ICTCYS613 Ebook v1.0

Page | 2
Table of contents
Overview ...................................................................................................................................................... 5
1 Prepare to Design Security Infrastructure ..................................................................................... 23
1.1 Analyse an organisation's operation and infrastructure ............................................................. 24

1.2 Research and identify industry standard design methodologies ................................................ 29
1.3 Determine security level and perimeters, security features and security mode ......................... 38
1.4 Establish all data types to be included in security architecture .................................................. 53
1.5 Document security architecture findings .................................................................................... 62
Case Study: Brewed Awakening ............................................................................................................. 69
2 Design Security Architecture .......................................................................................................... 73
2.1 Establish and document specific requirements and features ..................................................... 74

2.2 Design and document security solution ..................................................................................... 83
2.3 Submit documentation for initial feedback ................................................................................. 93
Case Study: Brewed Awakening ............................................................................................................. 95
3 Finalise Security Architecture ......................................................................................................... 98
3.1 Demonstrate security design utilises major industry standard design methodologies............... 99
3.2 Demonstrate security design addresses organisational cyber security requirements ............. 102
3.3 Submit documentation and seek and respond to feedback ..................................................... 106
© Copyright. Monarch Institute 2023. All rights reserved. ICTCYS613 eBook v1.0
Page | 3
Getting the most out of the resources for this unit

The content and structure of this eBook is designed to:
• Support your learning journey and
• Ensure you gain the knowledge and skills to achieve your career goals.
Throughout this eBook you will find:
• Learning content that includes:
o Reading material to develop your understanding of the topic.
o Links to external websites, reading content, podcasts, and videos to supplement the eBook
content.
• Examples that illustrate how the reading material translates into workplace skills.
• A Case Study that demonstrates the application of the skills and knowledge of each section of this
eBook through a story-telling approach based on a single organisation: Brewed Awakening.
Once you have familiarised yourself with the above content for each section, you will be directed to
complete the Learning Quiz, to check your understanding of the topic.
Each of the above components will support you in the completion of the Assessment for this unit.
The structure of the resources will ensure you gain practical skills and experience in completing the tasks
and activities that are most expected in today’s modern workplace.
Page | 4
Glossary
Authentication The process of verifying the identity of a user or system
Confidentiality The principle that data should only be accessible by those who have been
authorised to access it
Defence-in-Depth A security approach that involves using multiple layers of Defence to protect
against potential threats
Encryption The process of converting data into a coded or encrypted format to protect it
from unauthorised access
Fail-Safe Defaults A security approach that involves setting default system configurations to the
most secure state possible
Least Privilege The principle that users or systems should only have access to the resources
or data necessary to perform their job function
Man-in-the-Middle A type of attack where an attacker intercepts communications between two

Attack parties to eavesdrop, steal data, or impersonate one of the parties
Non-Repudiation The principle that a user cannot deny having performed an action or transaction
Phishing A type of social engineering attack where an attacker attempts to trick a user
into revealing sensitive information, such as passwords or financial information
SABSA A security architecture framework that focuses on aligning security architecture

with business objectives
Security Architecture The design and implementation of security controls and protocols to protect a
system or network
Security Zones A security approach that involves dividing a network or system into separate
zones based on risk and access requirements
Separation of Duties The principle that different individuals or systems should be responsible for
different aspects of a security process
Social Engineering The use of psychological manipulation to trick users into revealing sensitive
information or performing actions that are against their best interest
Threat Landscape The overall picture of potential threats to a system or network
Zero Trust A security approach that involves assuming that all users and systems are
potentially malicious and requiring authentication and Authorisation for every
access request
Page | 5
Introduction
This unit describes the skills and knowledge required to design security architecture to organisation
requirements, utilising specific design methodologies.
It applies to those who work in roles as senior network systems and server administrators, cyber security
engineers, DevOps engineers and cyber security solutions architects and are responsible for designing
security solutions.
What is this Unit of Competency about?
Throughout this unit, you will learn how to:
• Prepare to design security infrastructure.
• Design security architecture.
• Finalise security architecture.
Overview
Principles of cyber security
This content may help you with Assessment: Activity 1.1
Cyber security is a critical concern for organisations of all sizes and industries. As we increasingly rely on
technology to conduct business, the risks of cyber-attacks, data breaches and other security incidents
have become more prevalent. Cyber security principles help guide organisations in protecting their digital
assets and safeguarding sensitive information. In this section, we will discuss the principles of cyber
security, including confidentiality, integrity, availability, authentication, authorisation, non-repudiation,
defence-in-depth, least privileges and continuous monitoring.
These principles are also referred as “Cyber Security Principles” in the eBook of unit ICTCYS407.
Page | 6
Confidentiality
Confidentiality refers to the protection of sensitive information from unauthorised disclosure. This principle
ensures that only authorised individuals have access to sensitive data, such as personal identification
information (PII), financial data and trade secrets.
It also refers to the protection of sensitive information from unauthorised access, disclosure, or use.
Confidentiality is important for many reasons, such as protecting personal data, financial information,
intellectual property, and other sensitive information that could be harmful or costly if disclosed to
unauthorised parties. Confidentiality is critical in protecting an organisation's reputation, financial stability,
and customer trust.
There are several ways to ensure confidentiality, including:
• Access control: Access control involves limiting access to sensitive information to authorised
personnel only. This can be achieved using authentication methods such as passwords, biometrics,
and two-factor authentication.
• Encryption: Encryption is the process of converting plain text into coded or scrambled text that can
only be read by authorised parties who have the decryption key.
• Data classification: Data classification involves categorising data based on its sensitivity level and
then applying appropriate security controls to each category.
• Secure communication channels: Confidential information should be transmitted over secure

communication channels, such as encrypted email, virtual private networks (VPNs), or secure file
transfer protocols.
• Physical security: Confidential information should be physically secured, such as by locking filing
cabinets or server rooms, to prevent unauthorised access.
In summary, confidentiality is a critical principle of cyber security that protects sensitive information from
unauthorised access, disclosure, or use. Adhering to access control measures, encryption, data
classification, secure communication channels and physical security can help to ensure confidentiality and
protect against cyber threats.
Page | 7
Integrity
Integrity refers to the accuracy and completeness of data throughout its lifecycle. This principle ensures
that data is not altered or destroyed in an unauthorised manner. Integrity is critical in ensuring the reliability
of data used for decision-making and other business operations.
It also refers to the accuracy, completeness and trustworthiness of data and systems. Maintaining integrity
is crucial because if data or systems are tampered with or corrupted, it can lead to significant harm or loss
for organisations and individuals.
There are several ways to ensure integrity, including:
• Access control: Access control is a fundamental aspect of integrity, as it limits who can access and
modify data and systems. Access should only be granted to authorised personnel with a legitimate
need to access the data or system.
• Data validation: Data validation is the process of checking data for errors, inconsistencies and other
issues that may impact its accuracy or completeness.
• Digital signatures: Digital signatures are used to verify the authenticity of digital data and ensure
that it has not been tampered with.
• Change management: Change management is a process that ensures that any changes made to
systems or data are documented, tested, and approved before implementation.
• Backups: Regular backups are essential to maintaining integrity, as they allow organisations and
individuals to restore data in the event of corruption or loss.
• System monitoring: System monitoring involves continuously monitoring systems and data for
unauthorised access or changes. This can help to identify and mitigate threats to integrity.
In summary, integrity is a critical principle of cyber security that ensures the accuracy, completeness and
trustworthiness of data and systems. Adhering to access control, data validation, digital signatures, change
management, backups and system monitoring can help to ensure integrity and protect against cyber
threats.
Page | 8
Availability
Availability refers to the timely access to data and services when needed. This principle ensures that
systems and data are accessible to authorised users, even in the event of a cyber-attack or other
disruption. Availability is critical in maintaining business operations and ensuring customer satisfaction.
It also refers to the assurance that data, systems, and services are available when needed and accessible
to authorised personnel. Maintaining availability is crucial for many reasons, such as ensuring business
continuity, customer satisfaction and maintaining system functionality.
There are several ways to ensure availability, including:
• Redundancy: Redundancy involves implementing backup systems and services to ensure that if
one system or service fails, another can take over without interruption to critical operations.
• Load balancing: Load balancing is the process of distributing network traffic across multiple servers
to prevent overload and ensure that systems remain available.
• Scalability: Scalability involves designing systems that can easily scale up or down based on
demand, ensuring that systems can accommodate fluctuating levels of traffic and usage.
• Disaster recovery: Disaster recovery involves implementing a plan for recovering from natural
disasters, cyber-attacks and other incidents that could cause a loss of availability.
• System maintenance: Regular system maintenance, including software updates and hardware
upgrades, is essential to ensuring system availability and preventing downtime due to system
failures.
In summary, availability is a critical principle of cyber security that ensures that data, systems, and services
are available when needed and accessible to authorised personnel. Adhering to redundancy, load
balancing, scalability, disaster recovery and regular system maintenance can help to ensure availability
and protect against cyber threats.
Page | 9
Authentication
Authentication refers to the process of verifying the identity of a user or system. This principle ensures that
only authorised individuals have access to systems and data. Authentication is critical in preventing
unauthorised access and protecting sensitive data.
It also refers to the process of verifying the identity of users, devices, or applications that are attempting to
access systems or data. Authentication is critical to ensure that only authorised users and devices have
access to sensitive information and to prevent unauthorised access.
There are several ways to ensure authentication, including:
• Passwords: Passwords are the most common form of authentication. Users must enter a username
and password to access systems or data.
• Biometrics: Biometrics involves using physical or behavioural characteristics, such as fingerprints or

voice recognition, to verify the identity of users.
• Smart cards: Smart cards are credit card-sized cards that contain an embedded microchip, which
can be used to verify the identity of users.
• Two-factor authentication: Two-factor authentication involves using two different methods of

authentication, such as a password and a fingerprint scan, to increase security.
• Single sign-on: Single sign-on (SSO) is a method of authentication that allows users to log in to
multiple systems or applications using a single set of credentials.
In summary, authentication is a critical principle of cyber security that ensures that only authorised users
and devices have access to sensitive information. Adhering to authentication measures such as
passwords, biometrics, smart cards, two-factor authentication and single sign-on can help to ensure
authentication and protect against cyber threats.
Page | 10
Authorisation
Authorisation refers to the process of granting access to data and systems based on user roles and
privileges. Authorisation is another important principle of cyber security.
It also refers to the process of granting or denying access to systems or data based on a user's role or
privileges. Authorisation is critical to ensuring that users only have access to the data and systems that
they need to perform their job functions and to prevent unauthorised access.
There are several ways to ensure Authorisation, including:
• Role-based access control: Role-based access control (RBAC) is a method of Authorisation that
grants access based on a user's job function or role within an organisation.
• Attribute-based access control: Attribute-based access control (ABAC) is a method of

Authorisation that grants access based on a user's attributes, such as job title, location, or
department.
• Rule-based access control: Rule-based access control (RBAC) is a method of Authorisation that
grants access based on a set of rules or policies that are defined by an organisation.
• Mandatory access control: Mandatory access control (MAC) is a method of Authorisation that is
typically used in government or military settings. It grants access based on a set of predefined
security labels.
• Discretionary access control: Discretionary access control (DAC) is a method of Authorisation that
grants access based on the owner of the data or system, who has the discretion to grant or deny
access to others.
In summary, Authorisation is a critical principle of cyber security that ensures that users only have access
to the data and systems that they need to perform their job functions. Adhering to Authorisation measures
such as role-based access control, attribute-based access control, rule-based access control, mandatory
access control and discretionary access control can help to ensure Authorisation and protect against cyber
threats.
P a g e | 11
Non-repudiation
Non-repudiation refers to the ability to prove the authenticity of a message or transaction. This principle
ensures that a user cannot deny sending a message or conducting a transaction. Non-repudiation is critical
in maintaining the integrity of data used for legal or regulatory compliance.
It also refers to the ability to prove that a user or device has taken a specific action and cannot deny having
taken that action. Non-repudiation is critical to ensuring accountability for actions taken and to prevent
fraud or malicious activity.
There are several ways to ensure non-repudiation, including:
• Digital signatures: Digital signatures are used to verify the authenticity of digital data and ensure
that it has not been tampered with. A digital signature can prove that a particular user or device has
signed a document or message and cannot deny having done so.
• Audit logs: Audit logs are records of events or actions that have occurred within a system or
network. They can be used to trace actions back to a specific user or device and provide evidence in
case of disputes or investigations.
• Timestamping: Timestamping involves adding a timestamp to data or documents to prove that they
were created or modified at a specific time. This can be used to prove when a particular action was
taken and who was responsible for it.
• Chain of custody: Chain of custody is a process used to document the handling of evidence to
ensure that it remains unaltered and admissible in court. It can be used to prove that data or
evidence has not been tampered with and that it can be attributed to a particular user or device.
In summary, non-repudiation is a critical principle of cyber security that ensures accountability for actions
taken and prevents fraud or malicious activity. Adhering to measures such as digital signatures, audit logs,
timestamping and chain of custody can help to ensure non-repudiation and protect against cyber threats.
Page | 12
Defence-in-depth
Defence-in-depth means implementing multiple layers of security to protect against various types of cyber
threats. Defence-in-depth is another important principle of cyber security.
It also refers to the practice of implementing multiple layers of security controls to protect against various
types of cyber threats. The idea behind Defence-in-depth is that if one layer of security fails, there are
additional layers in place to prevent or mitigate the impact of the attack.
There are several ways to implement Defence-in-depth, including:
• Network security: Network security involves implementing security controls at the network level,
such as firewalls, intrusion detection/prevention systems and network segmentation.
• Operating system security: Operating system security involves implementing security controls at
the operating system level, such as patch management, antivirus software and access control.
• Application security: Application security involves implementing security controls at the application
level, such as secure coding practices, penetration testing and vulnerability scanning.
• Physical security: Physical security involves implementing security controls at the physical level,
such as security cameras, access control systems and locks.
• Human factors: Human factors involve implementing security controls that address the actions of
people, such as security awareness training, social engineering testing and background checks.
In summary, Defence-in-depth is a critical principle of cyber security that involves implementing multiple
layers of security controls to protect against various types of cyber threats. Adhering to measures such as
network security, operating system security, application security, physical security and human factors can
help to implement Defence-in-depth and protect against cyber threats.
Page | 13
Least privilege
Least privilege means that users and devices should only have access to the minimum level of permissions
necessary to complete their tasks. It refers to the practice of limiting user access to only the resources and
privileges that are necessary to perform their job functions. The idea behind least privilege is to minimise
the potential impact of a security breach or unauthorised access.
There are several ways to implement least privilege, including:
• Role-based access control: Role-based access control (RBAC) is a method of granting access
based on a user's job function or role within an organisation. By limiting access to only the
resources and privileges that are necessary for the user's role, RBAC can help to implement least
privilege.
• Principle of least privilege: The principle of least privilege involves granting users the minimum
amount of access required to perform their job functions. This can help to prevent unauthorised
access and limit the potential impact of a security breach.
• Privilege separation: Privilege separation involves separating the duties of administrative and
non-administrative users. By limiting administrative access to only those who need it, privilege
separation can help to implement least privilege.
• User access reviews: User access reviews involve regularly reviewing user access to ensure that
users only have access to the resources and privileges that are necessary to perform their job
functions.
In summary, least privilege is a critical principle of cyber security that involves limiting user access to only
the resources and privileges that are necessary to perform their job functions. Adhering to measures such
as role-based access control, the principle of least privilege, privilege separation and user access reviews
can help to implement least privilege and protect against cyber threats.
Page | 14
Continuous monitoring
Continuous monitoring means keeping an ongoing watch for cyber threats and vulnerabilities and
addressing them promptly when they are identified. It refers to the practice of continuously monitoring
systems and networks for threats and vulnerabilities to detect and respond to security incidents in real-
time.
There are several ways to implement continuous monitoring, including:
• Network monitoring: Network monitoring involves monitoring network traffic for signs of
suspicious activity, such as unauthorised access attempts, malware infections and data exfiltration.
• Log monitoring: Log monitoring involves monitoring system logs for signs of suspicious activity,
such as failed login attempts, changes to system settings and unusual traffic patterns.
• Vulnerability scanning: Vulnerability scanning involves scanning systems and networks for
known vulnerabilities and patching them before they can be exploited by attackers.
• Threat intelligence: Threat intelligence involves gathering and analysing information about
current and emerging cyber threats to identify potential risks and respond to security incidents.
• Incident response: Incident response involves having a plan in place to respond to security
incidents in real-time. This includes identifying the source of the incident, containing the impact,
and implementing remediation measures to prevent future incidents.
In summary, continuous monitoring is a critical principle of cyber security that involves continuously
monitoring systems and networks for threats and vulnerabilities to detect and respond to security incidents
in real-time. Adhering to measures such as network monitoring, log monitoring, vulnerability scanning,
threat intelligence and incident response can help to implement continuous monitoring and protect against
cyber threats.
The principles of cyber security - confidentiality, integrity, availability, authentication, authorisation, non-
repudiation, defence-in-depth, least privilege and continuous monitoring - are all critical to maintaining a
strong cyber security posture. These principles work together to create a comprehensive approach to cyber
security that ensures data and systems are protected against a wide range of threats.
By adhering to these principles, organisations can protect against cyber threats and mitigate the impact of
security incidents. It's essential to understand the importance of each principle and how they work together
to create a strong Defence against cyber-attacks.
Page | 15
The principles of cyber security provide a framework for organisations to implement

