Tuesday, 17 January 2017

Generic Architecture Design Principles and Considerations


Reference: Enterprise Security Architecture, A guide to Infosec Management


When designing any architecture there are certain principles need to be considered and followed. They will assure the architecture is aligned with business strategy, vision and goals. 

Usually Enterprise architect team is responsible of defining those principles with senior management help and guidance. Below are some principles to be used when designing security architecture.

  1. Principle 1: Comprehensive Documentation
  2. Principle 2: No plan is fool-proof
  3. Principle 3: Successful business operation supported by reasonable and appropriate controls
  4. Principle 4: Business requirements require translation into forms that technical architecture designers can form into conceptual models
  5. Principle 5: It makes no sense to design something the engineers can’t build
  6. Principle 6: Partial understanding results in incomplete designs
  7. Principle 7: Use attach trees
  8. Principles 8: Business and technical users will avoid complex and hard to use security controls
  9. Principle 9: Testing models and final architecture implementations must take into consideration design
  10. Principle 10: Ensure architecture constraints are reviewed during the change management process
  11. Principle 11: Frequently assess risk
  12. Principle 12: Meeting security requirements means the architecture is compliant with regulatory and best practise constraints


No comments:

Post a Comment