Archistry

Survivability by Design™ since 2006

You are here: Home / Archistry Daily / 5 things your security architecture MUST do

5 things your security architecture MUST do

What do you really know about security architecture and what it should do for you?

I’ve mentioned it a couple of times over the last few weeks, but I haven’t yet given it the attention it deserves. So today, we’re going to start fixing that problem.

Tomorrow, we’ll do a slightly deeper dive on the concept itself, but today I wanted you to think about why you should care about it. And I also wanted to highlight why I think it’s such a big deal.

So, when you think of “security architecture” how do you measure it’s value? Do you even have one that’s planned and not emergent?

HINT (and a preview of tomorrow’s piece): it’s not a bunch of documents—especially those stuffed in a drawer or lost on a file share somewhere.

If it was, you might easily get into “My SA’s bigger than your SA. Just look at all these pages! And those diagrams! Wow, aren’t they sexy?” kinds of arguments with your peers over drinks at RSA in a couple of weeks.

And that would be silly.

Let’s cut to the chase. Here’s the list of the 5 things your security architecture MUST do if it’s going to be worth the effort and deliver real value to you and the organization.

To do all that, it must:

  1. demonstrate understanding and alignment with the business,
  2. codify security control decisions as guidelines and blueprints for new projects,
  3. enable efficient and effective triage of security threats and incidents,
  4. visualize and communicate risk exposure and control capabilities, and
  5. illustrate and communicate risk ownership and risk governance roles and responsibilities

How’d you score?

20%…80%…100%…

…or 0%?

I’m not going to mice words on this, so here it is:

If you don’t have a security architecture in place for your organization that does the above 5 things, you’re letting the inmates run the asylum.

And there’s NO WAY IN HELL you will ever run an effective security program.

And your board and executive team will never have a good picture of what you do for them.

And you’ll be struggling to not let the door hit you an the ass on the way out the door when something terrible happens on your watch.

Psssst…wanna fix it?

Then do these things right now:

  1. Go to this link: https://archistry.com/go/SecurityLeader
  2. Scroll all the way down to the bottom of the page, and click the BIG YELLOW BUTTON
  3. Let’s talk about how to get you started TODAY building the security program you know you need backed by the security architecture you must have

See you soon,

ast

Andrew S. Townley
Archistry Chief Executive