Book of the month 2023 – April
Security Architecture – How & Why? by Tom Madsen
The author begins by stating that security has an important property that most people know about. However, only few pay any attention to it. The usual approach to cybersecurity, which consists of a checklist of technical and procedural controls typically fails. It happens because many people focus on ticking off whether specific requirements are fulfilled or not. Yet they rarely check how they fit together to form a secure chain. Security architecture, as with all other forms of architecture, needs a holistic approach.
In this book Tom Madsen offers a solution to a lack of holistic approach to cybersecurity that goes beyond a simple list of checkpoints. The solution is SAPSA model, which is a six-layered approach to developing an enterprise security architecture. To explain the logic behind the model and how it is used, the author draws on a metaphor of building a building with each layer representing the view of a different player in the process of specifying, designing, constructing and using the building.
What are the layers of SAPSA model?
The layers are as follows:
The Business View – provides a description of the business context in which your secure systems must be designed, built and operated. It corresponds toContextual Security Architecturelayer in the model.
The Architects view – the overall design that will meet the initial business requirements, it defines principles and fundamental concepts. This layer is referred to as Conceptual Security Architecture in the model.
The Designers View – involves the identification and specification of the architectural elements of an overall system, it models the business as a system. It is equivalent to Logical Security Architecture layer.
The Builders View – this view turns the overall system abstractions into a physical security architecture model that describes the actual technology model and specifies the functional requirements of the various components. This is a Physical Security Architecturelayer.
The Consultants View – works with a series of system components that are hardware items, software items or interface specifications and standards. Hence this layer of the architectural model is also called Component Security Architecture.
The Managers View – is concerned with classical systems operations work. The framework for doing this is called the Operational Security Architecture.
The SAPSA model is designed to provide a comprehensive view of an organization’s security posture. Additionally, it can be used to identify areas where improvements are needed. By evaluating each of these views or layers, organizations can develop a more effective security strategy that is tailored to their specific needs and risks.
Who would benefit from reading this book?
Overall, this book is a valuable resource for anyone looking to get introduced to the topic of security architecture. Moreover, it provides a good reasoning to why the organizations need to pay more attention to the security of their information systems. Moreover, the author provides guidance on how to carry out the individual steps. He also shows how they fit into the development of a holistic security architecture.
This book can be purchased in print in your favourite bookshop. There is also a Kindle version available on Amazon.
If you want to check our previous Book of the Month selection, you can find it here:
Book of the Month – Corporate Explorer by A. Binns, C. O’Reilly and M. Tushman