Security Architecture
Information technology endures several processes that are interconnected to some extent. Each process plays a critical role in ensuring healthy and reliable IT in an organization. For instance, security architecture provides a lineup of the organization IT design, enterprise architecture ensures the proper understanding application of the IT systems. At the same time, the risk assessment focuses on the safety of information, providing protection and management plans for the information systems. Ideally, enterprise architecture, security architecture, risk management, and ARA/ATASM play diversified roles in the IT environment, although they show some interconnections.
Security Architecture
Security architecture is among the products and systems that the vendors develop for guiding while designing a product. It is merely the design artifacts describing the positioning of the security measures and describing the relationship to the overall architecture systems. However, the controls play a vital role in maintaining the quality system, attributes of the like confidentiality, integrity as well as availability.
Currently, businesses need to have a strong as well as a robust security architecture framework for the protection of sensitive and vital information that is vulnerable to attacks. Development of more robust security architecture is associated with fewer security breaches since most attackers target the common vulnerabilities of cybersecurity sharing from the organizations which are less vigilant, with weak established security architecture framework. Security architecture provides a base for strengthening the security, closing the common weaknesses in an organization, which in turn reduces the risks of attacks that breaches the information.
The security architecture also acts as a subject to specific information security standards such as the PCI DSS, HIPAA, GLBA, and GDPR. The Payment Card Industry Data Security Standard, PCI DSS, targets the security of the business, which handles the payment card information stating its expectation of flow. HIPAA provides a guideline for the protection of information followed by the insurance companies and healthcare (Sindhu et al., 2019). However, the GLBA is a standard covering the information needs of the security companies as well as the financial institutions; for instance, banks and insurance banks, the act guides to ensure the client’s data safety. Following the General Data Protection Regulation, GDPR, of the European Union, the rights of the data subjects that the organization may be serving and holding their essential information are guaranteed. The reasons in this perspective include the denial to collect personal data and the right to forgot the client’s requests.. Don't use plagiarised sources.Get your custom essay just from $11/page
Enterprise Architecture
Enterprise architecture refers to the process of standardizing and organizing the IT infrastructure of an organization, purposely to ensure alignment with the goals of the organization. The process strategies also result in digital transformations, growth of IT, and modernization as well. Enterprise architecture is known for helping the business and IT leaders in capturing, understanding, and articulating opportunities as well as challenges and risks, inclusive of targets to security.
Management of complexity plays an essential role in enterprise architecture. The modern organizations are seemingly complicated with different systems as well as applications that vary depending on the importance and prominent; hence the enterprise architecture is necessarily proving the holistic view of the organization concerned (Hinkelmann et al., 2016). The provision of the top-down, holistic view of the organization means that the organization is rendered efficient and confident in assessing the assets. The evidence of such a statement is observed in impact analysis in which the organization streamlines its tech stack and cuts on costs. The process also uncovers the redundancies with various applications addressing the same process.
The enterprise architecture supports the creation of actionable EA deliverables, which are signature ready. Besides the assessment of the capabilities of an organization, the top-down, holistic view that the enterprise architecture provides helps in the identification of gaps. The creation of a better understanding of the enterprise architecture reflects the informed investment decisions that the organization can make competently. Also, the enterprise architecture helps understand the more pressing concerns that are identifiable and make it possible for the creation of roadmaps that reflect the priorities of the organization. Probably, the organization meets the currents demands of operation and its opportunities while navigation the disruptions focusing on a long term strategic vision.
However, the enterprise architecture of an organization can increase the agility and speed to value. The rapidly growing technology and rampant transformations clarify the need for enterprise architecture tools(Hansen & Hacks, 2017). Once the organization understands its enterprise architecture, it becomes better equipped for the evaluation and implementation of new technology time and efficiently. The ZEA tools increase the speed of analysis and decision support for investments alternatively and to rationalize and optimize opportunities, including the plans for the assessment of risks, change, and the impacts on the organization.