effective security measures and protect against cyber threats. By following these
principles and continually evaluating and updating security measures, organisations can
stay ahead of cyber threats and ensure the safety and integrity of their data and systems.
Read more about Fundamental Security Concepts PDF (328KB)
Watch this short video (3m 0s) about Confidentiality, Integrity and Availability | Pluralsight
Watch this short video (1m 19s) about Defence in Depth | Pluralsight
Watch this short video (3m 14s) about Authentication, Authorisation and Accounting
Here’s some examples of principles of cyber security:
❑ Confidentiality: A healthcare provider has an obligation to protect patient records

from unauthorised access. The provider can use encryption to protect electronic
health records (EHRs) and access controls to ensure that only authorised
personnel can access patient information.
❑ Integrity: A financial institution uses data validation checks to ensure that all
financial transactions are accurate and complete. The institution also maintains
backups of all financial data to prevent loss due to system failure or cyber-attacks.
❑ Availability: An e-commerce retailer uses redundancy to ensure that its website

and inventory management systems are available at all times. The retailer also has
a disaster recovery plan in place in case of a system failure or cyber-attack.
❑ Authentication: A government agency uses two-factor authentication to ensure

that only authorised personnel have access to classified information. The agency
also uses access controls to limit access to sensitive data.
❑ Non-reputation: A law firm uses digital signatures to ensure that all legal
documents are authentic and cannot be repudiated by the signatory. The firm also
maintains audit trails of all legal document transactions.
Page | 16
Principles of security architecture
Security architecture is a critical component of cyber security. It provides a framework for designing and
implementing security controls that protect an organisation's digital assets and sensitive information.
Principles of security architecture help guide organisations in developing effective security strategies. In
this section, we will discuss the principles of security architecture, including defence-in-depth, least
privilege, separation of duties and fail-safe defaults.
Defence-in-depth
As discussed in the previous section, Defence-in-depth is the principle of layering security controls to
provide multiple levels of protection against security threats. This principle ensures that if one layer of
Defence is breached, there are other layers in place to prevent further damage. Defence-in-depth can
include physical security controls, network security controls and application security controls.
Least privilege
As discussed in the previous section, least privilege is the principle of limiting access to resources to the
minimum level required to perform a task. This principle ensures that users only have access to the
resources they need to perform their job functions and not to resources that are not required.
Separation of duties
Separation of duties is the principle of dividing job functions among multiple individuals to prevent a single
individual from having too much control over a process. This principle ensures that no single individual has
the ability to perform a critical function without oversight or approval.
Separation of duties is also an important principle of security architecture that refers to the practice of
separating the duties of administrative and non-administrative users to limit the potential impact of a
security breach. The idea behind separation of duties is to prevent a single individual from having too much
control over critical systems and data.
Page | 17
There are several ways to implement separation of duties, including:
• Role-based access control: Role-based access control (RBAC) is a method of granting access
based on a user's job function or role within an organisation. By limiting access to only the resources
and privileges that are necessary for the user's role, RBAC can help to implement separation of
duties.
• Job rotation: Job rotation involves rotating employees to different roles and functions within an
organisation. This can help to prevent any one individual from having too much control over critical
systems and data.
• Two-person control: Two-person control involves requiring two individuals to perform a critical task
or function. This can help to prevent any one individual from having too much control over critical
systems and data.
• Segregation of duties: Segregation of duties involves separating the duties of individuals who have
access to sensitive information or critical systems. For example, one individual may have the ability
to approve transactions, while another individual has the ability to execute transactions.
In summary, separation of duties is a critical principle of security architecture that involves separating the
duties of administrative and non-administrative users to limit the potential impact of a security breach.
Adhering to measures such as role-based access control, job rotation, two-person control and segregation
of duties can help to implement separation of duties and protect against cyber threats.
Fail-safe defaults
Fail-safe defaults are the principle of designing systems and processes to default to a safe state in the
event of an error or failure. This principle ensures that systems and processes do not cause harm or
damage in the event of a failure.
Fail-safe defaults are also an important principle of security architecture that refers to the practice of
configuring systems and applications with secure default settings to minimise the potential for security
breaches. The idea behind fail-safe defaults is to ensure that systems and applications are secure by
default, rather than relying on users to configure them correctly.
There are several ways to implement fail-safe defaults, including:
• Default configuration settings: Default configuration settings should be set to the most secure
options available. This includes settings such as password complexity requirements, network access
controls and encryption settings.
• Automated updates: Automated updates should be enabled for systems and applications to ensure
that security patches and updates are applied as soon as they become available.
• Default denial policies: Default denial policies should be implemented for network access and
application access. This means that by default, no access is granted until it is explicitly allowed.
• Secure by design: Systems and applications should be designed with security in mind from the
start. This means that security features should be built into the design and not added as an
afterthought.
In summary, fail-safe defaults is a critical principle of security architecture that involves configuring systems
and applications with secure default settings to minimise the potential for security breaches. Adhering to
measures such as default configuration settings, automated updates, default denial policies and secure by
design can help to implement fail-safe defaults and protect against cyber threats.
Page | 18
The principles of security architecture are critical in developing effective security

strategies. Defence in depth, least privilege, separation of duties, and fail-safe defaults
provide a framework for designing and implementing security controls that protect an
organisation's digital assets and sensitive information. By implementing these principles,
organisations can better protect themselves from security threats and mitigate the risk of
cyber attacks and other security incidents.
Read more about Security Architecture | GitLab (Go to “Security Architecture Principles”)
Watch this video (11m 40s) about Secure System Design Principles | Pluralsight
Here’s some examples of principles of security architecture:
❑ Defence-in-depth: An e-commerce retailer uses Defence-in-depth by

implementing firewalls to protect its network, intrusion detection and prevention
systems to detect and prevent attacks and antivirus software to protect its systems
and data from malware.
❑ Least Privilege: A financial institution uses least privilege by granting employees

access only to the data and systems required for their job functions. For example,
tellers are only granted access to customer account information, while loan officers
are granted access to loan application data.
❑ Separation of Duties: An accounting firm uses separation of duties by requiring

different individuals to perform accounting functions, such as bookkeeping,
accounts payable and accounts receivable. This ensures that no single individual
has the ability to manipulate financial data without oversight or approval.
❑ Fail-Safe Defaults: A nuclear power plant uses fail-safe defaults by designing its
control systems to shut down in the event of a failure or error, preventing a
catastrophic event.
Page | 19
Different types of cyber security risks
As technology continues to advance, the risks of cyber-attacks and data breaches continue to grow. cyber
security risks can threaten an organisation's digital assets and sensitive information, causing financial
losses, reputational damage, and legal liabilities. In this section, we will discuss the different types of cyber
security risks, including malware, social engineering, phishing, DDoS attacks, Man-in-the-middle attacks,
and password attacks.
Some of these cyber-attacks are also referred as “Common Cyber-Attacks and Threats” in the eBook of
unit ICTCYS407.
Malware
Malware, or malicious software, is a type of cyber

threat that is designed to harm or disrupt computer
systems. Malware can include viruses, worms,
Trojans, ransomware, and other types of malicious
software. Malware can be used to steal sensitive
information, damage systems, and extort money
from victims.
Social Engineering
Social engineering is a type of cyber threat that

exploits human vulnerabilities to gain access to
sensitive information. Social engineering can include
phishing, pretexting, baiting and other tactics that
rely on deception and manipulation. Social
engineering attacks can be difficult to detect and can
have devastating consequences for victims.
Page | 20
Phishing
Phishing is a type of social engineering attack that uses

email, text messages, or other forms of communication to
trick individuals into divulging sensitive information or
downloading malware. Phishing attacks can be highly
sophisticated and can mimic legitimate communications,
making them difficult to detect.
DDoS Attacks
DDoS, or Distributed Denial of Service, attacks

are a type of cyber threat that floods a network or
system with traffic, making it unavailable to users.
DDoS attacks can be used to disrupt business
operations, extort money from victims and launch
other types of cyber-attacks.
Man-in-the-Middle Attacks
Man-in-the-middle attacks are a type of cyber threat

where an attacker intercepts communication between
two parties to steal sensitive information or perform
unauthorised actions. The attacker may be able to
intercept login credentials, financial information, or
other sensitive data.
Password Attacks
Password attacks are a type of cyber threat where an

attacker attempts to guess or crack a password to gain
access to a system or network. Password attacks can
include brute-force attacks and dictionary attacks.
Page | 21
• To protect against malware, organisations can use antivirus software, firewalls

and employee education and training.
• To protect against social engineering, organisations can use employee education

and training, two-factor authentication, and access controls.
• To protect against phishing attacks, individuals and organisations can use email filters, two-factor
authentication and employee education and training.
• To protect against DDoS attacks, organisations can use firewalls, intrusion detection and
prevention systems and content delivery networks.
• To protect against Man-in-the-middle attacks, organisations can use encryption, two-factor

authentication, and secure communication protocols.
• To protect against password attacks, individuals and organisations can use strong and unique
passwords, two-factor authentication, and password management tools.
Cyber Security risks are a growing concern for organisations of all sizes and industries.
Malware, social engineering, phishing, DDoS attacks, Man-in-the-Middle attacks, and
password attacks are just a few of the types of cyber threats that can cause significant
damage to an organisation's digital assets and sensitive information. By understanding
these risks and implementing effective security strategies, organisations can better
protect themselves from cyber-attacks and data breaches.
Read more about Common cyber-attacks and threats | Cyber.gov.au
Watch this short video (3m 39s) about DoS Attack | Pluralsight
Watch this short video (2m 38s) about Wi-Fi Attack | Pluralsight
Watch this short video (4m 08s) about Password Attack | Pluralsight
Watch this short video (3m 27s) about Social Engineering Attack | Pluralsight
Page | 22
Here’s some examples of cyber security risks and attacks:
❑ Malware: In 2017, the WannaCry ransomware attack affected over 200,000

computers in 150 countries, causing significant disruption to business operations
and extorting millions of dollars from victims.
❑ Social Engineering: In 2019, a social engineering attack resulted in the theft of

over $100 million from a multinational technology company. The attackers used
fake emails and other tactics to trick employees into transferring funds to fraudulent
accounts.
❑ Phishing: In 2020, a phishing attack targeted employees of a major US

government agency, resulting in the theft of sensitive information and a major
security breach.
❑ DDoS Attack: In 2016, a DDoS attack targeted the domain name service provider
Dynamic Network Services (Dyn), causing significant disruption to major websites
and services, including Twitter, Netflix, and Amazon.
❑ Man-in-the-Middle Attacks: In 2018, researchers discovered a vulnerability in the

Wi-Fi protocol that allowed for Man-in-the-middle attacks, potentially exposing
sensitive information for millions of devices.
❑ Password Attacks: In 2012, LinkedIn suffered a major security breach where over
6.5 million user passwords were stolen and posted online. The attackers used a
combination of brute-force and dictionary attacks to crack the passwords.
Page | 23
1 Prepare to Design Security Infrastructure

This section of the eBook will focus on how to prepare to design security infrastructure, including how to:
• Analyse an organisation’s operation and infrastructure to identify security requirements
• Research and identify industry standard design methodologies utilised in security architecture design
• Determine required security level and perimeters, security features and security mode
• Establish all data types to be included in security architecture
• Document all security architecture findings and confirm with required personnel
Page | 24
1.1 Analyse an organisation's operation and infrastructure
This content may help you with Assessment: Activity 1.3, 1.4, 2.1 and 2.2
1.1.1 Identifying critical assets

