On 2021-02-09
Cybersecurity

What is Architecture & System Design?

museum exhibition
Summary

We often hear news about critical and negative events in the life of a business.

In our society, tragic events and tales of failure are more appealing than successes and the news reflects that. How many people know the latest details about COVID-19 today and how many know about the ITER project and its tremendous stakes?

The world of cybersecurity is no different: we often hear about intrusions and data leaks but hear no news about organizations that excel at self-defense. In our opinion, self-defence is all about security by design: Compliance, Security risk assessment, Security in Architecture and System Design. The purpose of A&SD is simple: Technically design products and services that are resilient to malicious acts.

Who is involved?

Two professions are deeply involved in the development of an organisation’s self-defence:

  • Security Architects: are in charge of creating a comprehensive vision of security within a company, defining a defense-in-depth strategy and ensuring technical consistency in the security of products, services and the company itself.
  • System Designers: are in charge of designing and implementing security functions of the products and services offered by a company and of detailing security implementation, configuration and test plans.

According to us, these jobs are currently at the forefront of cybersecurity and of business projects and we believe that organizations that rely on a “Security by design” approach based on A&SD principles and Risk analysis methods are those who excel the most.

Which risk analysis methods can be used?

The arrival of new, more formal risk analysis methods such as EBIOS RM, the understanding of cyber-attacks mechanics as formalised in MITRE ATT&CK and the variety of research projects on modeling of security in systems engineering, show an improved understanding of the Architecture and System Design domain as well as its increasing maturity.

We can see the first effects of this increasing maturity as CIOs put these professions at the center of their priorities and strategic business decisions. It is after all, the deployment of adequate technical solutions to protect against malicious acts that keep their companies out of the news.

 

Want to learn the EBIOS RM method?

Check out our training catalogue!

EBIOS RISK MANAGER TRAINING CS2

Objectives:

• Acquire the knowledge and develop the skills necessary to master the
concepts and elements of risk management using the EBIOS Risk Manager
v1.5 method.

•  Acquire the vocabulary and knowledge required to become familiar
with the methodology and develop the necessary skills, with practical
exercises, simulations and tests.

Completion of the Airbus Protect Training Course CS2, registered
under n°EBIOS-002, for EBIOS Risk Manager skills certification
combined with the requested prerequisites, qualifies participants to
take the AFNOR Certification exam, endorsed by the EBIOS Club.

training catalogue cover
  • Share

More on Cybersecurity

Beyond the alert: Engineering true resilience through a unified, AI-enhanced SOC Cybersecurity

Beyond the alert: Engineering true resilience through a unified, AI-enhanced SOC

Navigating the modern threat landscape is an ongoing challenge for UK Critical National Infrastructure (CNI) and Government organisations. As cyber threats grow more sophisticated and regulations tighten, the limitations of traditional, isolated "black box" monitoring become more apparent. When a complex incident occurs, a flood of automated notifications is rarely enough to ensure continuity; teams [...]

Read more
The human factor in security architecture Cybersecurity

The human factor in security architecture: Designing for usability without compromising security

In cybersecurity, conversations often focus on advanced threats and complex algorithms. Yet, a crucial element is frequently overlooked: the human factor. No matter how robust a security system, its effectiveness depends on how well it works with the people who use it. This highlights a fundamental challenge: designing for usability without compromising security. The inherent […]

Read more
Table mythos or mirage Cybersecurity

Mythos or mirage: The hidden burden of agentic security

The recent arrival of Claude Mythos Preview has been met with the usual industry fanfare, promising a new era of agentic security where AI finally moves from being a passive observer to an active defender. However, as we have seen with every previous iteration of machine learning in this space, unbridled enthusiasm usually precedes a [...]

Read more