Practical Cybersecurity Architecture
eBook - ePub

Practical Cybersecurity Architecture

Ed Moyle, Diana Kelley

  1. 418 Seiten
  2. English
  3. ePUB (handyfreundlich)
  4. Über iOS und Android verfügbar
eBook - ePub

Practical Cybersecurity Architecture

Ed Moyle, Diana Kelley

Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben

Über dieses Buch

Plan and design robust security architectures to secure your organization's technology landscape and the applications you develop

Key Features

  • Leverage practical use cases to successfully architect complex security structures
  • Learn risk assessment methodologies for the cloud, networks, and connected devices
  • Understand cybersecurity architecture to implement effective solutions in medium-to-large enterprises

Book Description

Cybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization.With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs.By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.

What you will learn

  • Explore ways to create your own architectures and analyze those from others
  • Understand strategies for creating architectures for environments and applications
  • Discover approaches to documentation using repeatable approaches and tools
  • Delve into communication techniques for designs, goals, and requirements
  • Focus on implementation strategies for designs that help reduce risk
  • Become well-versed with methods to apply architectural discipline to your organization

Who this book is for

If you are involved in the process of implementing, planning, operating, or maintaining cybersecurity in an organization, then this security book is for you. This includes security practitioners, technology governance practitioners, systems auditors, and software developers invested in keeping their organizations secure. If you're new to cybersecurity architecture, the book takes you through the process step by step; for those who already work in the field and have some experience, the book presents strategies and techniques that will help them develop their skills further.

]]>

Häufig gestellte Fragen

Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Practical Cybersecurity Architecture als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Practical Cybersecurity Architecture von Ed Moyle, Diana Kelley im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Computer Science & Cryptography. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.

Information

Verlag
Packt Publishing
Jahr
2020
ISBN
9781838982195
Thema
Computer Science
Thema
Cryptography

Section 1:Security Architecture

This section gives you an overview of what cybersecurity architecture means: what it is, what it includes (and what it doesn't include), why it's useful, and what the role of a cybersecurity architect may encompass, depending on their focus and the organization they work in. The chapters in this section work through the origins of security architecture, common frameworks to architecture, and the evolution of the discipline. 
By understanding why cybersecrity provides value, the architect can then ensure that they are adding the most value to their organization. The first chapter in this section outlines the business value that the cybersecurity architecture process brings about, while the second helps them understand the business and, by extension, the differing needs of different organizations. Since the needs and context of organizations differ, the architect should begin with an understanding of the business and adapt their role in it to ensure that the work they do will be viewed necessary, welcome, and valuable to the organization based on what the organization does, how it does it, and its particular set of needs.
This section comprises the following chapters:
  • Chapter 1What is Security Architecture?
  • Chapter 2, The Core of Solution Building

Chapter 1: What is Cybersecurity Architecture?

