What Is Security Architecture?
Security concerns are pervasive throughout all the architecture domains, and all phases of the TOGAF ADM. The Security Architect is active whenever a new threat is recognized or experienced, and any time a new IT architecture initiative discovers new stakeholders and/or new requirements. So what is Security Architecture?
Security Architecture deals with the when, how and where of security control application, and addresses the potential risks involved for an organization in certain scenarios or environments.
Security Architecture in many cases helps to define the relationship between the various components inside the IT architecture, their dependencies and the specifics of their interaction. This gives it an association with Data Architecture, but Security Architecture can take many forms, such as risk management, benchmarking, financial & legal, and regulatory.
The Security Architect commonly takes the initiative through a four-phase journey, beginning with a risk assessment that examines the likelihood and potential effect of security threats to business assets.
This will inform the second phase, during which the enterprise’s security specifications are designed and mapped.
The architecture arising from the second phase is then implemented, operated and controlled in the third phase.
The fourth phase comprises the operating and monitoring of day-to-day security processes, such as threat and vulnerability management.
Like all architectures, Security Architecture relies on certain fundamental principles, such as the separation of concerns, abstraction, and the creation of conceptual models and formal specifications.