“A journey of a thousand miles begins with a single step.” -- Lao Tzu
Security Architecture is the blueprint (pun intended) to your company’s information systems. A company’s information systems include all data/information the company produces, such as profit margins, employees’ social security numbers, bank accounts, intellectual property, invoices, etc. Therefore, Security Architecture (or lack of) is the foundation of a company’s information systems. Simply put, well-composed Security Architecture policies and procedures will ensure secure information systems for companies.
Security Architecture is the metaphorical “single step,” while the “journey of a thousand miles” is the company’s information systems. Throughout our website, you will read about various tools used for security, information regarding security, blogs regarding security topics, etc. Not one vulnerability or weakness is not because Security Architecture was incomplete. For example, Bitcoin’s and Ethereum’s (PoW not PoS) consensus protocols have flaws in their respective Security Architecture. Of course, Ethereum can fix its algorithms a lot quicker/easier than Bitcoin can, but that is outside the scope of this section.
The U.S. Government is concerned with Security Architecture and continuously updates its rules in order to protect its data. The National Institute of Standards and Technology (NIST) defines Security Architecture as:
A set of physical and logical security-relevant representations (i.e., views) of system architecture that conveys information about how the system is partitioned into security domains and makes use of security-relevant elements to enforce security policies within and between security domains based on how data and information must be protected. Note: The security architecture reflects security domains, the placement of security-relevant elements within the security domains, the interconnections and trust relationships between the security-relevant elements, and the behavior and interaction between the security-relevant elements. The security architecture, similar to the system architecture, may be expressed at different levels of abstraction and with different scopes.
Undoubtedly, each organization’s Architecture Security is unique. We work with subject matter experts per environment. If you would like to have your Security Architecture assessed or need help setting one up, contact us below.