Respond to each question below. Remember to cover all aspects of the question.
1. Successful security architecture needs upper management to support effective security standards and protocols. However, there are possible disadvantages to upper management involvement. List and describe the tradeoffs in the business between rigorous security and delivering products to customers. Go beyond merely the automated solutions or the technical checks that can be done without much human support.
2. Examine how capturing, standardizing, applying patterns, and standard solutions help to increase efficiency and maintain delivery teams’ velocity. Provide at least 3 real-world examples which describe and examine how they provide the velocity. Do not simply provide a list of things teams can do but for each idea, define the idea and explain its relevance.
3. Schoenfield lists several components of a successful security architecture practice, such as broad support across the organization, recruitment, and training of security architects with the right kind of aptitude and interest, effective security requirements that enhance but do not slow down the innovation process, and finally, indicators that the security architecture team is being well utilized and adding value to project development. Describe what each of these components is and explain how each is relevant to security development. Include detail and examples.
TextBook: Schoenfield, Brook S.E. – Securing Systems: Applied Security Architecture and Threat Models, CRC Press, 2014 ISBN: 978-1-4822-3397-1
The Top questions should be covered from the concept of the below 13 chapters of Security Architecture and Design:
Chapter 1: Introduction
Chapter 2: The Art of Security Assessment
Chapter 3: Security Architecture of Systems
Chapter 4: Information Security Risk
Chapter 5: Prepare for Assessment
Chapter 6: eCommerce Website
Chapter 7: Enterprise Architecture
Chapter 8: Business Analytics
Chapter 9: Endpoint Anti-malware
Chapter 10: Mobile Security Software with Cloud Management
Chapter 11: Cloud Software as a Service (SaaS)
Chapter 12: Patterns and Governance Deliver Economies of Scale
Chapter 13: Building an Assessment Program