What is security architecture exactly?
Jan 2nd, 2017 by Jesper Kråkhede
I had a client meeting recently where we started to discuss their view on security architecture and quite interesting I got several views of what security architecture actually is. As a result of that I created a set of slides that describes how I work with security architecture. Of course, there are many ways to do security architecture but a common consensus of the how you view the topic is quite important to define.
As you see in the above picture I use IAF (Integrated Architecture Framework) as a model to build my architecture. IAF is part of TOGAF since TOGAF 9. An architecture consists of four large parts: Business, Information, Information System and Technical Infrastructure. Security architecture is not a specific architecture within this framework. In some cases, you model an IAM-system and call it a security architecture but that is not correct. That´s a Technical Infrastructure architecture of a security system. A security architecture is actually something completely but it ends up in changing the current architecture you have to make sure that its secure. The red dots show examples where an architecture could be changed to make it secure.
So basically, security architecture is the process of making an architecture secure.