Security Architecture Development is designed for information security professionals involved with enterprise-wide security planning or acquisition of systems and software that contain information security components. This course is designed to deliver an understanding of key security architecture concepts and implementation. This course overlaps with the Information Systems Security Architecture Professional (ISSAP) certification; however, the focus does not fully align with the certification syllabus.
Presentation: The facilitator will explain content to participants using PowerPoint to guide the presentation. Multiple examples will be used to clarify points.
Short Lecture/Discussion: The facilitator will engage participants in conversation by asking questions and encouraging them to respond. Participants will be encouraged to provide examples from their experience.
Individual/Group Activity: Participants will work in small teams or individually to study example problems and develop solutions based on course content. The facilitator will debrief with the entire class at the end of the activity.
After completing this workshop, participants will be able to:
1. -Understand the value of enterprise architecture and security architecture to the enterprise security posture and security investment strategy.
2. -Identify and understand the benefits and limitations of common enterprise and security architecture frameworks.
3. -Identify security-relevant functions within information technology systems and relationships between security functions resident within multiple systems in the environment.
4. -Understand and execute security requirement generation and allocation between multiple systems or system components for security-relevant functions.
5. -Understand enterprise-level threat modeling and risk analysis and relate organizational risk to investments in security systems or functions.
6. -Understand critical organizational and engineering processes to control the implemented security architecture and verify that it is consistent with the design architecture.
Day 1: Security Architecture Unraveled:
• Module 1: Introduction to Security Architecture
• Module 2: Enterprise Architecture Frameworks
• Module 3: Security Architecture Frameworks
• Module 4: Activity: Defining Relationships Using Architectural Descriptions
• Module 5: Threat Modeling and Risk Analysis
• Module 6: Security Requirements Generation
• Module 7: Organizational Analysis
• Module 8: Activity: Defining the Problem and Scoping a Solution
Day 2: Systems Security Engineering Phases
• Module 1: Case Studies
• Module 2: System, Service, and Function Discovery
• Module 3: Allocating Security Functions and Requirements
• Module 4: Activity: Allocating Security Requirements Across the Enterprise
• Module 5: Controlling Critical Functional Relationships
• Module 6: Constructing the Security Architecture
• Module 7: Activity: Putting It All Together
Who should attend?
Information system security professionals or developers involved with IT systems resourcing, requirements, design, or development. The focus of this course is targeted towards the chief information officer (CIO) or their staff, the chief information security officer (CISO) or their staff, enterprise architects, security architects, and security engineers. Participants should include individuals managing multiple IT systems or information security systems.
The ideal candidate should have experience, skills, or knowledge in:
• Information risk management
• System or software design
• System or software development
• Enterprise IT acquisition