Architecture and Design

It is common for many corporate organisations to have information security solutions designed, acquired and installed on a tactical basis. In this process there is no opportunity to consider the strategic dimension, and the result is that the organisation builds up a mixture of technical solutions on an ad hoc basis, each independently designed and specified and with no guarantee that they will be compatible and inter- operable. There is often no analysis of the long-term costs, especially the operational costs which make up a large proportion of the total cost of ownership, and there is no strategy that can be identifiably said to support the goals of the business.

Developing a successful enterprise security architecture means thinking in business terms at all times, even when you get down to the real detail and the nuts and bolts of the construction. You always need to have in mind the questions: Why are you doing this? What are you trying to achieve in business terms here? Otherwise you will lose perspective and finish up making all the classic mistakes.

A layered model for security architecture is the best approach in developing enterprise security for both on-premise and Cloud environments. This is why we follow the SABSA six layer model closely, where each layer as shown below represents the view of a different player in the development process. 

img_0791

Each representative player in your organization should be involved to address and develop the security architecture model from their unique perspective in the organization by addressing the fundamental questions of What needs to be protected?, Why?, How?, Who?, Where? and When?.  The table below shows typical examples of what needs to be addressed when using this approach.

img_0792