Let's face it, cybersecurity can be a scary, stress-inducing proposition. And it's no wonder. Cybersecurity in modern business is high stakes. We've all seen headlines about data breaches, attacks, even accidental exposures impacting some of the largest companies (not to mention governments) in the world. The truth is, if you do security wrong, you open yourself up to attack. In fact, even if you do everything perfectly, circumstances can still put you at risk anyway. It's a challenging field – and it can be difficult to get right.
We want to be clear right from the start that this book is not about a new security architecture framework, a new set of competing architectural methods to what already exists, and it's not a reference book. These all already exist and provide plenty of value to those actively using them. In fact, we might argue that the single biggest limiting factor to the discipline itself is the fact that more people aren't actively using, or have detailed knowledge of, that excellent source material.
Therefore, rather than contributing to that problem by muddying the waters or adding competing foundational material, our intent is to demonstrate clearly how to do the work. Meaning our intent is that this book reads more like a playbook designed to build muscle memory.
Think about the difference between reading a book on ballistic physics versus working with a pitching coach. The physics book will almost certainly lead you to a deeper understanding of the mechanics, forces, and mathematics of a baseball in flight than you could ever possibly derive from working with a coach. Yet, even with the deepest understanding of the physics, you probably won't pitch a no-hitter for the Yankees. That is, you won't do so unless and until you also build the requisite muscle memory, put in the time to practice and hone your technique, and work with those who can help you improve. However, knowledge of the underlying physics can inform (to great effect) the value derived from working with a coach as those principles can help you hone your technique and realize even greater potential.
Our intention with this book, therefore, is to act as a sort of training guide for those looking to build the skills of cybersecurity architecture, either because they are in a new architectural role and they want to build the necessary practical skills, or because they're an existing practitioner who wants to improve. We do this by building on the theoretical models, drawing from them, and incorporating them to lay out specific, practical steps that can be followed by anyone willing to do the work. We are focusing here on one set of steps and techniques – those that have worked for us – and supplementing that with techniques that we've gathered from practitioners throughout the industry in architectural roles (either on a large or small scale).
Nor is this book a catalog of security controls. We have purposefully refrained from listing out in detail the hundreds – if not thousands – of possible controls, security techniques, technical countermeasures, and other specific technologies that you might choose to adopt as implementation strategies. Consider, by analogy, a primer on the techniques of cooking. Would such a book dedicate hundreds of pages to descriptions of every possible ingredient that the home cook or professional chef might encounter throughout their career? No. Such an exercise would make for boring reading (in fact, it would serve as a distraction from the book's utility), would rapidly become outdated, and would serve little purpose as that material is available through numerous other avenues. Instead, we've chosen to focus on the techniques and principles of architecture, leaving the detailed descriptions of specific technical strategies to the numerous standards and guidance that already exist.
Throughout the course of this book, we'll introduce you to a number of practitioners and provide their viewpoints, their philosophy, their advice about processes, where they've been successful, and where they've made mistakes. We've tried to assemble those who have different perspectives on the discipline of architecture: some from large companies, some from small, some heavily invested in formal architectural models and frameworks (in a few cases, those who've actually authored them), and those that espouse less formal processes. The one thing these professionals all have in common is they've all been successful as security architects.
As we do this, you may notice that some of the perspectives differ from each other – in some cases, their advice differs from our approach. This is to be expected. We hope that by presenting all the viewpoints to you, they will help you better synthesize and integrate the concepts, provide you with alternative approaches if the way we've done it isn't the way that's most comfortable, and provide a window into the many different strategies that you can use to achieve your security architecture goals.
So, to get the most value out of this book, we suggest that you follow along with us. You will still derive value from just reading the words and learning the concepts. However, we believe you will derive even more value if you seek to apply them – as they are presented to you so they are still fresh in your mind – to your job. If you've never done architecture before, try to develop and implement a plan, working side by side with us as you do so. If you're an existing practitioner, try these techniques as a supplement to your own.
Keeping in mind this philosophy, it's natural to be anxious to move directly into the practical steps of building a security architecture. Before we can get into the "nitty-gritty" though, there are a few things we need to level set. This first chapter is intended to cover these prerequisites. We believe that understanding the why of cybersecurity architecture (that is, why do it in the first place?) is perhaps the most valuable thing you can learn in this book or any other.
This first chapter then is almost entirely focused on two things. First, making sure you understand why cybersecurity architecture exists in the first place (that is, the value it provides, and how and why it helps organizations reach their security goals). Second, teeing up some of the background information necessary for us to leap right into Chapter 2, The Core of Solution Building. This chapter covers the following:
  • Understanding the need for cybersecurity
  • What is cybersecurity architecture?
  • Architecture, security standards, and frameworks
  • Architecture roles and processes

