crowmoor.se

One of the most important tools I use when working with security is reference architecture. It really helps me speed up my projects. So what is reference architecture? It is as simple as a visualized description of the best way to solve a problem. So whenever I am to implement PCI DSS, ISO 27001 or any other compliance or if a client asks me about the best way to implement remote access solutions I bring up my diagrams and start mapping.

Best thing is that I directly find any possible flaws in the solution they are proposing making me seem to be extremely knowledgeable. But in the end it is only a thing of understanding the best way to do something and then adapt it to map the client’s possibilities in their current setup. If you are not working with reference architecture then you are bound to be doing the same errors over and over again in a very slow pace.

Where do you find reference architectures? Some are proprietary like the ones I have created. Others are readily available at for example www.opensecurityarchitecture.com.