Security Architecture

Definitions

Security Architecture

those parts of an architecture related to fulfilling the security requirements

Responsibilities

The typical responsibilities of a Security Architecture are to:

• Ensure that the architecture fulfills the security requirements.
• Identify all major components that are primarily related to implementing the security requirements.
• Identify all security mechanisms.

Contents

The typical contents of a security architecture are:

• Security Components (including but not limited to):
  • Identification and Authentication Subsystems.
  • Firewalls.
  • Intrusion Detection Subsystems.
  • Encryption/Decryption Subsystems.
  • Antivirus Programs.
• Mechanisms for Fulfilling the Security Requirements:
  • Identification Requirements.
  • Authentication Requirements.
  • Authorization Requirements.
  • Immunity Requirements.
  • Integrity Requirements.
  • Intrusion Detection Requirements.
  • Nonrepudiation Requirements.
  • Privacy Requirements.
  • Security Auditing Requirements.
  • System Maintenance Security Requirements.

Stakeholders

The typical stakeholders of a Security Architecture are:

• Producers:
  • Architecture Team
  • Security Team
• Evaluators:
  • Architecture Evaluation Team
  • Customer Organization, which evaluates the architecture for feasibility and appropriateness
• Approvers:
  • Technical Leader
  • Project Manager
  • Customer Representative
• Maintainers:
  • Architecture Team
• Security Team
• Users:
  • Hardware Development Team
  • Software Development Team

Phases

A security architecture typically is produced during the following phases:

• Business Strategy: Not Applicable
• Business Optimization: Not Applicable
• Initiation: Started
• Construction: Completed
• Delivery: Maintained
• Usage: Maintained
• Retirement: Archived

Preconditions

A security architecture typically can be started if the following preconditions hold:

• The initiation phase is started.
• The architecture team has been staffed and trained in architecting.

Inputs

The typical inputs to a security architecture include:

• Work Products:
  • System Requirements Specification
• Stakeholders:
  • TBD

Guidelines

• TBD.

Conventions

A security architecture is typically constrained by the following conventions:

• Work Flow
• Content and Format Standard
• Inspection Checklist

Examples

• Example Security Components:
  • Identification and Authentication Subsystems.
  • Firewalls.
  • Intrusion Detection Subsystems.
  • Encryption/Decryption Subsystems.
  • Antivirus Programs.
• Example Security Mechanisms:
  • User Identifiers (Identification)
  • Passwords (Authentication)
  • Biometric Devices (Identification and Authentication)
  • Digital Signatures (Identification and Authentication)
  • Encryption/Decryption (Privacy for messages and data)
  • Hash (integrity)