It is essential as a security expert to be able to evaluate potential risks within the security infrastructure in order to position security controls/countermeasures.
Create an overall security architecture structure diagram with descriptions of the architecture components making sure to:
- Identify all types of data and sensitive data the organization will store.
- Define where that information is stored.
- Record all hardware and software devices in your network.
- Describe how the security controls are positioned and how they relate to the overall systems architecture.
- Define security attacks, mechanisms, and services, and the relationships between these categories.
- Specify when and where to apply security controls.
- Present in-depth security control specifications.
- Address restricting access, layering security, employing authentication, encrypting storage, automating security, and IT infrastructure.
- Include the full scope of policy, procedural, and technical responsibilities.