This Guide examined the field of security architecture from the point of view of security governance. It explains how security architecture governance can be created as a sub-field of security governance and how the principles and structure of the same can be applied to security architecture governance to build an overarching security environment that is easy to understand, change, monitor and maintain. It has examined the security architecture governance from the point of view of business sponsors and other stakeholders. It has suggested security governance life cycle phases, sub-stages in each phase. For each sub-stage, it has described the list of activities, proposed required participants, stated expected outcomes and probable artifacts and identified building blocks of the area of concern. While describing the building blocks, the article has touched upon some of the fundamental concepts where required and explained it contextually to make the understanding clear. Its principle of arriving at inferences is primarily based on risk management. It proposes procedure, organisations, artifact, challenges and implementation hints that can be used to create a security architecture governance plan.
The authors expect this article to be useful for organisations who are in the process of creating or improving their existing security development process. The article is created based on authors’ experience in building such a process for large enterprises in combination with the research of publicly available materials across internet and other forms of publications. It does not directly or indirectly attempts to depict any process of any particular organisation.
This Guide Focuses On:
- Developing A Customized Information Security Architecture Governance Framework
- Applying The Framework In Organization Context To Create Implementation Roadmap
- Developing A Measurement Program To Continuously Improve Security Architecture Governance
Arnab is a passionate technologist and loves to design, build and protect large scale systems. Some of the key areas of his expertise includes telecom networks, large scale distributed software development, big data technologies, artificial intelligence and information security. He had spent significant number of years in security research, consulting and management of security functions that includes identity and access management, cryptography, security architecture, vulnerability management and security program development. He had worked across the globe with large corporations to secure their systems. An entrepreneur at heart, he was instrumental in creating one of the world’s first cloud-based penetration testing SaaS companies.
Arnab has a Master’s of Science degree in Telecom Engineering with Distinction from the University College London. He held a patent in artificial intelligence.
Nidhi has been a Software Engineer for over 12 years. After years of working in the variety of areas of software development that includes web application development, database and developing algorithms, Nidhi moved into information security. She had lead development of information security governance program in software product companies. She had worked extensively in the areas of vulnerability management, identity and access management and security governance. She has special interest in security architecture.
Nidhi has Bachelor Degree in Computer Science and Engineering with Honors from National Institute of Technology, Allahabad.