ARA/ATASM
The architecture risk assessment focuses on the evaluation and management of risks in the information systems. Considerably, risk management is significant in all businesses as it manages and monitors the ever-changing risk environments. The architecture in this perspective is a structural design encompassing the components, inputs processes, and outputs. The method of architecture risk assessment ARA goes hand in hand with a threat modeling strategy that applies ATASM, that is, architecture, threat, attack surfaces, and mitigation as a procedure of dealing with risks (Jaatun, 2019). The steps abbreviated as ATASM are essential because:
- They initiate an understanding of the architecture from the security context.
- They list credible risks and threats in the IT of an organization.
- They state the method in which the information is likely to be attacked.
- They list the attack surfaces of the threats to necessitate risk management.
- They help in setting security requirements in the organization.
Architectural risk assessment assesses and addresses the risks throughout the software life. It, however, encompasses the process of identification of assets, analysis of the risks, mitigation of the risks, management of risks as well as measurement (Faily et al., 2012). In each phase, the business aims at guiding the factor for risk analysis. The architectural risk analysis process targets the identification and evaluation of risks, their impacts, and recommendation of measures to reduce the risks.
Risk Assessment
Risk assessments are critical in an organization as they form an integral part of health and safety management plan occupationally. The assessment creates awareness of potential hazards and risks. However, the most vulnerable in this perspective are employees, cleaners, visitors, contractors, and the public at large.
Other importance of risk assessment in an organization includes:
- Identifying those at risk.
- They are determining the control program requirement in the organization.
- To evaluate the available control measures and determine their adequacy.
- Prevention of injuries and illnesses, mainly when designing and planning (Osterrieder & Lorenz, 2017).
- Prioritizing hazards and their control measures.
- Meeting the legal requirements if necessary.
The risk assessment process is aimed at evaluating the hazards, removing or minimizing them at their level of risks by application of control measures, creating a safe and healthy working environment. However, the risk assessment in the field of information technology plays a critical role in making decisions whether a particular system is acceptable or not, and the measures to ensure its acceptability. Risk assessment is significantly applicable in any business using IT.
Owning and managing a business using IT requires the overall leader to focus on risk management for IT systems, to reduce risks, and come up with a response plan for the dangers affecting Information technology. It is a legal obligation of business owners to ensure the privacy of electronic transactions, and staff train that has a direct influence on IT risk management strategies (Slovic, Fischhoff & Lichtenstein, 2016). The risks targeted by assessments include; failure of hardware and software, errors made by humans, viruses, spam, and malicious attacks amongst the natural disasters such as fire, cyclones, or floods. The assessment of the risks is the key to managing the risks.
Consequently, architecture, security architecture, risk management, and ARA/ATASM are all aimed at risk management in information systems. They provide procedures on assessment, identifying the risks, prevention measures of the risks, and other information concerning possible risks and vulnerability of information. The interconnection of strategies is seen in their functions, which generally revolve around a single objective of ensuring the protection of data of organizations.
References
Faily, S., Lyle, J., Namiluko, C., Atzeni, A., & Cameroni, C. (2012, October). Model-driven architectural risk analysis using architectural and contextualized attack patterns. In Proceedings of the Workshop on Model-Driven Security (pp. 1-6).
Jaatun, M. G. (2019, December). Architectural Risk Analysis in Agile Development of Cloud Software. In 2019 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (pp. 295-300). IEEE.
Hansen, P., & Hacks, S. (2017). Continuous delivery for enterprise architecture maintenance. Full-scale Software Engineering/The Art of Software Testing, 56.
Hinkelmann, K., Gerber, A., Karagiannis, D., Thoenssen, B., Van der Merwe, A., & Woitsch, R. (2016). A new paradigm for the continuous alignment of business and IT: Combining enterprise architecture modeling and enterprise ontology. Computers in Industry, 79, 77-86.
Sindhu, P., Aybay, G., Frailong, J. M., Venkatramani, A., & Vohra, Q. (2019). U.S. Patent No. 10,454,849. Washington, DC: U.S. Patent and Trademark Office.
Osterrieder, J., & Lorenz, J. (2017). A statistical risk assessment of Bitcoin and its extreme tail behavior. Annals of Financial Economics, 12(01), 1750003.
Slovic, P., Fischhoff, B., & Lichtenstein, S. (2016). Response mode, framing, and information-processing effects in risk assessment. The perception of risk (pp. 192-205). Routledge.