What Is Security Architecture?

Security concerns are pervasive throughout all the architecture domains, and all phases of the TOGAF ADM.  The Security Architect is active whenever a new threat is recognized or experienced, and any time a new IT architecture initiative discovers new stakeholders and/or new requirements.  So what is Security Architecture?

Security Architecture deals with the when, how and where of security control application, and addresses the potential risks involved for an organization in certain scenarios or environments.

Security Architecture in many cases helps to define the relationship between the various components inside the IT architecture, their dependencies and the specifics of their interaction.  This gives it an association with Data Architecture, but Security Architecture can take many forms, such as risk management, benchmarking, financial & legal, and regulatory.

The Security Architect commonly takes the initiative through a four-phase journey, beginning with a risk assessment that examines the likelihood and potential effect of security threats to business assets.

This will inform the second phase, during which the enterprise’s security specifications are designed and mapped.

The architecture arising from the second phase is then implemented, operated and controlled in the third phase.

The fourth phase comprises the operating and monitoring of day-to-day security processes, such as threat and vulnerability management.

Like all architectures, Security Architecture relies on certain fundamental principles, such as the separation of concerns, abstraction, and the creation of conceptual models and formal specifications.

More Free Resources

Previous articleAccredited IT4IT Reference Architecture Training
Next articleVideo: Lean and the 5S Methodology – A Short Guide
Richard is the Portfolio Manager and one of the Senior Instructional Designers at Good e-Learning. A BA (Hons) in Philosophy from the University of Essex started an unfortunate habit of collecting degrees, with the count currently standing at three. After many years a stand-up classroom trainer for organisations such as Goldman Sachs, JP Morgan and Morgan Stanley, Richard realized a switch to e-Learning would allow him to do much more sitting down. This he did with Thomson Reuters before joining Good e-Learning in 2015. When not acquiring esoteric and useless facts, Richard is mostly found installing tricky Minecraft mods for his son and his friends.