Identifying critical assets is an important part of cyber security risk management. Critical assets are those
that are essential to an organisation's business operations and that, if compromised, could cause
significant harm to the organisation. In this section, we will discuss how to identify critical assets, why it is
important to do so.
This topic is also referred as “What are the defining characteristics of Critical Assets for an organisation?”
in the eBook of unit ICTCYS610.
What are critical assets?
Critical assets are those that are essential to an organisation's business operations and that, if
compromised, could cause significant harm to the organisation. Examples of critical assets can include
customer data, financial information, intellectual property, and business processes.
Why is identifying critical assets important?
Identifying critical assets is important for several reasons. First, it helps organisations prioritise their cyber
security efforts and allocate resources accordingly. By focusing on the protection of critical assets,
organisations can reduce the impact of a cyber security incident and mitigate potential damage. Second,
identifying critical assets can help organisations comply with regulatory requirements, such as those
related to data privacy and security.
How to identify critical assets?
To identify critical assets, organisations can follow a structured process that involves the following steps:
• Conduct a risk assessment: A risk assessment helps organisations identify potential threats and
vulnerabilities to their systems and data. It also helps identify the potential impact of a cyber security
incident on the organisation.
• Identify critical business processes: Critical business processes are those that are essential to an
organisation's operations. Identifying these processes can help organisations prioritise their cyber
security efforts.
Page | 25
• Determine critical data: Critical data is any data that is essential to an organisation's operations and
that, if compromised, could cause significant harm. This can include customer data, financial
information, and intellectual property.
• Identify critical infrastructure: Critical infrastructure includes any hardware, software, or other
technology that is essential to an organisation's operations. This can include servers, networks, and
other IT systems.
Identifying critical assets is an important part of cyber security risk management. Critical
assets are those that are essential to an organisation's business operations and that, if
compromised, could cause significant harm to the organisation. By following a structured
process and involving stakeholders from across the organisation, organisations can
effectively identify their critical assets and prioritise their cyber security efforts accordingly.
1.1.2 Assessing the threat landscape

The threat landscape is constantly evolving, with new cyber threats emerging every day. Assessing the
threat landscape is an important part of cyber security risk management, as it helps organisations identify
potential threats and vulnerabilities to their systems and data. In this section, we will discuss how to assess
the threat landscape, why it is important to do so and some tips for effective assessment.
What is the threat landscape?
The threat landscape is the overall environment in which an organisation operates, including the potential
threats and vulnerabilities to its systems and data. The threat landscape includes external threats, such as
cybercriminals and state-sponsored hackers, as well as internal threats, such as employee negligence or
malicious intent.
Why is assessing the threat landscape important?
Assessing the threat landscape is important for several reasons. First, it helps organisations understand
the potential risks to their systems and data, allowing them to prioritise their cyber security efforts and
allocate resources accordingly. Second, it helps organisations comply with regulatory requirements, such
as those related to data privacy and security. Third, assessing the threat landscape can help organisations
identify potential gaps in their security posture and take steps to address them.
Page | 26
How to assess the threat landscape?
To assess the threat landscape, organisations can follow a structured process that involves the following
steps:
• Identify potential threats: The first step in assessing the threat landscape is to identify potential
threats to the organisation. This can include external threats, such as hackers and cybercriminals, as
well as internal threats, such as employee negligence or malicious intent.
• Analyse potential vulnerabilities: Once potential threats have been identified, the next step is to
analyse potential vulnerabilities to the organisation's systems and data. This can include
vulnerabilities in hardware, software, and other technology, as well as human factors such as
employee training and awareness.
• Assess the likelihood and impact of threats: Once potential threats and vulnerabilities have been
identified, the next step is to assess the likelihood and impact of each threat. This can include
analysing the potential financial and reputational impact of a cyber-attack, as well as the likelihood of
the threat occurring.
• Develop a risk management plan: Based on the likelihood and impact of potential threats,
organisations can develop a risk management plan that prioritises their cyber security efforts and
allocates resources accordingly.
To effectively assess the threat landscape, organisations should involve

stakeholders from across the organisation, including IT, security, legal and business
teams. They can also leverage external sources, such as threat intelligence feeds
and industry groups, to stay up to date on emerging threats.
Assessing the threat landscape is an important part of cyber security risk management.
The threat landscape includes potential threats and vulnerabilities to an organisation's
systems and data, and assessing it helps organisations identify potential risks and
prioritise their cyber security efforts. By following a structured process and involving
stakeholders from across the organisation, organisations can effectively assess the threat
landscape and take steps to protect themselves from potential cyber-attacks.
1.1.3 Understanding the existing security posture

Understanding an organisation's existing security posture is a critical part of cyber security risk
management. The security posture refers to the overall state of an organisation's security, including its
policies, procedures, and technology. In this section, we will discuss how to understand an organisation's
existing security posture, why it is important to do so.
Page | 27
What is the security posture?
The security posture is the overall state of an organisation's security, including its policies, procedures, and
technology. The security posture includes both preventive and detective controls, as well as the
organisation's ability to respond to and recover from security incidents.
Why is understanding the security posture important?
Understanding the security posture is important for several reasons. First, it helps organisations identify
potential security gaps and vulnerabilities, allowing them to take steps to address them. Second, it helps
organisations comply with regulatory requirements, such as those related to data privacy and security.
Third, understanding the security posture can help organisations prioritise their cyber security efforts and
allocate resources accordingly.
How to understand the security posture?
To understand an organisation's security posture, organisations can follow a structured process that
involves the following steps:
• Conduct a security assessment: A security assessment helps organisations identify potential

security gaps and vulnerabilities in their systems and data. A security assessment can include
penetration testing, vulnerability scanning and other techniques to identify potential weaknesses.
• Review existing security policies and procedures: Reviewing existing security policies and
procedures helps organisations identify potential gaps and inconsistencies in their security posture. It
can also help organisations ensure that their policies and procedures are up-to-date and align with
industry standards and best practices.
• Evaluate existing security technology: Evaluating existing security technology helps organisations
determine whether their technology is up-to-date and effective in protecting their systems and data. It
can also help organisations identify potential gaps in their technology, such as outdated software or
hardware.
• Assess security awareness and training: Assessing security awareness and training helps
organisations determine whether their employees are aware of and following security policies and
procedures. It can also help organisations identify potential areas for improvement in their training
programs.
Page | 28
Understanding an organisation's existing security posture is an important part of cyber

security risk management. The security posture includes an organisation's policies,
procedures, and technology, and understanding it helps organisations identify potential
security gaps and vulnerabilities. By following a structured process and involving
stakeholders from across the organisation, organisations can effectively understand their
security posture and take steps to improve their cyber security efforts.
Read more about Protecting Critical Assets
Read more about What is Security Posture? | Balbix
Watch this video (1m 35s) about the Importance of Identifying Mission Critical Assets
Watch this video (8m 28s) about Threats, Vulnerabilities, Exploits | Pluralsight
Watch this short video (2m 14s) about Evaluating Your Organisation’s Security Posture
Watch this short video (2m 39s) about Practices of an Evaluation | Pluralsight
Here’s examples of analysing an organisation's operation and infrastructure:
❑ Identifying critical assets: A financial institution conducts a risk assessment and

identifies its customer data as a critical asset. The institution then prioritises its cyber
security efforts on protecting this data, implementing encryption, access controls and
other security measures to protect against potential breaches.
❑ Assessing threat landscape: A healthcare organisation assesses its threat landscape

and identifies potential threats from cybercriminals seeking to steal patient data. The
organisation analyses potential vulnerabilities in its systems and data, such as outdated
software and weak passwords and assesses the likelihood and impact of a cyber-attack.
The organisation then develops a risk management plan that prioritises its cyber security
efforts on protecting patient data, including implementing encryption, access controls
and other security measures.
❑ Understanding the existing security posture: A financial institution conducts a

security assessment and identifies potential vulnerabilities in its systems and data. The
institution reviews its existing security policies and procedures and identifies potential
gaps in its security posture. The institution then evaluates its existing security technology
and determines that it needs to upgrade its firewalls and intrusion detection systems.
Finally, the institution assesses its security awareness and training and identifies the
need for additional employee training on phishing and social engineering.
Page | 29
1.2 Research and identify industry standard design methodologies
This content may help you with Assessment: Activity 1.5, 2.1 and 2.2
1.2.1 NIST
The National Institute of Standards and Technology (NIST) is a United States government agency that
provides guidance and resources for a wide range of scientific and technological topics, including cyber
security. In this section, we will discuss NIST and its framework for security architecture, why it is important
to follow the framework.
What is NIST?
The National Institute of Standards and Technology (NIST) is a United States government agency that
provides guidance and resources for a wide range of scientific and technological topics. In the realm of
cyber security, NIST has developed a framework for security architecture that provides a comprehensive
approach to managing cyber security risk that is widely used by organisations of all sizes and industries.
Page | 30
Why is the NIST framework for security architecture important?
The NIST framework for security architecture is important for several reasons. First, it provides a structured
approach to managing cyber security risk that can be applied by organisations of all sizes and industries.
Second, it aligns with industry best practices and regulatory requirements, making it a widely recognised
and respected framework. Third, it helps organisations prioritise their cyber security efforts and allocate
resources accordingly.
How to implement the NIST framework for security architecture?
To implement the NIST framework for security architecture, organisations can follow a structured process
that involves the following steps:
• Identify the organisation's business objectives: The first step in implementing the NIST
framework is to identify the organisation's business objectives. This includes identifying the critical
assets that the organisation needs to protect and the potential threats and vulnerabilities to those
assets.
• Develop a risk management plan: Based on the business objectives and identified threats and
vulnerabilities, organisations can develop a risk management plan that prioritises their cyber security
efforts and allocates resources accordingly.
• Implement security controls: To protect against potential threats and vulnerabilities, organisations
can implement security controls that align with the NIST framework. This includes preventive and
detective controls, such as firewalls, intrusion detection systems and access controls.
• Monitor and update security posture: To maintain an effective security posture, organisations must
continually monitor their systems and data for potential threats and vulnerabilities. They must also
update their security controls and policies as new threats emerge and as their business objectives
change.
NIST has developed several frameworks for security architecture that provide a comprehensive approach
to managing cyber security risk. Some of the key frameworks are:
• NIST cyber security framework: The NIST cyber security Framework is a voluntary framework that
provides a set of guidelines for organisations to manage and reduce cyber security risk. It consists of
five core functions: Identify, Protect, Detect, Respond and Recover.
• NIST risk management framework (RMF): The NIST Risk Management Framework provides a
structured approach to managing cyber security risk that aligns with federal government
requirements. It consists of six steps: Categorise, Select, Implement, Assess, Authorise and Monitor.
• NIST security and privacy controls for federal information systems and organisations (SP
800-53): The NIST SP 800-53 provides a catalogue of security and privacy controls for federal
information systems and organisations. It covers a wide range of controls, including access controls,
identification and authentication and incident response.
• NIST cloud computing reference architecture: The NIST Cloud Computing Reference Architecture
provides a framework for organisations to securely and effectively deploy cloud computing
technologies. It consists of five components: Provider, Consumer, Broker, Auditor and Carrier.
These frameworks provide a structured approach to managing cyber security risk and are widely
recognised and respected by organisations of all sizes and industries.
Page | 31
The NIST framework for security architecture is an important resource for organisations
of all sizes and industries. It provides a structured approach to managing cyber security
risk that aligns with industry best practices and regulatory requirements. By following a
structured process and involving stakeholders from across the organisation,
organisations can effectively implement the NIST framework for security architecture and
take steps to protect their critical assets from potential cyber threats.
1.2.2 ISO
What is ISO?
The International Organisation for Standardisation (ISO) is an independent, non-governmental

international organisation that develops standards for a wide range of industries, including cyber security.
In the realm of cyber security, ISO has developed a series of standards for security architecture that provide
a comprehensive approach to managing cyber security risk. In this section, we will discuss ISO and its
standards for security architecture, why it is important to follow the standards.
Why is ISO's standard for security architecture important?
ISO's standard for security architecture is important for several reasons. First, it provides a structured
approach to managing cyber security risk that aligns with industry best practices and regulatory
requirements. Second, it helps organisations prioritise their cyber security efforts and allocate resources
accordingly. Third, it is widely recognised and respected by organisations of all sizes and industries.
How to implement ISO's standard for security architecture?
To implement ISO's standard for security architecture, organisations can follow a structured process that
involves the following steps:
• Identify the organisation's business objectives: The first step in implementing ISO's standard for
security architecture is to identify the organisation's business objectives. This includes identifying the
critical assets that the organisation needs to protect and the potential threats and vulnerabilities to
those assets.
Page | 32
• Develop a risk management plan: Based on the business objectives and identified threats and
vulnerabilities, organisations can develop a risk management plan that prioritises their cyber security
efforts and allocates resources accordingly.
• Implement security controls: To protect against potential threats and vulnerabilities, organisations
can implement security controls that align with ISO's standard for security architecture. This includes
preventive and detective controls, such as firewalls, intrusion detection systems and access controls.
• Monitor and update security posture: To maintain an effective security posture, organisations must
continually monitor their systems and data for potential threats and vulnerabilities. They must also
update their security controls and policies as new threats emerge and as their business objectives
change.
ISO has developed several standards for security architecture that provide a comprehensive approach to
managing cyber security risk. Some of the key standards are:
• ISO/IEC 27001: The ISO/IEC 27001 is a standard for information security management systems
(ISMS) that provides a framework for managing and protecting sensitive information using a risk
management approach. It covers a wide range of controls, including access controls, physical
security, and incident management.
• ISO/IEC 27002: The ISO/IEC 27002 provides guidelines for implementing and maintaining security
controls that are aligned with ISO/IEC 27001. It covers a wide range of topics, including information
security policies, asset management and network security.
• ISO/IEC 27005: The ISO/IEC 27005 provides guidelines for conducting risk assessments that are
aligned with ISO/IEC 27001. It covers a wide range of topics, including risk identification, risk
analysis and risk evaluation.
• ISO/IEC 27032: The ISO/IEC 27032 provides guidelines for cyber security that are aligned with
ISO/IEC 27001. It covers a wide range of topics, including cyber security risk management, cyber
security incident management and cyber security information sharing.
These standards provide a structured approach to managing cyber security risk and are widely recognised
and respected by organisations of all sizes and industries.
ISO's standard for security architecture is an important resource for organisations of all
sizes and industries. It provides a structured approach to managing cyber security risk
that aligns with industry best practices and regulatory requirements. By following a
structured process and involving stakeholders from across the organisation,
organisations can effectively implement ISO's standard for security architecture and take
steps to protect their critical assets from potential cyber threats.
Page | 33
1.2.3 SABSA
What is SABSA?
The Sherwood Applied Business Security Architecture (SABSA) is a methodology for developing security
architecture that aligns with business objectives. SABSA is a holistic approach that considers the
organisation's business goals, processes and systems, as well as the risks and threats facing the
organisation. It provides a structured framework for developing security architecture that is flexible and
adaptable to changing business needs and evolving security threats. In this section, we will discuss SABSA
and its methodology for security architecture, why it is important to follow the methodology.
Why is SABSA important for security architecture?
SABSA is important for several reasons. First, it provides a structured and holistic approach to developing
security architecture that aligns with business objectives. Second, it emphasises the importance of
understanding the organisation's business goals and processes to develop effective security controls.
Third, it helps organisations prioritise their cyber security efforts and allocate resources accordingly.
How to implement SABSA for security architecture?
To implement SABSA for security architecture, organisations can follow a structured process that involves
the following steps:
• Contextualise the organisation's business goals and objectives: The first step in implementing
SABSA for security architecture is to contextualise the organisation's business goals and objectives.
This includes understanding the organisation's business strategy, processes, and systems, as well
as the risks and threats facing the organisation.
• Develop a risk management plan: Based on the contextualisation, organisations can develop a risk
management plan that prioritises their cyber security efforts and allocates resources accordingly.
• Develop a security architecture blueprint: To protect against potential threats and vulnerabilities,
organisations can develop a security architecture blueprint that aligns with the SABSA methodology.
This includes preventive and detective controls, such as firewalls, intrusion detection systems and
access controls.
• Implement and monitor the security architecture: To maintain an effective security posture,
organisations must continually implement and monitor their security architecture. This includes
updating their security controls and policies as new threats emerge and as their business objectives
change.
Page | 34
Some of the key components of SABSA's methodology for security architecture include:
• Business attributes: SABSA emphasises the importance of understanding the organisation's