Understanding the need for cybersecurity

"I think it's useful to recognize that different stakeholders have different viewpoints. As an example, imagine you are standing on a hill: in front of you there is a valley and mountains to the east and west. Multiple people in that same setting will have a different viewpoint depending on where they are standing and the direction they look. This is similar to enterprise architecture: different disciplines, users, and stakeholders have a different view depending on their focus. The security architect needs to be able to see all these views at the same time. This is because security is a cross-cutting architectural concept that can't be singled out and put into its own, separate box. Instead, it needs to cut across the whole organization and take these different viewpoints into account."
– John Sherwood, Chief Architect, thought leader, and co-Founder of The SABSA Institute
There are numerous unknowns involved in putting the right plan in place for security in a given organization. Creating the right plan involves answering tough questions such as the following:
  • What will attackers do next?
  • How will their techniques evolve in ways we haven't planned for?
  • How will new technologies impact our organization's security model?
  • How will new business opportunities impact our security?
  • How can we know that we're secure – that we've secured the organization appropriately?
  • How do we use our limited resources in the best way possible?
There's no magic bullet, panacea, or sure-fire way to answer all these questions. But there are strategies that help do so.
Cybersecurity architecture, the discipline of planning out strategically the security measures of the organization, is one of those strategies. As cybersecurity architects, we will work to create a blueprint for security measures in our organizations. We'll plan out what the security profile should look like – and subsequently work with stakeholders in the organization to make the plan a reality.
Security architecture provides us with a systematic way to guide our organizations to the most effective security measures; to identify where they will provide the most benefit, who they'll provide the most value to, when they should be implemented, and why the organization should select one over another. It can help us know whether the measures we put in place perform effectively and do what we need them to do. It can help us know that the resources we have are being used in an optimal and efficient way.
All this doesn't happen magically. Cybersecurity architecture takes work. It involves creating the long term "vision" for security, "selling" that vision to stakeholders throughout the organization, charting a realistic roadmap to move from the current state to the proposed future state, working with subject matter experts and others in the organization to execute the roadmap, reacting to unexpected developments and unforeseen challenges, and ultimately working over the long term to implement improvements.
The reality is that architecture is a craft. And like any craft, it involves a combination of artistry, creativity, planning, and knowledge. Also, like any craft, becoming a master takes time, persistence, and discipline – though it's accessible to anyone willing to put in the time and persistence to learn.
We've written this book for two reasons. First, we hope to provide someone new to a security architecture role a roadmap that they can follow to be successful in their jobs. To do that, we've tried to outline the methods and techniques that have worked for us and distill down guidance from successful architects in the field about what's worked for them. For someone completely new, this allows them to get started quickly and get a jump on the learning curve.
Second, for more experienced professionals, we've tried to provide insights and tips that will help them improve. There are as many ways to be a cybersecurity architect as there are architects themselves and there's no right or wrong way to do it (the right way is the way that works). By pulling together experiences from an array of practitioners, our hope is that some of their techniques can help spark creative new approaches in your own practice that lead you to a higher level of proficiency.
Understanding the need for cybersecurity is only the first step in this book. To develop the best, most robust cybersecurity, you need to plan the architecture of your systems. In the next section, we'll gain a fundamental understanding of cybersecurity architecture.

What is cybersecurity architecture?

"Cybersecurity architecture is a fusion of architecture and cybersecurity. "Cybersecurity" is a combination of "cyber" (from the Greek word κυβερνήτης meaning "helmsman") and security ("the freedom from risk or danger"). Putting these all together, it's a model to produce an intended outcome related to freedom from technology-related danger."
– Dan Blum, Cybersecurity Strategist, Security Architect, and author of the book Rational Cybersecurity for Business
The easiest way to understand cybersecurity architecture is through a comparison with the role of an architect in the physical world, such as one who is working on a large structure such as a bridge, tunnel, skyscraper, museum, or a new house.
In the physical world, it's easy to understand what an architect does. We all know that you can't just forego planning and "wing it" when it comes to building a safe, durable, and functional structure. Would you, for example, feel comfortable riding the elevator to the fiftieth floor of a building where they decided to forego planning and "just bu...

Inhaltsverzeichnis

  1. Practical Cybersecurity Architecture
  2. Why subscribe?
  3. Preface
  4. Section 1:Security Architecture
  5. Chapter 1: What is Cybersecurity Architecture?
  6. Chapter 2: The Core of Solution Building
  7. Section 2: Building an Architecture
  8. Chapter 3: Building an Architecture – Scope and Requirements
  9. Chapter 4: Building an Architecture – Your Toolbox
  10. Chapter 5: Building an Architecture – Developing Enterprise Blueprints
  11. Chapter 6: Building an Architecture – Application Blueprints
  12. Section 3:Execution
  13. Chapter 7: Execution – Applying Architecture Models
  14. Chapter 8: Execution – Future-Proofing
  15. Chapter 9: Putting It All Together
  16. Other Books You May Enjoy
Zitierstile für Practical Cybersecurity Architecture

APA 6 Citation

Moyle, E., & Kelley, D. (2020). Practical Cybersecurity Architecture (1st ed.). Packt Publishing. Retrieved from https://www.perlego.com/book/2035200/practical-cybersecurity-architecture-pdf (Original work published 2020)

Chicago Citation

Moyle, Ed, and Diana Kelley. (2020) 2020. Practical Cybersecurity Architecture. 1st ed. Packt Publishing. https://www.perlego.com/book/2035200/practical-cybersecurity-architecture-pdf.

Harvard Citation

Moyle, E. and Kelley, D. (2020) Practical Cybersecurity Architecture. 1st edn. Packt Publishing. Available at: https://www.perlego.com/book/2035200/practical-cybersecurity-architecture-pdf (Accessed: 15 October 2022).

MLA 7 Citation

Moyle, Ed, and Diana Kelley. Practical Cybersecurity Architecture. 1st ed. Packt Publishing, 2020. Web. 15 Oct. 2022.