Let's face it, cybersecurity can be a scary, stress-inducing proposition. And it's no wonder. Cybersecurity in modern business is high stakes. We've all seen headlines about data breaches, attacks, even accidental exposures impacting some of the largest companies (not to mention governments) in the world. The truth is, if you do security wrong, you open yourself up to attack. In fact, even if you do everything perfectly, circumstances can still put you at risk anyway. It's a challenging field – and it can be difficult to get right.
We want to be clear right from the start that this book is not about a new security architecture framework, a new set of competing architectural methods to what already exists, and it's not a reference book. These all already exist and provide plenty of value to those actively using them. In fact, we might argue that the single biggest limiting factor to the discipline itself...
Understanding the need for cybersecurity
There are numerous unknowns involved...
What is cybersecurity architecture?
The easiest way to understand cybersecurity architecture is through a comparison with the role of an architect in the physical world, such as one who is working on a large structure such as a bridge, tunnel, skyscraper, museum, or a new house.
In the physical world, it's easy to understand what an architect does. We all know that you can't just forego...
Architecture, security standards, and frameworks
Knowing then what the purpose of the architect is and where/how they might be involved, it's important to spend some time talking about the process that they employ to get there. In beginning this discussion, it's important to recognize that much of that process will be unique and adapted to the organization employing it. We've seen that the goals of the security architect, what they're responsible for, and the role that they play within a given organization can vary depending on a few different factors: the organization itself, the scope and focus of the architect's role, and so on. These same factors will play a role in the process that the architect will follow to realize the results the organization needs.
Secondly, we've purposefully refrained from discussing much about the mechanics of how the architect approaches these tasks. We'll get there – but for now, we want to make sure that...
Architecture roles and processes
Throughout this chapter, we've attempted to provide you with information about why architecture exists, the value that it provides, and how it is (at a high level) normally practiced throughout enterprises. We've also tried to lay out some of the useful background information about what goes into being a cybersecurity architect.
Looking ahead, we will build on this to unpack the specific processes that architects use to actually do their work and walk through one approach and steps with you that you can use to do so yourself.
In the next chapter, we'll explore governance and why it matters to the security architect; governance structures and their purpose; and learn to cascade from enterprise/mission goals to technology and security goals.