Friday, June 03, 2005

Security Architecture

I am doing a consulting for a company. They want me to create a security architecture for their company. The problem is, there are several meanings to "security architecture".

In one book, "security architecture" means application or software security. In Cisco's and Microsoft's views (at least from their papers), security architecture relates to network security. In CISSP books, security architectures refers to access control (and the different models). From a consulting firm, such as PWC, security architecture means a (security) framework, which is a high level concept. Another consulting firm thinks that security architecture means activities. Confusing.

My take on this? Well, I think security architecture is just like building architecture. It is composed of functional building blocks. In a house (or building), you have a living room, bedroom, kitchen, garage, garden, etc. In security, you'll have the equivalent building blocks, such as identity management system, authentication system, authorization and access control, and so on and so on. Now, all I have to do is arrange these blocks according to a certain engineering standard (and taste to make it elegant). Strangely, nobody has come up with this kind of idea.

What do you think? Pointers, please ...

3 comments:

husein said...

saya kurang tahu mengenai arsitektur keamanan karena selama ini baru juga belajar tentang komputer .

namun sepertinya ide Anda benar2 di jelaskan dengan sederhana ya, mungkin juga seperti itu . Siapa , dimana , dan kapan seseorang bisa atau boleh masuk ruangan.

ide yg bagus.

kusaeni

theplogmaster said...

Dig it..

Client kita mungkin bukan orang teknis yang tahu arti jargon2 software . Yang dia inginkan mungkin simple , secure !! hehehe mungkin pak Budi bisa gali lagi kebutuhan mereka :D

sybond said...

..definisi yang anda berikan cukup menjelaskan.

BTW salam kenal Bpk Budi.