Designing your optimal security architecture – Our Services help you to avoid information security risks and ensure you achieve sustainable business growth
Security architecture alignment
When organisations plan and build network architecture and business systems architectures, too often security architecture design is an “after-thought”. Organisations neglect to include in their physical and logical topologies the security policies, technology standards, guidelines, and security architecture. Where business critical business systems are planned, security architecture designs and configuration do not systematically adhere to the same Systems Development Lifecycle (SDLC) that is followed by business systems. The risk to your business operations is raised where your security architecture is not part of the business systems plan, design, build and run. For example, implementing an ERP solution where the technical impact of the reverse proxy is not considered. Instead, in this example, the same SDLC methodology rigour that is applied to the ERP should be applied to the reverse proxy, as part of the critical path in the Project Plan.
Enterprise security architecture framework
We assist with your Security Architecture designs and optimization based on the Open-Enterprise Security Architecture (O-ESA), NIST 800-53, SANS Top 20 Critical Security Controls, COBIT, and ISO27001/2. We assist with the high level and low level designs across the Security in Depth (Security Technology Architecture) covering: Conceptual Architecture, Logical Architecture, and Physical Architecture.
Conceptual architecture is the conceptual structure for policy enforcement through security services. Logical architecture is the logical components for the security services. Physical architecture is specific security products and how they are connected and what functionality, performance and reliability they provide. We assist with the high level and low level designs across security in depth layers.
The GRCBizassurance solution delivery team has implemented several of these security tools in various clients.
We will apply our proven security lifecycle methodology to implement selected security solutions in your organisation based on your “defence in depth” requirements as depicted below.
Your organization will be able to:
- Adopt a scalable enterprise security solution architecture & roadmap, and architecture repositories based on a fit for purpose information security
- Ensure compliance to Enterprise Open Security Architecture leading practices – and your security Policies
- Ensure that solutions that “go live” are not a risk for your business – i.e. compliant to your security policies and security frameworks found in SANS, NIST, CIS, COBIT, King III, ISO27001/2
- Optimize technical and business value from your security architecture portfolio investment