business attributes, including its business strategy, goals, processes, and systems. By understanding
the organisation's business attributes, security architects can develop security solutions that align
with the organisation's objectives.
• Risk management: SABSA promotes a risk management approach to security architecture. This
involves identifying potential threats and vulnerabilities to the organisation's critical assets and
developing controls to mitigate those risks.
• Security services: SABSA's methodology includes developing a set of security services that align
with the organisation's business objectives. These security services can be used to address specific
security challenges or to provide overall protection for the organisation's critical assets.
• Architectural framework: SABSA's methodology includes developing an architectural framework for

security architecture. This framework consists of a set of models that describe the organisation's
business attributes, the security services provided, and the security infrastructure required to support
those services.
• Implementation: SABSA emphasises the importance of effective implementation of security

architecture. This involves deploying security solutions that align with the organisation's business
objectives and monitoring and updating those solutions as needed to address new threats and
changing business needs.
These components provide a structured approach to developing security architecture that is flexible and
adaptable to changing business needs and evolving security threats.
SABSA is a holistic and flexible methodology for developing security architecture that
aligns with business objectives. By contextualising the organisation's business goals and
processes and developing a risk management plan, organisations can prioritise their
cyber security efforts and allocate resources accordingly. By developing a security
architecture blueprint that aligns with the SABSA methodology and continually monitoring
and updating the security posture, organisations can effectively protect their critical
assets from potential cyber threats.
1.2.4 TOGAF (The Open Group Architecture Framework)

What is TOGAF?
TOGAF (The Open Group Architecture Framework) is a widely recognised enterprise architecture
framework that provides a systematic approach to designing, planning, implementing, and managing
information technology (IT) architectures. Developed by The Open Group, TOGAF offers a set of tools,
techniques, and methodologies to help organisations create a structured and systematic approach to
ensure their IT architectures are aligned with their business objectives and can effectively respond to
evolving technological challenges. It includes the Architecture Development Method (ADM), a detailed
process for developing and maintaining enterprise architecture. By incorporating security considerations
into the ADM, organisations can ensure that their IT architectures are secure and resilient.
Page | 35
Why is TOGAF important for security architecture?
TOGAF is important for security architecture for several reasons:
• Holistic approach: TOGAF's Architecture Development Method (ADM) covers all aspects of IT
architecture, including security, ensuring that security considerations are integrated throughout the
entire architecture development process.
• Risk management: TOGAF encourages a risk-based approach to IT architecture, helping

organisations identify and prioritise security risks and design appropriate security controls to mitigate
those risks.
• Standardisation: As a widely recognised industry standard, TOGAF promotes the use of

standardised practices, tools, and techniques, which can help organisations create consistent and
coherent security architectures.
• Alignment with business objectives: TOGAF emphasises the importance of aligning IT

architectures with business objectives, ensuring that security architectures are designed to support
the organisation's overall goals and risk appetite.
• Flexibility: TOGAF is adaptable and can be tailored to the specific needs of an organisation,
allowing for the integration of other security frameworks, guidelines, and best practices.
How to implement TOGAF for security architecture?
To implement TOGAF for security architecture, follow these steps:
• Integrate security throughout the ADM: Incorporate security considerations at each stage of the
ADM, from preliminary planning to ongoing management. This ensures that security is addressed
consistently throughout the architecture development process.
• Assess risks: Identify and prioritise security risks based on the potential impact and likelihood of
threats. This helps to focus security efforts on the most critical areas and ensures that resources are
allocated effectively.
Page | 36
• Design security controls: Develop security controls that are aligned with the organisation's risk
appetite and business objectives. These controls should address the identified risks and be
integrated into the overall IT architecture.
• Leverage TOGAF's reference models: Use the Technical Reference Model (TRM) and Integrated
Information Infrastructure Reference Model (III-RM) as starting points for designing secure
architectures. These reference models provide a common language and taxonomy for describing IT
architectures and can be tailored to include specific security requirements.
• Collaborate with stakeholders: Engage with various stakeholders, such as business leaders,
security teams and IT professionals, to ensure alignment and consensus on security requirements
and controls.
• Monitor and review: Regularly monitor and review the security architecture to ensure it remains
effective and up to date. As threats, technologies and business objectives evolve, the security
architecture should be adapted accordingly.
Remember that TOGAF is a flexible and adaptable framework that can be tailored to your
organisation's specific needs and can be integrated with other security frameworks and
best practices. By following the steps outlined above and maintaining a risk-based
approach to security, your organisation can develop a robust and resilient security
architecture that supports your business objectives.
Read more about 10 Security Frameworks Every Cybersecurity Analyst Should Know –
The Cybersecurity Man
Watch this video (5m 43s) about What is NIST? | Pluralsight
Watch this short video (1m 55s) about CSF Components | Pluralsight
Watch this video (4m 56s) about What is the ISO 27001 Standard? | Pluralsight
Watch this short video (2m 10s) about What is SABSA? - YouTube
Watch this short video (2m 05s) about TOGAF 10 explained in two minutes - YouTube
Watch this video (5m 05s) about TOGAF 9.1 - YouTube
Page | 37
Here’s examples of Industry Standard Design Methodologies:
❑ NIST: A healthcare organisation implements the NIST framework for security

architecture by identifying its critical assets, including patient data and intellectual
property. The organisation develops a risk management plan that prioritises its
cyber security efforts on protecting these assets. The organisation then implements
security controls, such as access controls and encryption, to protect against
potential threats and vulnerabilities. Finally, the organisation monitors and updates
its security posture to ensure that it remains effective in protecting its critical assets.
❑ ISO’s: A financial institution implements ISO's standard for security architecture by

identifying its critical assets, including customer data and financial records. The
institution develops a risk management plan that prioritises its cyber security efforts
on protecting these assets. The institution then implements security controls, such
as access controls and encryption, to protect against potential threats and
vulnerabilities. Finally, the institution monitors and updates its security posture to
ensure that it remains effective in protecting its critical assets.
❑ SABSA: A retail organisation implements SABSA for security architecture by

contextualising its business goals and objectives, including identifying its critical
assets and the potential threats and vulnerabilities to those assets. The
organisation develops a risk management plan that prioritises its cyber security
efforts on protecting these assets. The organisation then develops a security
architecture blueprint that aligns with the SABSA methodology, including
implementing preventive and detective controls, such as access controls and
encryption. Finally, the organisation monitors and updates its security posture to
ensure that it remains effective in protecting its critical assets.
❑ TOGAF: A manufacturing company implements TOGAF for security architecture

by integrating security considerations at each stage of the Architecture
Development Method (ADM). They use TOGAF's reference models to design a
secure architecture aligned with business objectives and risk appetite. The
company implements security controls like access controls and encryption and
regularly monitors and updates the security architecture to ensure effectiveness
against evolving threats.
Page | 38
1.3 Determine security level and perimeters, security features and security
mode
One of the key steps in developing an effective security architecture is determining the required security
level and perimeters. This involves identifying the critical assets that need to be protected, the potential
threats and vulnerabilities to those assets and the appropriate security controls to mitigate those risks. In
this section, we will discuss the process for determining the required security level and perimeters, why it
is important to follow the process.
• Identify critical assets: The first step in determining the required security level and perimeters is to
identify the critical assets that need to be protected. These assets may include data, systems,
facilities, or personnel.
• Assess risks: Once the critical assets have been identified, the next step is to assess the risks to
those assets. This involves identifying potential threats and vulnerabilities to the assets and the
potential impact of those risks on the organisation.
• Determine security requirements: Based on the risk assessment, the organisation can determine
the security requirements necessary to mitigate the identified risks. This may include implementing
access controls, intrusion detection systems, or encryption, among other measures.
• Establish security perimeters: Once the security requirements have been identified, the
organisation can establish security perimeters to control access to the critical assets. This may
involve implementing physical security measures, such as locks or biometric controls, or logical
security measures, such as firewalls or access controls.
• Determine the required security level: Based on the identified security perimeters and security
requirements, the organisation can determine the required security level for each critical asset. This
may involve assigning a level of protection based on the sensitivity of the asset and the potential
impact of a security breach.
Page | 39
Determining the required security level and perimeters is a critical step in developing an
effective security architecture. By identifying critical assets, assessing risks, determining
security requirements, establishing security perimeters, and determining the required
security level, organisations can effectively protect their critical assets from potential
cyber threats. By involving stakeholders from across the organisation and following a
structured process, organisations can ensure that their security architecture aligns with
their business objectives and effectively mitigates potential risks.
1.3.1 Security levels

The security level of data is determined by considering the sensitivity of the data and the type of data.
Data sensitivity
Data sensitivity is usually categorised by the following three levels:
1. High sensitivity: This data must be secured and monitored to protect it from threat actors. It often
falls under compliance regulations as information that requires strict access controls that also
minimise the number of users who can access the data.
2. Medium sensitivity: Files and data that cannot be disclosed to the public, but a data breach would
not pose a significant risk could be considered medium risk. It requires access controls like high-
sensitivity data, but a wider range of users can access it.
3. Low sensitivity: This data is typically public information that doesn't require much security to protect
it from a data breach.
Here are some examples of data sensitivity that could be categorised as high, medium, and low.
→ High sensitivity: Suppose your company collects credit card numbers as a payment method from
customers buying products. This data should have strict authorisation controls, auditing to detect
access requests, and encryption applied to stored and transmitted data. A data breach would likely
cause harm to both the customer and the organisation, so it should be classified as highly sensitive
with strict cyber security controls.
→ Medium sensitivity: For every third-party vendor, you have a contract with signatures executing an
agreement. This data would not harm customers, but it still is sensitive information describing
business details. These files could be considered medium sensitive.
→ Low sensitivity: Data for public consumption could be considered low sensitivity. For example,
marketing material published on your site would not need strict controls since it’s publicly available
and created for a general audience.
Page | 40
Type of data
The type of data can typically be defined by the following four categories:
1. Public Data: This data is available to the public either locally or over the internet. Public data
requires little security because its disclosure would not violate compliance.
2. Internal-Only Data: Memos, intellectual property, and email messages are a few examples of data
that should be restricted to internal employees.
3. Confidential Data: The difference between internal-only data and confidential data is that
confidential data requires clearance to access it. You can assign clearance to specific employees or
authorised third-party vendors.
4. Restricted Data: Restricted data usually refers to information that only authorised individuals can
access. Disclosure of restricted data may result in irrefutable damage to corporate revenue and
reputation.
Security levels
The security levels commonly used are outlined below:
Security level Sensitivity Type of data
High High Restricted, Confidential
Medium Medium Internal-Only
Low Low Public
1.3.2 Risk assessments

This topic is also referred as “What is the importance of understanding Risk for an organisation's Critical
Infrastructure” in the eBook of unit ICTCYS610.
One of the key components of developing an effective security architecture is conducting a risk
assessment. Risk assessment involves identifying potential risks to an organisation's critical assets and
developing appropriate security controls to mitigate those risks. In this section, we will discuss the process
of conducting a risk assessment, why it is important to follow the process.
Page | 41
• Identify assets: The first step in conducting a risk assessment is to identify the assets that need to
be protected. This may include data, systems, facilities, or personnel.
• Identify threats: Once the assets have been identified, the next step is to identify the potential
threats to those assets. This may include natural disasters, cyber-attacks, or human error, among
other threats.
• Identify vulnerabilities: Once the threats have been identified, the next step is to identify the
vulnerabilities that may be exploited by those threats. This may include outdated software, weak
passwords, or physical security weaknesses.
• Assess impact: Once the threats and vulnerabilities have been identified, the next step is to assess
the potential impact of a security breach. This may include financial loss, reputational damage, or
legal consequences.
• Assess likelihood: Once the potential impact has been assessed, the next step is to assess the
likelihood of a security breach occurring. This may involve considering historical data, industry
trends, or current events.
• Determine risk level: Based on the assessment of impact and likelihood, the organisation can
determine the level of risk associated with each asset. This may involve assigning a risk score based
on the severity of the potential impact and the likelihood of a security breach.
• Develop security controls: Once the risk level has been determined, the organisation can develop
appropriate security controls to mitigate the identified risks. This may include implementing access
controls, intrusion detection systems, or encryption, among other measures.
Conducting a risk assessment is a critical component of developing an effective security

architecture. By identifying critical assets, assessing potential threats and vulnerabilities,
and determining appropriate security controls, organisations can effectively mitigate
potential risks and protect their critical assets from cyber threats. By involving
stakeholders from across the organisation and following a structured process,
organisations can ensure that their security architecture aligns with their business
objectives and effectively mitigates potential risks.
1.3.3 Security classifications

