1. Home
  2. Insights
  3. Blog
  4. What is Architecture & System Design?
On 2021-02-09
Cybersecurity

What is Architecture & System Design?

museum exhibition
Summary

We often hear news about critical and negative events in the life of a business.

In our society, tragic events and tales of failure are more appealing than successes and the news reflects that. How many people know the latest details about COVID-19 today and how many know about the ITER project and its tremendous stakes?

The world of cybersecurity is no different: we often hear about intrusions and data leaks but hear no news about organizations that excel at self-defense. In our opinion, self-defence is all about security by design: Compliance, Security risk assessment, Security in Architecture and System Design. The purpose of A&SD is simple: Technically design products and services that are resilient to malicious acts.

Who is involved?

Two professions are deeply involved in the development of an organisation’s self-defence:

  • Security Architects: are in charge of creating a comprehensive vision of security within a company, defining a defense-in-depth strategy and ensuring technical consistency in the security of products, services and the company itself.
  • System Designers: are in charge of designing and implementing security functions of the products and services offered by a company and of detailing security implementation, configuration and test plans.

According to us, these jobs are currently at the forefront of cybersecurity and of business projects and we believe that organizations that rely on a “Security by design” approach based on A&SD principles and Risk analysis methods are those who excel the most.

Which risk analysis methods can be used?

The arrival of new, more formal risk analysis methods such as EBIOS RM, the understanding of cyber-attacks mechanics as formalised in MITRE ATT&CK and the variety of research projects on modeling of security in systems engineering, show an improved understanding of the Architecture and System Design domain as well as its increasing maturity.

We can see the first effects of this increasing maturity as CIOs put these professions at the center of their priorities and strategic business decisions. It is after all, the deployment of adequate technical solutions to protect against malicious acts that keep their companies out of the news.

 

Want to learn the EBIOS RM method?

Check out our training catalogue!

EBIOS RISK MANAGER TRAINING CS2

Objectives:

• Acquire the knowledge and develop the skills necessary to master the
concepts and elements of risk management using the EBIOS Risk Manager
v1.5 method.

•  Acquire the vocabulary and knowledge required to become familiar
with the methodology and develop the necessary skills, with practical
exercises, simulations and tests.

Completion of the Airbus Protect Training Course CS2, registered
under n°EBIOS-002, for EBIOS Risk Manager skills certification
combined with the requested prerequisites, qualifies participants to
take the AFNOR Certification exam, endorsed by the EBIOS Club.

Download the training catalogue
training catalogue cover
  • Share

More on Cybersecurity

product security Cybersecurity

What is Product Security?

Product Security: The invisible Shield.  In the era of modern and interconnected world, Product Security acts as an unseen defense whose tangible effects are clearly observed and felt in our daily lives. While Product Security and Cybersecurity are intrinsically linked, however, they diverge in their priorities especially within the Operational Technology and Critical infrastructure. Cybersecurity, [...]

Read more
embed resilience into the DNA of all critical operations and functions Cybersecurity

It’s time to embed resilience into the DNA of all critical operations and functions

We have begun to live in a world where unpredictability is a part of daily life; where geopolitical tensions are more frequent, recovery timeframes are shorter, keeping economic balance is harder, and trajectories are switchbacked. In a competitive environment overwhelmed by transformation and restructuring, the defining requirement for organisations is no longer speed, quality, or […]

Read more
Netwars and Cyber Interview Cybersecurity

Airbus Protect shines in international cybersecurity competition

Once a year, just before the Christmas break, cybersecurity experts from around the world gather together and compete in the SANS NetWars Tournament of Champions, an invite-only cybersecurity competition featuring the top-scoring 200 players from their regional equivalents. This competition tests cybersecurity professionals across hands-on challenges in penetration testing, forensics, and threat detection. Competitors solve [...]

Read more