspects of business continuity management
Compliance
Summary
Building an Architecture – Developing Enterprise Blueprints
Requirements
Blueprints
Process
Why ADM?
The vision
Establishing architectural principles
Setting the scope
Getting the desired future (target) state
Case study – shared goals, vision, and engagement
Creating a program
Discovery, identification, and validation
Documenting your high-level approach
Creating the roadmap
Architecture definition
Accompanying documentation
Summary
Building an Architecture – Application Blueprints
Application design considerations
Life cycle models
Environment
Considerations for waterfall projects
Requirements phase
Design phase
Implementation phase
Verification phase
Maintenance phase
Case study – waterfall development
Considerations for Agile projects
Conception phase
Inception phase
Construction phase
Release phase
Production phase
Retirement phase
Case study – Agile development
Considerations for DevOps projects
Develop
Build
Unit test
Deploy (integrate)
Quality assurance
Production
Validate
Case study – DevOps/DevSecOps development
Process for application security design
Systems security engineering
Architecture definition process
Architecture definition
Documentation
Validation
Modifying the SDLC and development processes
Summary
Part 3: Execution
Execution –Applying Architecture Models
Process steps
Technical design
What specific provider do we use to do this?
Do we need additional infrastructure (VPN, access points, etc.)?
What client software do users require (if any)?
Creating technical implementation strategies
Assess constraints, synergies, and areas of opportunity
Validating against likely threat paths and creating a skeleton solution document
Validating implementation strategies
Finalizing the documentation
Operational integration
Changing context and evolution
Execution monitoring
Case study – Operational integration
Telemetry
Selecting strategic metrics
Selecting operational metrics
Summary
Execution – Future-Proofing
Overcoming obstacles in project execution
Scope and requirements
Support failure and organizational issues
Resource shortfalls
Communication failure
Technical and environmental issues
Future-proofing designs
Establishing a virtuous cycle
Monitoring our own environment for changes
Monitoring for external changes
Specifics for machine learning projects
Case study – future-proofing
Summary
Putting It All Together
Virtuous cycles
Adapting architectural processes
Tips and tricks
Hone your ability to listen
Cultivate empathy
Have just enough process
When in doubt, over-communicate
Be ready to walk away
Gotchas
Be aware of (but don’t play) politics
Don’t shirk the preparation
Stay engaged until the end
Leave ego at the door
Use a multi-disciplinary approach
Case study: gotchas
Summary
Index
Other Books You May Enjoy

πŸ“œ SIMILAR VOLUMES

Practical Cybersecurity Architecture: A
πŸ“ Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects
✍ Ed Moyle, Diana Kelley πŸ“‚ Library πŸ“… 2020 πŸ› Packt Publishing 🌐 English

<p><b>Plan and design robust security architectures to secure your organization's technology landscape and the applications you develop</b></p><h4>Key Features</h4><ul><li>Leverage practical use cases to successfully architect complex security structures</li><li>Learn risk assessment methodologies f

Practical Cybersecurity Architecture: A
πŸ“ Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects, 2nd Ed
✍ Diana Kelley
, Ed Moyle πŸ“‚ Library πŸ“… 2023 πŸ› Packt Publishing Pvt Ltd 🌐 English

Plan, design, and build resilient security architectures to secure your organization’s hybrid networks, cloud-based workflows, services, and applications Key Features Understand the role of the architect in successfully creating complex security structures Learn methodologies for creating archi

Hands-on cybersecurity for architects pl
πŸ“ Hands-on cybersecurity for architects plan and design robust security architectures
✍ Aslaner, Milad;Rerup, Neil πŸ“‚ Library πŸ“… 2018 πŸ› Packt Publishing 🌐 English

Security Architecture is the design artifacts that describe how the security controls are positioned and how they relate to the overall systems architecture. This book will serve the purpose to maintain the system's quality attributes such as confidentiality, integrity and availability and ensure th

Cybersecurity Architect's Handbook: An e
πŸ“ Cybersecurity Architect's Handbook: An end-to-end guide to implementing and maintaining robust security architecture
✍ Lester Nichols πŸ“‚ Library πŸ“… 2024 πŸ› Packt Publishing 🌐 English

<p><span>Discover the ins and outs of cybersecurity architecture with this handbook, designed to enhance your expertise in implementing and maintaining robust security structures for the ever-evolving digital landscape</span></p><span>Key Features</span><ul><li><span><span>Gain insights into the cyb

Cybersecurity Architect's Handbook: An e
πŸ“ Cybersecurity Architect's Handbook: An end-to-end guide to implementing and maintaining robust security architecture
✍ Lester Nichols πŸ“‚ Library πŸ“… 2024 πŸ› Packt Publishing 🌐 English

<p><span>Discover the ins and outs of cybersecurity architecture with this handbook, designed to enhance your expertise in implementing and maintaining robust security structures for the ever-evolving digital landscape</span></p><span>Key Features</span><ul><li><span><span>Gain insights into the cyb