In the world of cyber security, security classifications are used to categorise assets based on their level of
sensitivity and the level of protection required. This provides a structured approach to ensuring that critical
assets are protected based on their level of importance to the organisation. In this section, we will discuss
the process of security classification, why it is important to follow the process and some tips for effective
implementation.
• Identify assets: The first step in the security classification process is to identify the assets that need
to be protected. This may include data, systems, facilities, or personnel.
Page | 42
• Assess sensitivity: Once the assets have been identified, the next step is to assess the sensitivity
of each asset. This may involve considering the value of the asset to the organisation, the potential
impact of a security breach and any legal or regulatory requirements for protecting the asset.
• Determine security requirements: Based on the assessment of sensitivity, the organisation can
determine the appropriate level of protection required for each asset. This may involve implementing
access controls, encryption, or other security measures.
• Develop security classifications: Once the appropriate level of protection has been determined,
the organisation can develop security classifications for each asset. This may involve assigning a
classification level based on the sensitivity of the asset and the level of protection required.
There are several commonly used security classification systems around the world, such as:
o The US Government's National Institute of Standards and Technology (NIST) Special

Publication 800-60
o The UK Government's Security Policy Framework
o The Australian Government's Protective Security Policy Framework
o The Canadian Government's Security Control Catalogue
• Implement security controls: Once the security classifications have been developed, the
organisation can implement appropriate security controls to ensure that assets are protected
according to their classification level.
• To effectively classify assets and develop appropriate security controls,

organisations should involve stakeholders from across the organisation, including IT,
security, legal and business teams.
• Organisations should regularly review and update their security classifications and controls to ensure
that they remain effective and aligned with the organisation's objectives.
Page | 43
Read more about How to Perform a Successful IT Risk Assessment
Read more about Cybersecurity Risk Assessment: Components + How to Perform
Read more about Security and Privacy Controls for Information Systems and
organisations (NIST SP 800-53)
Watch this video (15m 23s) about IT Risk Assessment for ISACA® CRISC™ | Pluralsight
Watch this short video (1m 37s) about How to Perform IT Security Risk Assessment
Watch this short video (4m 37s) about Information Security Risk Management for CISM®
Watch this short video (3m 33s) about Asset, Threat, Vulnerability and Risk
Here’s examples of Security Level and Perimeters:
❑ A healthcare organisation determines the required security level and perimeters for its
electronic health records (EHR) system. The organisation identifies the EHR system
as a critical asset and assesses the risks to the system, including potential threats and
vulnerabilities. Based on the risk assessment, the organisation determines the security
requirements necessary to mitigate the identified risks, including implementing access
controls, encryption, and intrusion detection systems. The organisation then
establishes security perimeters to control access to the EHR system, including
implementing firewalls and access controls. Finally, the organisation determines the
required security level for the EHR system based on the identified security perimeters
and requirements.
❑ An e-commerce organisation conducts a risk assessment for its online payment

system. The organisation identifies the payment system as a critical asset and
assesses the potential threats and vulnerabilities, including cyber-attacks and human
error. Based on the assessment, the organisation determines the potential impact of a
security breach, including financial loss and reputational damage. The organisation
also assesses the likelihood of a security breach occurring based on historical data
and industry trends. The organisation then determines the risk level associated with
the payment system and develops appropriate security controls, including
implementing access controls, encryption, and intrusion detection systems.
❑ An e-commerce organisation classifies its customer data based on sensitivity. The

organisation identifies the customer data as a critical asset and assesses the potential
impact of a security breach, including reputational damage and legal consequences.
Based on the sensitivity assessment, the organisation determines that the customer
data requires a high level of protection, including access controls, encryption, and
intrusion detection systems. The organisation then develops security classifications for
the customer data, including assigning a classification level based on the sensitivity of
the data.
Page | 44
1.3.4 Security zones

In the world of cyber security, security zones are used to segment networks and systems based on their
level of sensitivity and the level of protection required. This provides a structured approach to ensuring that
critical assets are protected based on their level of importance to the organisation. In this section, we will
discuss the process of security zoning and why it is important to follow the process.
There are several commonly used security zoning models, such as:
• The Defence-in-Depth model, which uses multiple layers of security controls to protect assets
• The Zero Trust model, which assumes that all network traffic is potentially malicious and requires
authentication and Authorisation for all access
• The Perimeter model, which uses a physical or virtual boundary to separate internal and external
networks and systems
Defence-in-Depth model
As already presented at the beginning of this eBook, the Defence-in-Depth model is a security zoning
model that uses multiple layers of security controls to protect assets. The model is based on the principle
that no single security measure can provide complete protection against all potential threats and that a
combination of different security controls is necessary to provide comprehensive protection.
The Defence-in-Depth model typically involves the implementation of multiple layers of security controls,
including:
• Physical security controls: These controls involve the use of physical barriers, such as fences,
gates, and security cameras, to restrict access to sensitive areas.
• Network security controls: These controls involve the use of firewalls, intrusion detection and
prevention systems and other network-based security measures to prevent unauthorised access to
networks and systems.
• Operating system security controls: These controls involve the use of access controls, encryption,
and other security measures to protect operating systems from unauthorised access and malicious
software.
• Application security controls: These controls involve the use of security measures such as
authentication, encryption, and secure coding practices to protect applications from unauthorised
access and malicious attacks.
• User awareness training: This involves training employees on how to identify and respond to
potential security threats, such as phishing scams and social engineering attacks.
The Defence-in-Depth model is an effective approach to security zoning because it provides multiple layers
of protection against potential threats and reduces the likelihood of a successful attack even if one layer of
security is breached. By using a combination of physical, network, operating system, application and user
awareness controls, organisations can create a comprehensive security architecture that is well suited to
their specific needs.
Page | 45
Image 1 Defence-in-Depth model
The Defence-in-Depth model is a security zoning model that involves the use of multiple
layers of security controls to protect assets. The model is based on the principle that no
single security measure can provide complete protection against all potential threats, and
that a combination of different security controls is necessary to provide comprehensive
protection.
Zero Trust model
The Zero Trust model is a security zoning model that assumes that all network traffic is potentially malicious
and requires authentication and Authorisation for all access, both inside and outside the organisation's
network. The Zero Trust model is based on the principle of "never trust, always verify."
Traditionally, network security models have relied on the concept of a perimeter, which assumes that all
traffic originating from inside the network is trusted and only traffic originating from outside the network is
considered potentially malicious. However, with the rise of cloud computing, mobile devices and remote
work, the perimeter-based approach is becoming increasingly outdated and less effective.
Page | 46
The Zero Trust model involves the implementation of several security controls, including:
• Network segmentation: This involves dividing the network into smaller, more secure segments and
controlling access between these segments.
• Identity and access management: This involves the use of strong authentication and Authorisation
controls, such as multi-factor authentication, to verify the identity of users and devices before
granting access to resources.
• Continuous monitoring: This involves the use of real-time monitoring and analysis of network traffic
to detect potential security threats and anomalous behaviour.
• Least privilege: This involves granting users and devices the minimum level of access required to
perform their tasks and no more.
• Encryption: This involves the use of encryption to protect sensitive data in transit and at rest.
The Zero Trust model is an effective approach to security zoning because it assumes that all network traffic
is potentially malicious and requires authentication and authorisation for all access, both inside and outside
the organisation's network. By implementing network segmentation, strong identity and access controls,
continuous monitoring, least privilege and encryption, organisations can create a comprehensive security
architecture that is well suited to the modern IT landscape.
Page | 47
The Zero Trust model is a security zoning model that assumes that all network traffic is
potentially malicious and requires authentication and authorisation for all access, both
inside and outside the organisation's network. The model involves the implementation of
several key security controls, including network segmentation, identity and access
management, continuous monitoring, least privilege, and encryption.
Perimeter model
The Perimeter model is a security zoning model that uses a physical or virtual boundary to separate internal
and external networks and systems. The model is based on the principle of controlling access to sensitive
resources by creating a secure boundary around them.
Traditionally, the perimeter model has been the most common approach to network security. The model
involves the use of firewalls, intrusion detection systems and other security measures to protect the
network perimeter from external threats.
On its face, it’s not too difficult to understand. However, actually protecting what used to be a closed-off
space physically connected to servers, computers, and printers becomes tricky when the very concept of
a perimeter evolves with the advent of new technology around it.
IT perimeter security is a constantly evolving process. Any electronic security perimeter is vulnerable to
and defined by the onslaught of new technology, we know in order to protect an organisation’s data the IT
perimeter security must adopt the latest practices and tools to keep pace.
Consider the remote workforce, for example. The transition from a more traditional office and the ability for
employees to work from their own devices presents a new set of challenges for IT departments trying to
keep the peace throughout a corporate network. No longer defined by physical limits, the modern
organisation needs perimeter security dedicated to protecting the constantly shifting entry and exit points
of its private network.
The Perimeter model typically involves the following security controls:
• Firewalls: These are hardware or software devices that control access to the network by filtering
traffic based on predefined rules.
• Intrusion detection and prevention systems: These are security measures that monitor network
traffic for potential security threats and can block or alert administrators to potential threats.
• Virtual Private Networks (VPNs): These are secure communication channels that allow users to
securely connect to the network from remote locations.
• Access controls: These are security measures that restrict access to resources based on user
identity, role, or other predefined criteria.
Page | 48
While the perimeter model is still commonly used, it has some limitations. With the rise of cloud computing,
mobile devices and remote work, the perimeter model is becoming increasingly difficult to maintain and
can leave organisations vulnerable to internal threats and attacks that bypass the perimeter defences.
The Perimeter model is a security zoning model that uses a physical or virtual boundary
to separate internal and external networks and systems. The model involves the use of
firewalls, intrusion detection and prevention systems, virtual private networks, and access
controls to protect the network perimeter from external threats. While the perimeter model
is still commonly used, it has some limitations and is becoming increasingly difficult to
maintain in the modern IT landscape.
1.1.1 Security features

Below are some common application security features for you to consider when analysing the needs of
your organisational security architecture:
1. Password security
The following password features are critical to that goal:
o Enforceable minimum password strength options for administrators
o Enforceable password expiration options for administrators
o Password reuse prevention
o Password reset controls
o Multifactor and two-factor authentication enforcement option for administrators
Page | 49
2. Security activity notifications
You may want notifications to be sent via email or other means to the user when:
o There are several incorrect login attempts when a user enters an incorrect password, yet
with a correct email address or username.
o There is a login from a new device or browser.
o Logging in from a different geographic location than usual.
o The password for an account changes.
3. Password attempt threshold/ account lockout
It is recommended (as a minimum) account lockout for a duration of 30 minutes, or until an

administrator unlocks the account conditional to the following rules:
o More than five failed login attempts within six hours from one user
o More than 50 failed login attempts from one IP address within one hour
4. Third-party data backup support/data export support
Applications today contain tons of data. Which is why it is important to have data backup support
and data export support. Best practice for data export features is in a human-readable, and easily
portable, or transferrable format.
In fact, this “portability” is often a privacy requirement in many new privacy regulations. So, it is not
only an application security feature, but it also helps you and your customers comply with data
protection and privacy standards.
5. Single sign-on
The benefit of SSO is the ease of use and improved efficiency of sign-in. It also helps curb
Password Fatigue.
6. Soft delete
When users flag items or select items to delete, a good application feature to have is a soft delete
feature. A soft delete application feature means that a deleted object not actually deleted, at least
initially.
Soft delete merely flags as “deleted” and makes it unavailable in the live production database or
corresponding bucket. Think of how most operating systems have a “Trash” where your files are
stored. You can restore those files before they are actually deleted.
This feature intends to prevent data loss in the case that it was unintentional and needs to be
reversed. It may also help if the delete was malicious and intentional. Once an item is flagged for
deletion/removal you want to set a retention period and then the item can be permanently deleted
after that period ends.
Page | 50
7. IP whitelisting
In the cases where your customer requires its users to use a VPN to access a service, IP
whitelisting may be a useful application feature. IP whitelisting is the process of pre-vetting accepted
IP addresses that are able to connect to the service.
This feature allows your application to deny any IP that is not on the IP whitelist. A VPN will have a
set range of IP addresses or a subnet that will be included in the whitelist — this will allow only the
VPN to be able to connect to the service. This feature will only be relevant to customers that process
very sensitive data or are operating within regulated industries.
8. Active directory/google, etc employee directory features
Many large and medium-sized organisations use an active directory for Identity and Access
Management (IAM) such as managing users, assigning permissions and roles on a traditional
“security zone” network.
More commonly today there are cloud based IAM solutions being offered such as Azure AD, AWS
Identity and Access Management (IAM), and Okta to name a few.
9. Data retention controls
Administrators should be able to enforce their organisation’s specific data retention strategies or
requirements.
For example, the Payment Card Industry has data retention standards and requirements as part of
their compliance. Therefore, as part of their due diligence in strategic sourcing, they need features
that are cognizant of their data retention needs.
10. Automation
From a security standpoint, automation can be a huge force multiplier to the effectiveness of an
application. But there are a couple of points to be aware of and consider when automating
processes and tasks.
First, ensure that any automated processes or APIs have minimum permissions to be functional and
perform authenticated tasks. Then, you want accounts and application instances to be secure by
default.
11. Sessions
It is important that when an administrator modifies, deletes or removes an account that they have
the added feature of cutting off active sessions with that deleted user account. When an account is
deleted or has a password changed, all existing sessions should, therefore, be deleted immediately.
Page | 51
1.1.2 Security mode

