When designing any architecture there are certain principles need to be considered and followed. They will assure the architecture is aligned with business strategy, vision and goals. Usually Enterprise architect team is responsible of defining those principles with senior management help and guidance. Below are some principles to be used when designing security architecture.
- Principle 1: Comprehensive Documentation
- Principle 2: No plan is fool-proof
- Principle 3: Successful business operation supported by reasonable and appropriate controls
- Principle 4: Business requirements require translation into forms that technical architecture designers can form into conceptual models
- Principle 5: It makes no sense to design something the engineers can’t build
- Principle 6: Partial understanding results in incomplete designs
- Principle 7: Use attach trees
- Principles 8: Business and technical users will avoid complex and hard to use security controls
- Principle 9: Testing models and final architecture implementations must take into consideration design
- Principle 10: Ensure architecture constraints are reviewed during the change management process
- Principle 11: Frequently assess risk
- Principle 12: Meeting security requirements means the architecture is compliant with regulatory and best practise constraints
No comments:
Post a Comment