--Originally published at Security
The Security Architecture and Tool Sets have 5 objectives, and I will define in my words each one of them and add some thoughts about them.
- As we saw every project must have some security frameworks, policies, controls and procedures, but it is extremely important to also have Quality Control measures to verify and check the precense and efectiveness of security controls. I think that this is the main objetive because it’s useless having frameworks or procedures if you’re not sure that they work properly.
- Nowadays data is usefull for so many purposes, and even security is one of them. You can use data to recommend remedies of security issues. Which data? You can use location, frecuency and behavior.
- The third objective is being able to review security architectures and have the knowledge to implement compensating controls.
- The fourth one is use security best practices in the software development lifecycle, because as Ken said, you cannot left security to the end, and add it as a complement. You must be thinking about it since the beginning of the project.
- The final objetive is being able to compare and contrast various cybersecurity tools and technologies. This doesn’t mean that you should know how to use and implement each one of them, but it is important to know their perks so you can decide which one implement in different escenarios.