Cyber Security Architecture Fundamentals

Security architecture defines principles and policies to reduce operational risk. It aligns security with long-term business needs, prioritizing the business and balancing cost, usability, and integration with processes.

Identify and grade assets, balance security, usability, cost, and operability. Design cost-effective solutions that enable business objectives, develop reusable patterns, leave blueprints for successors, and stay abreast of emerging threats.

Explore core security principles, from OWASP to NIST and the Jericho Forum and Open Group frameworks, emphasizing defense in depth, least privilege, secure by design, and robust incident response.

Explore cyber security processes, including incident response, audit and reporting, and risk management, with emphasis on logs, evidence, and leadership reporting.

Master risk management in cyber security through assessment, analysis, mitigation, and monitoring, and apply administrative, technical, and physical controls with preventive, detective, corrective, and compensating treatments.

Explore residual risk as the leftover after security controls, distinguish it from inherent risk, and prioritize mitigation under budget and compliance considerations using qualitative analysis.

Learn threat modeling as an approach to identify and quantify security threats, using methods like Stride, DREAD, PASTA, Octave, and Shrike across functional and environmental perspectives.

Explore the difference between threats and risks, clarify how threat modeling targets data assets and attacker capabilities, while risk assessment analyzes assets, vulnerabilities, likelihood, and impact for informed security decisions.

Explore threat modeling by examining application threat models, operational threat models, and data flow models. Map assets, threats, and mitigations to secure environments and data flows.

Stride, a Microsoft threat model used in design, enumerates spoofing, tampering, repudiation, information disclosure, denial of service, elevation of privileges, and emphasizes mitigation and testing for completeness, accuracy, and effectiveness.

Apply the dread threat model to rate damage, reproducibility, exploitability, affected users, and discoverability, derive an overall risk score, and recognize its subjectivity across organizations.

Define objectives, scope, and the attack surface to drive the pasta process. Simulate attacks, perform threat analysis, assess vulnerabilities, and carry out risk and impact analysis to determine mitigations.

Octave is a self-directed, flexible threat model for operationally critical assets and vulnerabilities, with three phases and variants S, allegro, fort, and uses audits, pentesting, and risk assessments.

Explore the Trike threat model—a risk-driven, defense-focused open source framework for security auditors—supporting four processes: requirements, implementation, threat modeling, and mitigations, with cautions about its experimental stage.

Learn to construct attack trees, a graphical, hierarchical representation of attacker objectives and routes, using root nodes and branches that are and/or, with examples like phishing and supply chain attacks.

Explore how enterprise architecture frameworks align business objectives with information systems to guide security decisions, focusing on togaf, zachman, sabsa, and dodaf.

Explore the TOGAF framework and its architecture development method for building enterprise architectures, including governance. Learn four domains (business, data, application, technology) and how security is embedded across them.

Explore the Zachman framework, an ontology and structure for describing an enterprise, using six logical questions to define components and roles, with role-based access, positive identification, and data confidentiality.

Discover Sabsa, the Sherwood Applied Business Security Architecture framework for risk-driven enterprise security, using six views and six questions across lifecycle stages, including strategy and concept design, implementation, and management.

Explore network security as the cornerstone of cyber defense, from reconnaissance to malware and man-in-the-middle threats. Learn to deploy firewalls, IPS/IDS, and policy enforcement to prevent unauthorized access.

Harden applications against passive threats like weak key and password management and information disclosure. Defend against active threats with protections against SQL injection, cross-site scripting, brute force, and man-in-the-middle attacks.

Learn how endpoint security defends end devices from computers to printers against BYOD challenges and threats like malware and phishing, using anti-malware, whitelisting, DLP, machine learning, and EDR.

Explore identity and access management by outlining the four phases—identity, authentication, authorization, and audit—and discuss threats to privileged users with tools like multifactor authentication, single sign-on, and role-based access control.

Learn how data protection maintains availability for authorized users, enforces proper access, and complies with GDPR and data residency, while using encryption, anonymization, tokenization, multi-party trust computation, and database monitoring.

Identify and mitigate vulnerabilities through cyclical vulnerability management, review and apply patches with testing and rollback procedures, and ensure availability via load balancing, backups, and disaster recovery.

Explore supply chain security across upstream and downstream components and third-party processes, examining threats from open source and hardware vulnerabilities like Meltdown and Spectre.

Explore security design patterns as proven, repeatable solutions to specific recurring information security problems, based on best practices and aligned with the CIA triad.

Explore a security design pattern example for corporate emails that ensures confidentiality, integrity, authenticity, and accountability through encryption, digital signatures, logging, and data loss filters.

Explore reference security architectures as templatized, reusable solutions for security domains, illustrated by Microsoft, Oracle, Cisco, IBM examples, detailing fraud detection, data security, and compliance enablement.

Develop a practical security architecture blueprint to enable remote work for a UK-based online retailer, safeguarding customer and employee data through threat modeling, risk assessment, and MFA-enabled external access.

Identify seven business requirements for cyber security: confidentiality of data, user accountability, fraud detection and prevention, admissible evidence, regulatory compliance, reputation protection, and scalable security across locations.

The company has classified data into confidential, sensitive, and public categories, with human resources handling employee data and customer service handling customer data, then moves to threat modeling.

Explore threat modelling for cyber security architecture, identifying insider and external threats, mapping data flows, and evaluating exfiltration risks via removable media, internet, email, and drive by compromise.

Learn how six security requirements derived from business requirements and threat modeling prioritize data protection, access control, approved removable media, regular vulnerability scanning, timely remediation, and continuous monitoring.

Summarize reference security architectures that enforce requirements with encryption, data loss prevention, masking, and tokenization. Incorporate strong authentication, firewalls, privilege management, USB policy, vulnerability scanning, configuration management, and SIEM-based auditing.

Identify the residual risk after implementing security controls and USB policy, noting that exfiltration via removable media has low likelihood but high impact, yielding a medium risk.

Thank you for completing the cyber security architecture fundamentals course; download the pdf ebook and slides, reach out with questions, and peruse my library of cyber security courses.