What do you think?
Rate this book
Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects
Plan and design robust security architectures to secure your organization's technology landscape and the applications you develop
Key FeaturesLeverage practical use cases to successfully architect complex security structuresLearn risk assessment methodologies for the cloud, networks, and connected devicesUnderstand cybersecurity architecture to implement effective solutions in medium-to-large enterprisesBook DescriptionCybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization.
With this book, you'll explore the fundamentals of cybersecurity addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs.
By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.
What you will learnExplore ways to create your own architectures and analyze those from othersUnderstand strategies for creating architectures for environments and applicationsDiscover approaches to documentation using repeatable approaches and toolsDelve into communication techniques for designs, goals, and requirementsFocus on implementation strategies for designs that help reduce riskBecome well-versed with methods to apply architectural discipline to your organizationWho this book is forIf you are involved in the process of implementing, planning, operating, or maintaining cybersecurity in an organization, then this security book is for you. This includes security practitioners, technology governance practitioners, systems auditors, and software developers invested in keeping their organizations secure. If you’re new to cybersecurity architecture, the book takes you through the process step by step; for those who already work in the field and have some experience, the book presents strategies and techniques that will help them develop their skills further.
Table of ContentsWhat is Cybersecurity Architecture?The Core of Solution BuildingBuilding an Architecture – Scope and RequirementsBuilding an Architecture – Your ToolboxBuilding an Architecture – Developing Enterprise BlueprintsBuilding an Architecture – Application BlueprintsExecution – Applying Architecture ModelsExecution – Future- ProofingPutting It All Together
Key FeaturesLeverage practical use cases to successfully architect complex security structuresLearn risk assessment methodologies for the cloud, networks, and connected devicesUnderstand cybersecurity architecture to implement effective solutions in medium-to-large enterprisesBook DescriptionCybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization.
With this book, you'll explore the fundamentals of cybersecurity addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs.
By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.
What you will learnExplore ways to create your own architectures and analyze those from othersUnderstand strategies for creating architectures for environments and applicationsDiscover approaches to documentation using repeatable approaches and toolsDelve into communication techniques for designs, goals, and requirementsFocus on implementation strategies for designs that help reduce riskBecome well-versed with methods to apply architectural discipline to your organizationWho this book is forIf you are involved in the process of implementing, planning, operating, or maintaining cybersecurity in an organization, then this security book is for you. This includes security practitioners, technology governance practitioners, systems auditors, and software developers invested in keeping their organizations secure. If you’re new to cybersecurity architecture, the book takes you through the process step by step; for those who already work in the field and have some experience, the book presents strategies and techniques that will help them develop their skills further.
Table of ContentsWhat is Cybersecurity Architecture?The Core of Solution BuildingBuilding an Architecture – Scope and RequirementsBuilding an Architecture – Your ToolboxBuilding an Architecture – Developing Enterprise BlueprintsBuilding an Architecture – Application BlueprintsExecution – Applying Architecture ModelsExecution – Future- ProofingPutting It All Together
420 pages, Kindle Edition
Published November 20, 2020
14 people are currently reading
43 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 5 of 5 reviews
March 15, 2024
This book has a lot of good material, basing itself on mainstream standards (ISO 27001, 31000) and frameworks (TOGAF, SABSA, COBIT). It provides a structure for information security architecture that works well.
There are some oddities in it also, like the division of security in network security and application security only, as if e.g. physical security and Human Resources security don't exist. This limits the focus of the book to the technical side of infosec only.
The writers are also enormously wordy and repeat things frequently. The contents of this book could have been effectively presented in half of its pages (and using more diagrams).
Overall, decent content, though and one to keep as a reference.
There are some oddities in it also, like the division of security in network security and application security only, as if e.g. physical security and Human Resources security don't exist. This limits the focus of the book to the technical side of infosec only.
The writers are also enormously wordy and repeat things frequently. The contents of this book could have been effectively presented in half of its pages (and using more diagrams).
Overall, decent content, though and one to keep as a reference.
