This article covers the key areas of responsibility of the Security Architecture team within cybersecurity, to better inform and educate professionals of this important role.
What is security architecture? What may be surprising, some professionals within the cyber security community do not understand the role. As a result it can lead to conflicting responsibilities and in some situations even introduce new risk into the business. It is therefore important to understand not only the role of a Security Architect, but also other roles within security.
Design, Threat Model & Security Requirements. Creating, supporting or reviewing the designs, of solutions and networks so that they are secure. This consists of creating design work, developing security requirements, performing threat modelling and selection of security controls.
Security Documentation. Create or contribute to the development of security policies, standards and guidelines. In addition, supporting other teams with security related procedural documents.
Technology Assessment and Selection. Assessing vendor security products based on security and business requirements, partly informed from experience, largely driven by concise requirements. Then, choosing the appropriate product in a balanced evidence based manner.
Risk Management. Primarily assessment of risks relating to all processes, systems and integrations within an organisation. Develop ways to mitigate identified vulnerabilities and threats with appropriate security controls and solutions.
Incident Response. Work with security operational teams (security operations center, incident response) to design and develop incident response plans.
Disaster Recovery. Collaborate with business units to ensure security requirements are considered during any of these processes.
Business Collaboration. Work with business units, gather their business requirements, proposing or building the most appropriate security solution into their ways of working. This can encompass both new and existing solutions involving either standalone and strategic integrations where security architecture becomes part of the approval process.
There may be occasion other security teams may perform any of the above, in a small understaffed environment this is the only option. However within a large enterprise, it will not be effective, very likely lead to continued insecurity, in some cases introduced new vulnerabilities into an organisation. A security architect will typically have prior experience working within other security disciplines and will draw on that experience to better serve the business. Architects will also provide general support as above but also specialise is a specific technology domain, for example networking or cloud security.