Security modes refer to information systems security modes of operations used in mandatory access
control (MAC) systems. Often, these systems contain information at various levels of security
classification. The mode of operation is determined by:
• The type of users who will be directly or indirectly accessing the system.
• The type of data, including classification levels, compartments, and categories, that are processed
on the system.
• The type of levels of users, their need to know, and formal access approvals that the users will have.
The four modes of operation are:
• Dedicated security mode (all users can access all data).
• System high security mode (on a need-to-know basis, all users can access limited data).
• Compartmented security mode (on a need-to-know basis, all users can access limited data as per
the formal access approval).
• Multilevel security mode (on a need-to-know basis, all users can access limited data as per formal
access approval and clearance).
In any mode, you need to know about three aspects: security clearance, access approval or
authorisation and ‘need to know’.
Let’s look at each of these in more detail:
1. Dedicated security mode:
• User must have a security clearance that permits access to ALL information.
• User must have access approval or authorisation to access ALL information.
• User must have valid need to know for ALL information.
In summary: in dedicated mode, all users can access ALL data.
2. System high security mode
• User must have access approval or authorisation to access ALL information.
• User must have valid need to know for SOME information.
In summary: all users can access SOME data, based on their need to know.
3. Compartmented security mode
• User must have access approval or authorisation to access SOME information.
In summary: all users can access SOME data, based on their need to know and formal access approval.
Page | 52
4. Multilevel security mode
• User must have a security clearance that permits access to SOME information.
In summary: all users can access SOME data, based on their need to know, clearance and formal
access approval.
Read more about What is Defense in Depth? Defined and Explained | Fortinet
Read more about Defense-in-Depth | Imperva
Read more about What is a Zero Trust Architecture - Palo Alto Networks
Read more about Zero Trust Business Plan | Microsoft
Read more about Traditional perimeter-based network defence is obsolete—transform to

a Zero Trust model | Microsoft
Watch the following Plurasight videos:
• (6m 22s) about Defense in Depth | Pluralsight
• (4m 45s) about Defense in Depth: Level 1: Personnel | Pluralsight
• (2m 9s) about Defense in Depth: Level 2: Processes | Pluralsight
• (2m 23s) about Defense in Depth: Level 3: Technologies | Pluralsight
• (1m 21s) about Defense in Depth: Level 4: The Network | Pluralsight
• (3m 26s) about The Fundamentals of Zero Trust Architecture | Pluralsight
• (7m 21s) about Implementing Zero Trust | Pluralsight
Page | 53
1.4 Establish all data types to be included in security architecture
As part of the security architecture design process, it is important to identify all data types that will be
included in the security architecture. This includes data that is stored, processed, or transmitted by the
organisation and can include sensitive data such as personal information, financial data, and intellectual
property. In this section, we will discuss the importance of establishing all data types, the process for
identifying data types:
• Identify data sources: The first step in establishing all data types is to identify the sources of data
within the organisation. This may include databases, file systems, network traffic and other sources.
• Categorise data: Once the data sources have been identified, the next step is to categorise the data
based on its level of sensitivity and the level of protection required. This may involve considering
factors such as the value of the data to the organisation, the potential impact of a security breach
and any legal or regulatory requirements for protecting the data.
• Determine security requirements: Based on the categorisation of data, the organisation can
determine the appropriate level of protection required for each data type. This may involve
implementing access controls, encryption, or other security measures.
• Develop data handling policies: Once the appropriate level of protection has been determined, the
organisation can develop data handling policies for each data type. This may involve specifying who
has access to the data, how it is transmitted and stored and how it is disposed of when no longer
needed.
• Implement data protection controls: Once the data handling policies have been developed, the
organisation can implement appropriate data protection controls to ensure that each data type is
protected according to its sensitivity level.
Establishing all data types is a critical component of an effective security architecture. By

identifying all sources of data, categorising data based on its level of sensitivity, and
implementing appropriate data handling policies and controls, organisations can ensure
that their critical data is protected according to its importance to the organisation. By
involving stakeholders from across the organisation and following a structured process,
organisations can ensure that their security architecture aligns with their business
objectives and effectively mitigates potential risks.
Page | 54
Here’s example of stablishing all data types:
❑ A financial services organisation establishes all data types that are included in their
security architecture, including personal information, financial data, and trade
secrets. The organisation categorises the data based on its level of sensitivity and
the level of protection required and determines that all data types require a high
level of protection, including access controls, encryption, and intrusion detection
systems. The organisation then develops data handling policies for each data type,
specifying who has access to the data, how it is transmitted and stored and how it
is disposed of when no longer needed.
1.4.1 Data classification

Data classification is the process of categorising data based on its level of sensitivity and the level of
protection required. This process is a critical component of an effective security architecture, as it enables
organisations to identify their most sensitive data and implement appropriate security measures to protect
it. In this section, we will discuss the importance of data classification and the process for categorising
data.
There are various methods that can be used to classify data based on its level of sensitivity and the level
of protection required.
Page | 55
Some common data classification methods include:
• Government classification scheme: This is a classification scheme developed and used by

government agencies, which typically categorises data into levels such as confidential, secret, and
top secret.
• Business classification scheme: This is a classification scheme developed and used by

businesses, which typically categorises data into levels such as confidential, internal use only and
public.
• Risk-based classification: This method categorises data based on the level of risk associated with
it (e.g., High. Moderate, Low). For example, data that, if compromised, could lead to financial loss or
reputational damage may be classified as high risk.
• Functional classification: This method categorises data based on the business function that it
supports. For example, customer data may be classified differently than financial data or human
resources data.
• Hybrid classification: This method combines two or more of the above methods to create a more
tailored approach to data classification. For example, a business may use a government
classification scheme for highly sensitive data and a risk-based classification scheme for other data
types.
Ultimately, the method used to classify data will depend on the specific needs and objectives of the
organisation, as well as any legal or regulatory requirements that may apply. It is important for
organisations to carefully consider their data classification approach and ensure that it aligns with their
overall security architecture and risk management strategy.
Data classification also helps organisations to comply with regulatory requirements and industry standards
by ensuring that sensitive data is protected in accordance with the relevant regulations and guidelines.
In conclusion, data classification is an essential process that helps organisations to identify, label and
protect their sensitive information. By classifying data based on its level of sensitivity, organisations can
implement appropriate security controls to ensure that data is protected against unauthorised access,
disclosure, and modification.
Effective data classification requires a clear understanding of the organisation's

information assets and the potential risks associated with those assets. Organisations
must also have policies and procedures in place to guide the classification process and
ensure that data is consistently classified across the organisation.
Read more about Business Impact Analysis (BIA)
Read more about What Is Business Impact Analysis?
Page | 56
Watch this short video (3m 50s) about Business Continuity (BC), Disaster Recovery (DR)
and Incident Response Concepts for CC℠ | Pluralsight
Here’s example of data classification:
❑ A healthcare organisation implements a data classification policy that categorises

patient health information as highly sensitive data and requires it to be protected
by strong access controls and encryption. The organisation develops data handling
policies for patient health information that specify who has access to the data, how
it is transmitted and stored and how it is disposed of when no longer needed. The
organisation then implements appropriate data protection controls, such as two-
factor authentication and encryption, to ensure that patient health information is
protected according to its sensitivity level.
1.4.2 Data ownership

Data ownership is the process of identifying who is responsible for the creation, management, and
protection of data within an organisation. Establishing clear data ownership is a critical component of an
effective security architecture, as it enables organisations to ensure that their critical data is being managed
and protected by the appropriate parties. In this section, we will discuss the importance of data ownership,
the process for identifying data owners.
• Determine data owners: Once the data sources have been identified, the next step is to determine
who is responsible for the creation, management, and protection of the data within each source. This
may involve considering factors such as the business unit or department that created the data, the
role of individual employees in managing the data and any legal or regulatory requirements for data
management.
• Develop data ownership policies: Once data owners have been identified, the organisation can
develop data ownership policies that specify the roles and responsibilities of data owners. This may
involve outlining who has access to the data, how it is transmitted and stored and how it is disposed
of when no longer needed.
• Implement data ownership controls: Once data ownership policies have been developed, the
organisation can implement appropriate data ownership controls to ensure that data is managed and
protected according to its ownership. This may involve implementing access controls, encryption, or
other security measures.
There are different types or levels of data ownership. The specific type or level of ownership will depend
on the organisation's policies and practices. Here are some examples:
• Functional ownership: This type of ownership designates specific business units or departments as
responsible for managing and protecting certain types of data. For example, the finance department
may be responsible for financial data, while the marketing department may be responsible for
customer data.
Page | 57
• Role-based ownership: This type of ownership designates specific roles or positions within the
organisation as responsible for managing and protecting certain types of data. For example, the IT
security team may be responsible for network traffic data, while the HR team may be responsible for
employee data.
• Individual ownership: This type of ownership designates individual employees as responsible for
managing and protecting certain types of data. For example, a sales representative may be
responsible for managing and protecting their customer data.
• Shared ownership: This type of ownership designates multiple individuals or departments as

responsible for managing and protecting certain types of data. For example, the finance and legal
departments may share ownership of financial data.
Ultimately, the type or level of data ownership will depend on the organisation's needs and objectives. It
is important for organisations to establish clear data ownership policies and controls to ensure that data
is managed and protected effectively.
Establishing clear data ownership is a critical component of an effective security

architecture. By identifying who is responsible for the creation, management, and
protection of data within the organisation, organisations can ensure that their critical data
is being managed and protected by the appropriate parties. By involving stakeholders
from across the organisation and following a structured process, organisations can
ensure that their security architecture aligns with their business objectives and effectively
mitigates potential risks.
Page | 58
Here’s example of data ownership:
❑ A financial services organisation identifies data owners for its customer data,
including the sales team, customer service team and data management team. The
organisation develops data ownership policies that specify the roles and
responsibilities of each data owner, including who has access to the data and how
it is protected. The organisation then implements appropriate data ownership
controls, such as access controls and encryption, to ensure that customer data is
managed and protected according to its ownership.
1.4.3 Data retention

Data retention is the process of determining how long data should be retained within an organisation and
in what form. Establishing clear data retention policies and controls is a critical component of an effective
security architecture, as it enables organisations to manage data in a way that minimises risk and meets
legal and regulatory requirements. In this section, we will discuss the importance of data retention and the
process for establishing data retention policies.
• Identify data types: The first step in establishing data retention policies is to identify the types of
data that are being managed within the organisation. This may include customer data, financial data,
intellectual property, and other sensitive information.
• Determine legal and regulatory requirements: Once the data types have been identified, the next
step is to determine any legal and regulatory requirements for data retention. This may involve
considering factors such as the type of data, the jurisdiction in which the organisation operates and
the industry in which it operates.
• Develop data retention policies: Once legal and regulatory requirements have been identified, the
organisation can develop data retention policies that specify how long data should be retained, in
what form and with what controls. This may involve considering factors such as the sensitivity of the
data, the purpose for which it was collected and any privacy considerations.
• Implement data retention controls: Once data retention policies have been developed, the
organisation can implement appropriate data retention controls to ensure that data is managed and
retained in accordance with its policies. This may involve implementing data backup and recovery
procedures, archiving data, or securely deleting data that is no longer needed.
Effective data retention policies must consider how data is stored and backed up, to ensure that the data
can be retained for the required period and in the required form. For example, if data is stored on a system
that is not backed up regularly, it may not be possible to retain the data for the required period of time.
Similarly, if data is stored on a system that is not properly secured, it may not be possible to retain the data
in a manner that is compliant with legal and regulatory requirements.
Effective storage and backup policies must also consider data retention requirements, to ensure that data
is stored and backed up in a manner that supports its retention. For example, if data is stored on a system
that is not designed for long-term storage, it may not be possible to retain the data for the required period.
Similarly, if data is backed up to a system that does not have the capacity to retain backups for the required
period, it may not be possible to restore the data when needed.
Page | 59
In summary, data retention policies and storage and backup policies are interdependent and must be
developed in a coordinated manner to ensure that data is managed and protected effectively.
Establishing clear data retention policies and controls is a critical component of an

effective security architecture. By identifying how long data should be retained, in what
form, and with what controls, organisations can ensure that their critical data is managed
and protected in a way that minimises risk and meets legal and regulatory requirements.
By involving stakeholders from across the organisation and following a structured
process, organisations can ensure that their security architecture aligns with their
business objectives and effectively mitigates potential risks.
Here’s example of data retention:
❑ A healthcare organisation identifies the types of data it manages, including patient

data, financial data, and research data. The organisation determines legal and
regulatory requirements for data retention, such as the HIPAA Privacy Rule and
state medical record retention laws. The organisation develops data retention
policies that specify how long data should be retained, in what form and with what
controls. The organisation then implements appropriate data retention controls,
such as archiving patient records and securely deleting financial data that is no
longer needed.
Page | 60
1.4.4 Data encryption

