Security Architecture and Design
Security architecture and design usually explore how information security safeguards and controls are used in IT systems to protect the integrity and confidentiality of the data used, stored or processed in the systems (Arfaoui et al., 2018). It also explains logical operating systems, software security components, hardware and how the components can be used to design architecture and assess secure computer systems. The architecture refers to the tools, processes and systems used to mitigate an attack while design explores how the security architecture is built. Effective security architecture and design aid companies to better coordinate the overall security efforts of a company. It also helps the internal auditors to maximize security audits and take part in the general security activities of the organization.
Security architecture and design first cover the software and hardware necessary to have a secure computer system, next, covers the logical models needed to keep the system safe and the last, it looks at the evaluation model that gives a quantity of how the system is secure (Matheu et al., 2020). Some of the things involved in the security of computer systems include antivirus programs, intrusion detection system and firewalls. To utilize the tools and existing policies, a company should implement an architecture that integrates all three elements. Additionally, the architecture should be coordinated, structured and consist of processes, tools and people that work together to help secure the organization resources.
For an effective and efficient security architecture, there must be three major components. The components include tools used, people involved and procedure followed when designing, managing and implementing the security features. The architecture professionals should apply policies detailing the management expectations and should align the components effectively. Moreover, security architecture has several phases which include security design, risk assessment, monitoring, operations and implementation. Implementation deals with the techniques and procedure used to implement, control and operate computer components in an organization (Memos et al., 2018). Risk assessment helps evaluate the critical business process and determine the effectiveness and odds of security vulnerabilities and risks. Security design looks at the approach to software and hardware development that helps make them free from security vulnerabilities and threats. Monitoring and operation look at the day to day security activities like vulnerability controls and threat management.
References
Arfaoui, G., Bisson, P., Blom, R., Borgaonkar, R., Englund, H., Félix, E., … & Papay, J. (2018). A security architecture for 5G networks. IEEE Access, 6, 22466-22479.
Matheu, S. N., Robles Enciso, A., Molina Zarca, A., Garcia-Carrillo, D., Hernández-Ramos, J. L., Bernal Bernabe, J., & Skarmeta, A. F. (2020). Security architecture for defining and enforcing security profiles in dlt/Sdn-based IoT systems. Sensors, 20(7), 1882.
Memos, V. A., Psannis, K. E., Ishibashi, Y., Kim, B. G., & Gupta, B. B. (2018). An efficient algorithm for media-based surveillance system (EAMSuS) in IoT smart city framework. Future Generation Computer Systems, 83, 619-628.