March 4, 2024
This might be the best book on security architecture for both referencing enterprise level frameworks and also the application threat models or secure-by-design methods. Most architecture books focus one or the other, but not both, that is, you either see SABSA or TOGAF level abstract framing or application security discussions towards OWASP top ten. Diana Kelley and Ed Moyle successfully combine the network/infrastructure architecture with application architecture. Interviewing experts from both sides like John Sherwood, Adam Shostack, Gunnar Peterson, Andy Clark, Mark Simos, Steve Orrin and many others they offer a very practical security architecture guide as captured in the title.
December 16, 2023
Review Summary: Practical Security Architecture
Pros:
o YAGNI-focused: Prioritizes practicality and only building what's needed.
o Agnostic: Draws from various frameworks like SABSA, TOGAF, and Open Group without getting bogged down in methodology debates.
o Short, readable, and grounded: Easy to digest and full of practical insights.
o Thought-provoking: Challenges assumptions and encourages critical thinking.
o Improves risk management and threat modeling: Offers valuable insights on these crucial areas.
Cons:
o Overemphasis on likelihood: The book's focus on quantifying likelihood in risk assessments might be unnecessary, especially for public-facing applications where most threats are eventually relevant.
o Alternative approach to likelihood: The reviewer suggests setting likelihood to a constant and focusing on impact, simplifying the process and potentially resembling bug bars.
Overall:
The reviewer highly recommends "Practical Security Architecture" for anyone involved in security architecture, especially those who previously found it daunting. It offers practical guidance, promotes critical thinking, and provides valuable insights into risk management and threat modeling.
Additional Notes:
o The review highlights the book's value in shifting focus from theoretical frameworks to practical application.
o The reviewer's alternative approach to likelihood adds an interesting perspective to the discussion of risk assessment.
Pros:
o YAGNI-focused: Prioritizes practicality and only building what's needed.
o Agnostic: Draws from various frameworks like SABSA, TOGAF, and Open Group without getting bogged down in methodology debates.
o Short, readable, and grounded: Easy to digest and full of practical insights.
o Thought-provoking: Challenges assumptions and encourages critical thinking.
o Improves risk management and threat modeling: Offers valuable insights on these crucial areas.
Cons:
o Overemphasis on likelihood: The book's focus on quantifying likelihood in risk assessments might be unnecessary, especially for public-facing applications where most threats are eventually relevant.
o Alternative approach to likelihood: The reviewer suggests setting likelihood to a constant and focusing on impact, simplifying the process and potentially resembling bug bars.
Overall:
The reviewer highly recommends "Practical Security Architecture" for anyone involved in security architecture, especially those who previously found it daunting. It offers practical guidance, promotes critical thinking, and provides valuable insights into risk management and threat modeling.
Additional Notes:
o The review highlights the book's value in shifting focus from theoretical frameworks to practical application.
o The reviewer's alternative approach to likelihood adds an interesting perspective to the discussion of risk assessment.
December 30, 2024
I found this book to be disappointing. While the book aims to provide guidance for cybersecurity architects, its content felt overly long and repetitive, with little payoff. Instead of delivering actionable, technical advice, the authors focused heavily on processes and frameworks, often reiterating the same concepts without adding new insights.
For readers seeking practical, hands-on techniques or detailed examples of designing secure systems, the book falls short. The lack of technical depth made it feel more like a high-level management text than a guide for practitioners in the trenches. Overall, while the book may appeal to those who are new to cybersecurity processes, experienced professionals looking for substantive technical advice are likely to find it underwhelming.
For readers seeking practical, hands-on techniques or detailed examples of designing secure systems, the book falls short. The lack of technical depth made it feel more like a high-level management text than a guide for practitioners in the trenches. Overall, while the book may appeal to those who are new to cybersecurity processes, experienced professionals looking for substantive technical advice are likely to find it underwhelming.
June 11, 2024
The book is great for the very high level view of enterprise security architecture. The interview pieces and case studies are particularly interesting. On the other hand, it could be less repetitive and pragmatic.
Displaying 1 - 5 of 5 reviews