Data encryption is a crucial component of any organisation's security strategy, as it involves transforming
data into an unreadable format to protect it from unauthorised access. Data encryption involves using an
encryption algorithm to scramble the data so that it can only be read by someone with the appropriate
decryption key.
There are two main types of encryptions: symmetric encryption and asymmetric encryption.
Symmetric encryption
Symmetric encryption involves using the same key to encrypt and decrypt the data. This type of encryption
is relatively simple and fast, making it ideal for protecting large amounts of data. However, symmetric
encryption is less secure than asymmetric encryption, as anyone who has access to the encryption key
can decrypt the data.
Asymmetric encryption
Asymmetric encryption involves using a pair of keys - a public key and a private key - to encrypt and
decrypt the data. The public key is freely available and is used to encrypt the data, while the private key is
kept secret and is used to decrypt the data. Asymmetric encryption is more secure than symmetric
encryption, as even if an attacker obtains the public key, they cannot decrypt the data without the private
key.
There are several ways to implement data encryption, including:
• Full-disk encryption: Full-disk encryption involves encrypting the entire hard drive or storage device
to protect all of the data stored on it.
• File-level encryption: File-level encryption involves encrypting individual files or folders to protect
specific pieces of sensitive data.
• Database encryption: Database encryption involves encrypting the data stored in a database to
protect against unauthorised access.
• Communication encryption: Communication encryption involves encrypting data that is transmitted

over a network to protect it from interception and unauthorised access.
Page | 61
Data encryption is a critical component of any organisation's security strategy, as it helps

to protect sensitive data from unauthorised access. Adhering to best practices for data
encryption, such as using strong encryption algorithms, regularly updating encryption
keys, and implementing encryption at various levels of the technology stack, can help to
ensure that data remains secure and protected from cyber threats.
Read more about Data Classification (Data Management): A Complete Overview
Read more about Pluralsight Tech Blog | What is a Data Owner, Really?
Read more about Data retention | Home Affairs
Read more about What is encryption? Data encryption defined | IBM
Watch this short video (1m 43s) about What is Data Classification? - YouTube
Watch this short video (0m 59s) about Data Ownership - YouTube
Watch this short video (2m 45s) about Data Retention | Pluralsight
Watch this short video (1m 18s) about Data Retention - YouTube
Watch this video (5m 8s) about Introduction to Data Encryption | Pluralsight
Here’s example of data encryption:
❑ The use of full-disk encryption to protect data stored on a computer or mobile

device. Full-disk encryption involves encrypting the entire hard drive or storage
device so that all the data stored on it is protected. This type of encryption requires
the user to enter a password or passphrase to unlock the device and access the
data.
Page | 62
1.5 Document security architecture findings
This content may help you with Assessment: Activity 1.8, 2.1, 2.2, 2.3 and 3.3
Documenting all security architecture findings is a critical component of an effective security architecture.
By documenting all findings, organisations can ensure that they have a clear understanding of their security
posture and can identify areas where additional controls or enhancements may be needed. In this section,
we will discuss the importance of documenting all security architecture findings and the process for
documenting findings.
The process to document findings is:
• Identify findings: The first step in documenting all security architecture findings is to identify the
areas where the organisation's security posture may be at risk. This may include identifying
vulnerabilities, gaps in controls and other potential areas of concern.
• Record findings: Once findings have been identified, the organisation should record all findings in a
central repository. This may include a security incident management system, a risk register, or other
documentation tools.
• Analyse findings: Once all findings have been recorded, the organisation can analyse the findings
to identify trends, patterns, and potential root causes of the findings. This may involve using data
analytics tools, conducting interviews with stakeholders, or reviewing relevant policies and
procedures.
• Develop remediation plans: Once the findings have been analysed, the organisation can develop
remediation plans to address any identified gaps or vulnerabilities. This may involve implementing
additional controls, enhancing existing controls, or developing new policies and procedures.
Page | 63
Documenting all security architecture findings is a critical component of an effective

security architecture. By identifying and recording all findings, analysing the findings, and
developing remediation plans, organisations can ensure that they have a clear
understanding of their security posture, and can address any identified gaps or
vulnerabilities. By involving stakeholders from across the organisation and following a
structured process, organisations can ensure that their security architecture aligns with
their business objectives and effectively mitigates potential risks.
Here’s example of documenting security architecture findings:
❑ A financial organisation identifies a vulnerability in its web application that could

potentially allow an attacker to steal customer data. The organisation records this
finding in its security incident management system and analyses the finding to
identify potential root causes. The organisation then develops a remediation plan
to address the vulnerability, which includes implementing additional controls to
secure the web application.
1.5.1 Creating a document to capture security architecture findings

Creating a document to capture security architecture findings is a critical component of an effective security
architecture. A document to capture security architecture findings provides a comprehensive overview of
an organisation's security posture, including its policies, procedures, controls, and technologies.
The Security Architecture Design Information Gathering Report template on the following pages outlines
what you would include in a document to capture security architecture findings.
Page | 64
Security Architecture Design Information Gathering Report template
Purpose of the report
Provide a description of the purpose of this report. In your description, please explain what the report aims
to achieve, and the main objectives of the report. Additionally, describe the target audience of the report and
how it will benefit from the information presented in the report.
Security requirements of the organisation based on the organisation’s operations and

infrastructure
Provide a description of the security requirements of the organisation based upon the previous infrastructure
and analysis. In your description, explain how the previous infrastructure and analysis impact the security
requirements of the organisation. Additionally, describe the key security goals of the organisation and how
it plans to manage risk.
Industry standard design methodology to be used for creating a security architecture: explain why
your chosen design methodology is the most suitable
Provide a description of the industry standard design methodology that will be used to create a security
architecture. In your description, explain how the methodology can be applied to the organisation's specific
security needs and explain why your chosen design methodology is the most suitable.
Data that will be protected by the security architecture
Provide a description of the data types that will be protected by the security architecture. In your description,
explain the different types of data that need to be protected, including HR, financial, client, passwords.
Page | 65
Security levels required for the different data in the organisation
Provide a description of the level of security required for the system. In your description, explain the data
that needs to be protected, the security level to be used for each type of data and the reason for assigning
each security level.
Data to be protected Security level to be used Reason for assigning security

level
The mode of security required for the system
Provide a description of the mode of security required for the system. In your description, explain why you
have selected that mode of security and how it will contribute to the security goals of the organisation.
Outline how you will secure the perimeter of the system
Provide a description of how you will secure the perimeter of the system. In your description, explain how
the use of a perimeter will contribute to the security goals of the organisation.
What security features are required for the system
Outline the security features required for the system. In your description, explain your reasoning for including
those features.
Page | 66
Diagram of current security architecture for the organisation
Include a diagram of the current security architecture for the organisation. In your description, explain the
different components of the architecture and how they are connected, and whether the current security
architecture meets the organisation's security goals and the security measures that need to be implemented
to address the identified risks and vulnerabilities of the organisation.
For this task you might use the Creately platform.
Creately video tutorial for beginners: Creately Tutorial 2023 for beginners - How to Use Creately (Step by
Step) - 10m09s
Here’s example of creating a security architecture document:
❑ A large retail organisation creates a document to capture security architecture

findings that includes policies and procedures for access control, data classification
and retention and incident response. The document also includes network and
system diagrams, risk assessments and a summary of the organisation's
compliance with legal and regulatory requirements. The document is organised in
a logical manner that makes it easy to read and understand and is regularly
reviewed and updated to ensure that it remains current.
Page | 67
1.5.2 Communicating findings to stakeholders

Communicating findings to stakeholders is a critical component of an effective security architecture. By
communicating findings to stakeholders, organisations can ensure that all relevant parties are aware of
the organisation's security posture, potential risks, and remediation plans. In this section, we will discuss
the importance of communicating findings to stakeholders and the process for communicating findings.
Identify stakeholders
The first step in communicating findings to stakeholders is to identify the key stakeholders who need to be
informed. This may include executives, IT and security teams, legal and compliance teams, and business
teams.
Develop a communication plan
Once the stakeholders have been identified, the organisation can develop a communication plan that
outlines the key messages, timing, and format of the communication. The communication plan should be
tailored to the specific needs of each stakeholder group.
Deliver the communication
Once the communication plan has been developed, the organisation can deliver the communication to the
stakeholders. This may involve using a variety of communication channels, such as email, presentations,
or meetings.
Follow up and monitor progress
Once the communication has been delivered, the organisation should follow up with stakeholders to ensure
that they understand the findings and any remediation plans. The organisation should also monitor
progress to ensure that the remediation plans are being implemented effectively.
Page | 68
Communicating findings to stakeholders is a critical component of an effective security

architecture. By identifying stakeholders, developing a communication plan, delivering
the communication, and following up and monitoring progress, organisations can ensure
that all relevant parties are aware of the organisation's security posture, potential risks,
and remediation plans. By using clear and concise language and tailoring the
communication to the specific needs of each stakeholder group, organisations can
ensure that their security architecture aligns with their business objectives and effectively
mitigates potential risks.
Read more about How to Create a Security Architecture - Dragon1
Read more about Security Architecture Report PDF (137KB)
Watch this short video (1m 51s) about The Writing Process: An Overview | Pluralsight
Watch this short video (3m 12s) about The Planning Phase: Purpose | Pluralsight
Watch this short video (6m 19s) about The Planning Phase: Audience | Pluralsight
Watch this short video (0m 57s) about The Planning Phase: Delivery | Pluralsight
Watch this short video (1m 51s) about Managing IT: Communication | Pluralsight
Here’s example of communicating findings to stakeholders:
❑ A healthcare organisation identifies a vulnerability in its electronic medical records

system that could potentially allow an attacker to access patient data. The
organisation develops a communication plan that outlines the key messages,
timing, and format of the communication. The organisation delivers the
communication to executives, IT and security teams, legal and compliance teams
and business teams using a variety of channels, including email, presentations,
and meetings. The organisation follows up with stakeholders to ensure that they
understand the findings and any remediation plans and monitors progress to
ensure that the remediation plans are being implemented effectively.
Page | 69
Case Study: Brewed Awakening

Brewed Awakening is a very successful chain of cafes in the bustling
Melbourne CBD. Owner/CEO Jay Mulligan started with a single café eight
years ago and has grown to six sites with a small support team in the office
located on the top floor of one of the cafes.
Jay is concerned about the security of the office IT network. All the stores’
sales data, stock information and customer details are stored on the server
at the office. With recent high profile cyber-attacks making the news, Jay is
very aware that an attack on their network could shut down operations in all
the cafes and cause chaos if their data was lost. Jay has engaged the
services of Bridie from CyberSecure, a local cyber security company with a
strong reputation.
Background
Their current system architecture in the office at Brewed Awakening is shown below:
Page | 70
Bridie spent some time at the Brewed Awakening office, talking to Jay and other team
members and reviewing information about the business operations. Once she had gathered
enough information, she put together a SAD (security architecture design) information
gathering report. The SAD report collated the information Bridie needed to prepare her to
design a new security architecture for the office.
A copy of the report that Bridie completed is included below:
SAD Information Gathering Report – Brewed Awakening
Purpose of the report
The purpose of this report is to gather and analyse information to design a security architecture for Brewed
Awakening. The report provides an overview of the security requirements of the organisation, the security
design methodologies that will be used, the level of security required for the system, the different modes of
security available, the perimeter and features of security provided, the data types that will be protected by
the security architecture, and a diagram of the current security architecture for the organisation.
Security requirements of the organisation based on the organisation’s operations and

infrastructure
Based on the analysis of the current infrastructure and operations of Brewed Awakening, the organisation
requires a robust security architecture to protect against cyber-attacks and data breaches. The critical
assets of the organisation include sales and financial data, HR data, and customer personal information.
These assets need to be protected by appropriate security controls to prevent a breach.
Industry standard design methodology to be used for creating a security architecture: explain why
your chosen design methodology is the most suitable
The Sherwood Applied Business Security Architecture (SABSA) design methodology will be followed when
developing the security architecture for Brewed Awakening.
The SABSA methodology is a holistic approach that considers the organisation's business goals,
processes and systems, as well as the risks and threats facing the organisation. It provides a structured
framework for developing security architecture that is flexible and adaptable to changing business needs
and evolving security threats. Brewed Awakening is a young business that is expected to continue to
evolve considerably in the coming years, therefore it requires a flexible system architecture that can grow
and develop with the business.
Page | 71
Data that will be protected by the security architecture
• HR data
• Financial data
• Website data
• Customer Information
Security levels required for the different data in the organisation
Data to be protected Security level to be used Reason for assigning security level
HR data is sensitive and must be protected from

HR data Medium
unauthorised access
Customer data is highly sensitive and should only

Customer data High
be accessed by authorised personnel
Financial data is highly sensitive and should only

Financial data High
be accessed by authorised personnel
Website data is not sensitive and can be

Website data Low
accessed by anyone
The mode of security required for the system
The security architecture for Brewed Awakening will utilise:
Compartmented security mode:
In summary: all users can access SOME data, based on their need to know and formal access approval
Outline how you will secure the perimeter of the system
The perimeter will be secured using firewalls at external connectivity points, applying and maintaining
stringent firewall settings, enforcing VPN for remote access, encryption-in-transit and for data-at-rest, and
authenticating all user’s access.
Page | 72
What security features are required for the system
The security features required for the system include:
• Password security
• Security activity notifications
• Password attempt threshold/ account lockout
• Automation
• Sessions
Diagram of current security architecture for the organisation
Page | 73
2 Design Security Architecture

So far in this eBook we have addressed how to:
• Prepare to design security infrastructure
This section of the eBook will focus on how to design security architecture, including how to:
• Establish and document specific requirements and features of security requirements
• Design and document security solution according to organisational requirements
• Submit documentation to required personnel for initial feedback
Page | 74
2.1 Establish and document specific requirements and features
This content may help you with Assessment: Activity 2.1 and 2.2
2.1.1 Security controls
In today's digital age, the importance of security controls cannot be overstated. These measures are
designed to protect your organisation's information, safeguard your assets, and ensure business continuity.
This section will introduce you to the concept of security controls and provide a thorough understanding of
their different types. We will also share practical tips for implementing these controls and examples to help
you visualise their application in real-world scenarios.
Security controls can be divided into three categories:
1. Administrative
2. Physical
3. Technical.
Let's dive deeper into each of these categories.
1. Administrative controls
Administrative controls are procedures and policies that help manage and regulate the behaviour of people
within an organisation. These controls ensure that employees understand their responsibilities regarding
information security and follow the best practices.
Page | 75
Some examples of administrative controls include:
• Security awareness training • Incident response plans
• Access control policies • Regular audits and assessments
2. Physical controls
Physical controls are measures designed to protect your organisation's assets and information by
preventing unauthorised physical access. These controls can be as simple as locks on doors or as
sophisticated as biometric security systems. Examples of physical controls include:
• Security guards • Surveillance cameras
• Access control systems (e.g., key cards, biometrics) • Secure server rooms
3. Technical controls
Technical controls are mechanisms implemented in hardware, software, or firmware to protect your
information systems and network infrastructure. These controls are essential for preventing unauthorised
access and maintaining the integrity and confidentiality of your data. Examples of technical controls
include:
• Firewalls
• Intrusion detection and prevention systems
• Encryption
• Multi-factor authentication
Page | 76
For implementing security controls
To maximise the effectiveness of your security controls, consider the following tips:
• Conduct a risk assessment to identify your organisation's unique threats and vulnerabilities.
• Develop a comprehensive security policy that addresses all three types of controls.
• Train employees regularly on security best practices and protocols.
• Monitor and maintain your security controls to ensure their continued effectiveness.
• Regularly audit and assess your security controls to identify areas for improvement.
Security controls are an essential component of any organisation's information security

strategy. By understanding and implementing administrative, physical, and technical
controls, you can significantly reduce the risk of data breaches and other security
incidents. Regularly evaluate and update your security controls to ensure that your
organisation stays ahead of emerging threats and maintains a strong security posture.
Read more about What Are Security Controls? | F5
Watch this short video (1m 44s) about Incident Response Process | Pluralsight
Watch this short video (1m 22s) about Securing Physical Assets | Pluralsight
Watch this short video (1m 34s) about Cameras and Video Surveillance | Pluralsight
Watch this video (6m 22s) about Firewalls | Pluralsight
Watch this video (5m 48s) about NIDS and NIPS | Pluralsight
Watch this video (8m 10s) about Data Encryption | Pluralsight
Page | 77
Here’s some real-world examples to illustrate the application of security controls:
❑ A healthcare organisation implements a strict access control policy, requiring

