Security Architecture
Enterprise Security Architecture in a Dynamic Environment
Management Summary
A business-driven approach to security architecture helps organizations prioritize where controls are needed to protect critical information and define the acceptable level of risk.
​
Many organisations adopt technologies designed to deal with a specific security issue that the organisation has been made aware of while leaving vulnerabilities open elsewhere. Technologies that often end up as shelf-ware or out of favour, with the original justification for their purchase forgotten. A coherent security architecture based on business goals and risk evaluation ensures the best possible defence at a reasonable cost which can also be defended to regulators and investors.
​
Most importantly, the security architecture must help the organisation to be productive and agile as well as deliver a measurable return on investment given the organisations' risk profile.
Enterprise Security Architecture
Throwing cybersecurity technology at your IT systems doesn’t lead to real security. Today, what we write in our policies, the behaviour of our employees and the preparedness and responses of our management teams to the crisis determines the financial penalties that organisations face when a breach occurs.
​
Without a coherent and adaptive security architecture, vulnerabilities will remain to be discovered by attackers and newly-created vulnerabilities will escape detection. Security Architecture is a well-established principle in highly-secure networks to design security into IT - but it is far less prominent in commercial networks. It is increasingly important for today’s highly adaptive, cloud-based IT environments.
​
How We Can Help
​
Our mission, as enterprise security architects, is to develop and evolve an adaptive, RoI-based, context-aware security architecture for your network infrastructure and its related security mechanisms, policies and procedures, for consistent operation within a modern dynamic organisational environment. The purpose of this is to ensure your organisation is able to operate safely in a dynamic threat and technological environment by cost-effectively managing the risks to your information assets.
The SABSA® Model For Security Architecture
KITS follows the SABSA® Model for Security Architecture. The key elements of the architecture include:
​
-
Contextual: Business requirements, policy, risk assessment, organisational and cultural development and reporting
-
Conceptual: Training and awareness, business continuity management, audit and review, process development, incident handling and development of standards and procedures
-
Logical: Security policymaking, information classification, system classification, management of security services, negotiation of interoperability for security services, audit trail monitoring
-
Physical:
-
Component: Products, technologies, evaluation and selection of standards and tools, project and implementation management, operation and administration of components and systems
The Adaptive Security Architecture
Gartner's Adaptive Security Architecture Process
Enterprise security architecture links the components of the security infrastructure into one integral design, ensuring the right technology is deployed, reducing the risks of undiscovered vulnerabilities and reducing technology costs.
​
​
​