Where do you start your security architecture?
Jan 5th, 2017 by Jesper Kråkhede
It´s not that easy to start creating a security architecture when it’s hard to define in the first place. A security architecture has a few starting points. The first one is the realisation that you have something to protect. That may sound as a simple thing but without your assets defined you cannot define a security architecture.
Following that you need to start building the list of requirements you need to adhere to.
This list consists of your risk analysis, applicable laws you need to adhere to and compliance schemes you need to follow. Of course, you could have others that are on a voluntary basis and those should be included in the list as well as long as you don´t regard them as strict mandatory.
The list you provide will be your risk register that you will start working with.