Security Architecture and Enterprise Architecture

Security Architecture(SA)

The systematic approach to improve network security and mitigate the existing risk or future risk is the basic definition of security architecture.  Typically, security architecture includes systems, processes and tools in organizational place which will help prevent attacks or mitigate possible risk of exposure to the threatening environments.  Modern organization no matter the sizes have a security architecture. Organizations without security architecture are open to lots of gaps and weakness and viable to possible attack from hackers, malware attacks and threats from various threat agents. Without security architecture cybercriminals will have an easier access to main systems causing various damages.

Security architecture are generalized by some of its main characteristics, which are mentioned below:

1)      Security architecture are confined by its own discrete security methodology.

2)      SA composes its own distinct views and perspectives.

3)      There is non-normative flow of information through systems and among applications.

4)      System architecture acquaint with distinctive, single purpose components in design.

5)      There are unique set of skills and competencies of the enterprise and IT architects.

Throughout the architecture fields and in all phases of the architecture development security concerns are prevalent. The fundamental purpose of system architecture is to protect the value of the systems and information assets of the organization. There are no single purpose components of its own in system architecture but rather it acts as quality of systems in the architecture. There are building blocks, collaboration and interfaces. Security architecture unique elements usually interface with the business systems in a balanced and cost effective way. The whole purpose of this is to maintain the security policies of the organization without interfering with the system operations and functions. This whole process is least costly and most effective to plan and implement security specific functions in system architecture as early as possible in the development cycle to avoid costly retrofit. The approach of the security architect ensures the proper flow of all the application but also the abnormal flows, failure and the possible ways the system application can be interrupted and fail.

The areas of concern for the security architect are:

1)      Authentication

2)      Authorization

3)      Audit

4)      Assurance

5)      Availability

6)      Assets protection

7)      Administration

8)      Risk management

Enterprise Architecture (EA)

Enterprise architecture is a demanding approach which helps organization to understand the importance and describes the structure of an enterprise. A very effective and sustainable enterprise depends on the well managed enterprise architecture. Enterprise architecture is well regarded on three objectives.

1)      A discipline: The way of thinking about the structure of an enterprise.

2)      A process: Process which determines how the architecture are created, how they can be evolve throughout the time and how they are managed.

3)       Sets of work products: A set of products determine the models and diagrams which describe the structure of enterprise.

Adopting enterprise architecture comes with numerous advantages and rational explanation behind such a design approach. Some of these includes

1)      Better agility: Enterprise architecture gives organization a better agility function. EA helps business remain agile by ensuring new developments and without affecting the operations.

2)      Efficient execution of strategy: enterprise architecture helps the various aspects of IT strategy, business needs and technology per requirements of business needs. These strategy helps in achieving the organizational goals and keep their strategy on check.

3)      Effective use of IT resources: enterprise architecture helps laying out the roadmap of existing system, technology and data. The issues and problems can be quickly narrowed down and solved accordingly.

4)      Communication and planning:  Enterprise architecture will help in understanding the issues and prioritize those issues when developing operation plan. Furthermore, enterprise architecture can help manage the change that organization undergoes throughout the span of time. Clarity in responsibilities and skills promote communication between the internal and external stakeholders which ultimately creates the environment viable for prosperity and achievement of goals is easy.

There is large share of interconnection between EA and SA as well as there is big differences in their related fields and how these differences make each of them unique in the security and sustainability of organizational hierarchy which clearly depict in the above discussion.

Risk assessment is the assessment of the potential adverse impacts to organizational operation and assets, or any technological interest arising from the operation and use of information systems or information processed or stored or being transmitted by those systems. Risk are common and its inevitable in most situation or scenario. Organization conduct risk assessment to find out the risk which are so common to the organizations core missions or very core to business functions which affects day to day operations. Assessment of risk can support a wide variety of risk based decision. Activities which are often controlled by higher hierarchy and activities by organizational officials across all three tiers in the risk management building. To understand the whole risk assessment theory, we have to undergo the whole concept of risk.

Risk

A measure of the extent to which an entity is vulnerable by a potential event or occurrence. Risk is usually a function of the adverse impacts which arose if the circumstance occurs or likely to occur. Information risk or security risk are the risk that arise due to the loss of confidentiality, integrity or the availability of information which reflects the adverse impacts of organizational operations.

Threats

A threat is a potential circumstance which could result to adverse impact of organization operation and assets, or loss of information system via potential unauthorized access, destruction or denial of services.

Vulnerabilities

A vulnerability is a weakness or pressure point in an information system or enactment that could be exploited by a threat source. System vulnerabilities can be associated with various function associated with security controls. It is also important to allow for the possibility of emergent vulnerabilities which allows organization to tackle and understand the arising threat. Vulnerabilities are not only identified within the information systems but they can be identified everywhere in the organization and it comes in all ways mostly unexpected ways.

Credible attack vectors

Credible attack vector is a path by which hacker can gain access to a network server or a system. With access of network, attack vendors enable hackers to exploit system vulnerabilities. Common attack vectors include viruses, malware, web pages’ pop ups and social engineering. Attackers which are privileged accounts are the only way to gain access to valuable data. Tools and methods are used to identify the critical importance of attack vectors. Malware attacks happens every day in poor networking and system components. The main purpose of attack vectors is to gain access the personally identifiable information or any information which can be sold or make money out of it.