As a supplement to my previous post, I found a paper specifically addressing one take on how to define a Security Architecture Framework from the Information Security Society of Switzerland.
https://www.isss.ch/fileadmin/publ/agsa/Security_Architecture.pdf
The paper contains a nice overview on how to define a specific organization's Information Security Architecture. In particular, it has a different definition of Security Architecture than this week's lesson (however, it does not strictly agree with my own proposed changes in my previous blog).
"A Security Architecture is a cohesive security design, which addresses the requirements (e.g. authentication, authorization, etc.) – and in particular the risks of a particular environment/scenario, and specifies what security controls are to be applied where. The design process should be reproducible."
No comments:
Post a Comment