Architecture is as you know the foundation of everything that is going to last & be successful. Be it for a building or for your Security Optimization setup, you can be assured that a good architecture will enable it to give you the best results. The Solution architecture that is needed for the SOC involves the a mix of Expert security professionals, integration & implementation of number of tools and security solutions needed & their in depth knowledge.
A security Solution Architecture involves a lot of tools Like – SIEM, SOAR, MDR and other security tools working in conjunction to achieve the bigger overall security picture of the organization.
The most important reponsibility in installing and selecting a security solution for an organization, lies with the security architect. A security expert, who must take these 8 generally accepted areas of concern into consideration :
- Authentication : The validation of the ID of a person or entity related to the enterprise or system in some way.
- Asset Safety : Safeguarding the information assets from loss or unintended disclosure, and resources from unauthorized and unintended use
- Assurance : The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies
- Authorization : The definition and enforcement of permitted capabilities for a person or entity whose identity has been established.
- Security Audit : The ability to generate forensic data attesting that the systems have been used in accordance with stated security policies.
- Security Administration : The ability to add and change security policies, add or change how policies are implemented in the enterprise, and add or change the persons or entities related to the systems.
- Data Availability : The ability of the enterprise to function without service interruption or depletion despite abnormal or malicious events.
- Risk Management : The organization’s attitude and tolerance for risk. (This risk management is different from the special definition found in financial markets and insurance institutions that have formal risk management departments.)
Typical security architecture artifacts would include:
- Business rules regarding handling of data/information assets
- Written and published security policy
- Codified data/information asset ownership and custody
- Risk analysis documentation
- Data classification policy documentation
Knowing the above security architecture criteria is only part of the picture as implementation the same requires the right security expert to know where and why these security layers are needed and required. It does makes sense “The building is as strong as the building plan & the men building it”. So is the same with your organization’s security architecture.