employees to use multi-factor authentication when accessing sensitive patient
information.
❑ A retail store installs surveillance cameras and employs security guards to deter
theft and vandalism.
❑ A financial institution uses encryption to protect customer data during online

transactions and stores sensitive information in a secure, offsite data centre.
2.1.2 Security services
As organisations continue to rely more on technology and digital platforms, the need for robust security
measures has never been greater. Security services are designed to help organisations protect their
sensitive information, minimise risks and maintain compliance with industry regulations. In this section, we
will explore the various types of security services available, discuss their benefits and provide tips on
choosing the right service for your organisation.
There are several types of security services that organisations can leverage to enhance their overall
security posture. The following are the most common categories of security services:
Managed security services
Managed Security Services (MSS) are provided by specialised vendors that take care of your
organisation's security needs. These services can include security monitoring, vulnerability management
and threat intelligence. MSS providers typically offer continuous support and can help free up internal
resources, allowing your organisation to focus on its core business objectives.
Page | 78
Security consulting services
Security consulting services involve working with experts who can assess your organisation's current
security posture, identify gaps, and recommend strategies to improve your security defences. Consultants
can help with tasks such as creating security policies, performing risk assessments, and conducting
penetration tests.
Security monitoring and incident response
Security monitoring and incident response services focus on detecting, analysing, and responding to
security incidents in real-time. These services usually involve deploying advanced tools and technologies,
along with a team of security experts, to identify and address potential threats before they can cause
significant damage.
For choosing security services
When choosing the right security services for your organisation, consider the following tips:
• Assess your organisation's specific security needs and requirements.
• Research potential providers, their expertise, and their reputation in the industry.
• Determine the level of support and customisation you require from the service provider.
• Evaluate the cost-effectiveness of the services being offered.
• Ensure the provider complies with relevant industry standards and regulations.
Page | 79
Security services play a critical role in helping organisations safeguard their valuable
assets and information. By choosing the right security services based on your
organisation's unique needs, you can significantly improve your overall security posture
and reduce the likelihood of costly security incidents. Remember to carefully evaluate
potential providers and maintain a strong partnership to ensure ongoing success in your
security efforts. With the right security services in place, your organisation can operate
confidently and securely in an increasingly connected digital world.
Read more about List of Managed Security Services Providers (MSSPs) in Australia
Watch this short video (2m 37s) about What is a Managed Security Service Provider
(MSSP)? - YouTube
Here’s some real-world examples to illustrate the application of security services:
❑ A small business partners with a Managed Security Service Provider (MSSP) to

handle their network security, allowing them to focus on growing their business
without worrying about cyber threats.
❑ A large corporation hires a security consulting firm to perform a comprehensive risk

assessment and create a detailed security strategy to protect their valuable
intellectual property.
❑ An e-commerce company invests in security monitoring and incident response

services to ensure the rapid detection and mitigation of potential cyberattacks on
their website and payment systems.
Page | 80
2.1.3 Security mechanisms
Security mechanisms are fundamental components of a robust security strategy. They serve as the building
blocks for creating a secure digital environment and protecting an organisation's valuable assets and
information. In this section, we will explore various security mechanisms, their purpose and how they
contribute to an organisation's overall security posture. Additionally, we will provide tips for effectively
implementing these mechanisms and share examples to help illustrate their use in real-world scenarios.
The following are some of the most critical security mechanisms that organisations should consider
implementing:
Authentication
Authentication is the process of verifying the identity of a user, device, or system. It ensures that only
authorised individuals can access sensitive information and resources. Common authentication
mechanisms include passwords, biometrics (e.g., fingerprint or facial recognition) and hardware tokens.
Authorisation
Authorisation is the process of granting or denying access to specific resources based on a user's
authenticated identity. This mechanism ensures that users can only access the information and resources
necessary for their job function, minimising the potential damage in case of a security breach. Role-based
access control (RBAC) and attribute-based access control (ABAC) are examples of authorisation
mechanisms.
Page | 81
Encryption
Encryption is a mechanism used to protect the confidentiality and integrity of data by converting it into an
unreadable format. Only authorised parties with the correct decryption key can access the original,
unencrypted data. Encryption is widely used to protect sensitive information, such as financial data or
personal information, both in transit and at rest.
Auditing and logging
Auditing and logging are mechanisms that record and analyse user activities and system events. These
mechanisms help organisations detect and investigate potential security incidents, maintain regulatory
compliance, and identify areas for improvement. Log data can also be used to generate reports, analyse
trends, and measure the effectiveness of security policies and controls.
Intrusion detection and prevention
Intrusion Detection and Prevention Systems (IDPS) are security mechanisms designed to identify and
block potential security threats in real-time. These systems monitor network traffic and system activities for
signs of malicious behaviour and can automatically take action to prevent or mitigate the threat.
Page | 82
For implementing security mechanisms
When implementing security mechanisms, consider the following tips:
• Conduct a risk assessment to identify your organisation's specific security needs and requirements.
• Choose security mechanisms that align with your organisation's security goals and objectives.
• Prioritise the implementation of mechanisms that address your most critical risks and vulnerabilities.
• Regularly review and update your security mechanisms to ensure their continued effectiveness.
• Train employees on the proper use of security mechanisms and the importance of following security
best practices.
Security mechanisms are essential components of a comprehensive security strategy. By

understanding and implementing various security mechanisms, organisations can
significantly enhance their overall security posture and protect their valuable assets and
information. To ensure the effectiveness of these mechanisms, organisations should
regularly review and update them and ensure that employees are trained on their proper
use. By implementing strong security mechanisms, organisations can build a robust
defence against cyber security threats and maintain a secure digital environment.
Read more about Security Mechanisms > Developing Network Security Strategies
Here’s some real-world examples to illustrate the application of security mechanisms:
❑ A financial institution uses multi-factor authentication (MFA) to ensure that only

authorised employees can access sensitive customer data.
❑ A healthcare provider implements role-based access control (RBAC) to restrict access

to patient records based on the job function of each staff member.
❑ A retail company encrypts customer credit card information during online transactions
to protect against data theft.
❑ A government agency uses intrusion detection and prevention systems (IDPS) to

monitor their network traffic for signs of cyberattacks and respond accordingly.
❑ An e-commerce website maintains detailed logs of user activities and regularly audits
them to detect potential security incidents and maintain compliance with regulations.
Page | 83
2.2 Design and document security solution
This content may help you with Assessment: Activity 2.1 and 2.2
2.2.1 System design principles
System design principles are fundamental guidelines that help create robust, efficient, and scalable digital
solutions. Adhering to these principles can significantly enhance the overall quality and longevity of your
systems while reducing the complexity and cost of maintenance. In this section, we will explore various
system design principles, their benefits and how they can be applied to create effective digital solutions.
Additionally, we will provide tips for implementing these principles and share examples to illustrate their
use in real-world scenarios.
The following are some essential system design principles that can help guide the development of robust
and scalable digital solutions:
Modularity
Modularity is the practice of dividing a system into smaller, self-contained components or modules. This
principle promotes the separation of concerns, making it easier to understand, develop and maintain each
component independently. Modularity also enhances reusability, as individual modules can be shared
across different projects or systems.
Page | 84
Scalability
Scalability refers to a system's ability to handle increasing workloads or accommodate growth without
compromising performance. Designing scalable systems ensures that they can efficiently adapt to changes
in demand, minimising the need for frequent redesigns or upgrades.
Flexibility
Flexibility is the ability of a system to easily accommodate changes in requirements or functionality. A

flexible system design allows for the easy addition, modification, or removal of components, enabling
organisations to quickly respond to changing market conditions or business requirements.
Performance
Performance is a critical aspect of system design, encompassing factors such as response time,
throughput, and resource utilisation. Designing systems with performance in mind ensures that they can
efficiently handle tasks and deliver a satisfactory user experience.
Maintainability
Maintainability is the ease with which a system can be modified or repaired. Designing systems with
maintainability in mind ensures that they can be easily updated, debugged, and maintained throughout
their lifecycle. This principle contributes to reduced maintenance costs and improved system longevity.
Page | 85
For implementing system design principles
When implementing system design principles, consider the following tips:
• Understand the specific requirements and constraints of your project before beginning the design
process.
• Involve stakeholders and end-users in the design process to ensure that their needs and
expectations are considered.
• Focus on creating simple, modular designs that promote reusability and ease of maintenance.
• Test and iterate on your designs to identify and address potential performance bottlenecks or
scalability issues.
• Continuously evaluate and refine your design principles based on feedback and lessons learned
from past projects.
Adhering to system design principles is crucial for creating robust, efficient, and scalable
digital solutions. By understanding and applying these principles, developers and
organisations can create systems that are easier to maintain, update, and adapt to
changing requirements. By continuously refining and evaluating your design principles
based on feedback and past experiences, you can ensure that your systems remain
resilient and effective in an ever-evolving digital landscape.
Read more about System Design Principles - Technical Program Management: A

Practitioner's Guide
Page | 86
Here’s some real-world examples to illustrate the application of security design principles:
❑ An e-commerce platform is designed with modularity in mind, allowing the

development team to easily add or remove features as market trends change.
❑ A social media application is built with scalability in mind, ensuring that it can
handle rapid growth in user numbers and data volume without impacting
performance.
❑ A content management system is designed for flexibility, enabling organisations to

customise its functionality to meet their unique needs and requirements.
❑ A gaming platform prioritises performance in its design, providing a seamless and

enjoyable experience for players.
❑ A customer relationship management (CRM) system is designed with

maintainability in mind, making it easy for developers to update, debug and
enhance the system over time as business requirements evolve.
2.2.2 Systems components

System components are the building blocks that make up digital solutions. They include hardware,
software, networking, data storage and user interface elements that work together to deliver functionality
and performance. Understanding these components and their interactions is crucial for designing and
maintaining robust, efficient, and scalable systems. In this section, we will explore various system
components, their roles and how they contribute to the overall functionality of a system. Additionally, we
will provide tips for selecting and integrating system components and share examples to illustrate their use
in real-world scenarios.
The following are some of the key categories of system components that play critical roles in digital
solutions:
Hardware components
Hardware components are the physical devices and

equipment that make up a computer or network system.
These components include processors, memory, storage
devices and peripherals like keyboards, mice, and
monitors. Hardware components provide the necessary
computing power and resources for a system to run and
perform tasks.
Page | 87
Software components
Software components are the programs, applications and

operating systems that run on hardware devices. They provide
the functionality and logic that enable users to interact with
and perform tasks on a system. Software components can be
categorised into system software, such as operating systems
and drivers and application software, which includes
productivity tools, web browsers and games.
Network components
Network components are the devices and equipment used to connect

and manage communication between different systems and devices.
These components include routers, switches, firewalls, and access
points. Network components enable data transmission and facilitate
the sharing of resources and information across a network.
Data storage components
Data storage components are the devices and systems used to

store and manage digital data. These components include local
storage devices, such as hard drives and solid-state drives and
remote storage solutions, like cloud storage services. Data
storage components ensure that data is securely stored, easily
accessible and protected from loss or corruption.
User interface components
User interface components are the elements that enable users to

interact with a system. These components include graphical user
interfaces (GUIs), command-line interfaces (CLIs) and touch-
based interfaces. User interface components are essential for
providing a seamless and intuitive user experience, enabling users
to efficiently navigate and interact with a system.
Page | 88
For choosing and integrating system components
When selecting and integrating system components, consider the following tips:
• Understand your system requirements and goals before choosing components, ensuring that they
align with your project's needs and objectives.
• Prioritise compatibility and interoperability between components to avoid integration challenges and
ensure seamless functionality.
• Consider the scalability and future growth of your system when selecting components, ensuring that
they can accommodate increasing workloads or changing requirements.
• Evaluate the reliability, performance, and security of each component, as they can significantly
impact the overall quality and stability of your system.
• Regularly review and update your system components to ensure their continued effectiveness and
compatibility with new technologies and standards.
Understanding and effectively integrating system components is crucial for creating

robust, efficient, and scalable digital solutions. By selecting the right components that
align with your system requirements and goals, you can build a system that delivers
seamless functionality and performance. Regularly reviewing and updating your system
components ensures that your digital solutions remain compatible with new technologies
and standards while maintaining their effectiveness and stability. By carefully considering
the various components that make up your system, you can create a strong foundation
for a successful and resilient digital solution.
Here’s some real-world examples to illustrate the application of systems components:
❑ A gaming console uses specialised hardware components, such as a powerful

processor and graphics card, to deliver high-performance gaming experiences.
❑ A cloud-based file-sharing application relies on remote data storage components

to securely store and manage user files.
❑ A corporate network uses network components, such as routers and firewalls, to

manage and secure data communication between devices and systems.
❑ A mobile banking application uses user interface components to provide a user-

friendly and intuitive experience for customers to manage their finances.
Page | 89
2.2.3 Systems interfaces

System interfaces are essential components of any software system, allowing the system to communicate
with other systems or devices. They serve as the entry and exit points for data or commands, making it
possible for different systems to work together seamlessly. As software systems have become more
complex, the importance of system interfaces has only grown. This section will provide an overview of
system interfaces, including content development and explanations, tips, and examples.
System interfaces can take many forms, depending on the system being developed and the types of
devices or systems it needs to communicate with. Some common types of system interfaces include:
• Application Programming Interfaces (APIs)
• User Interfaces (UIs)
• Command Line Interfaces (CLIs)
• Network Interfaces (NIs)
APIs
APIs are perhaps the most common type of system interface. They
provide a way for software systems to communicate with each other
through a set of defined protocols, methods, and tools. APIs can be used
to access data or services from a remote system, to perform specific
tasks, or to integrate different software systems.
User Interfaces (UIs)

User Interfaces (UIs) are the primary means of interaction between a
user and a software system. They can take many forms, including
graphical user interfaces (GUIs), command-line interfaces (CLIs) and
web interfaces. UIs allow users to interact with a software system in
a way that is intuitive and easy to understand.
Command Line Interfaces (CLIs)
Command Line Interfaces (CLIs) are text-based interfaces that allow

users to interact with a software system through a command-line
interface. CLIs are often used for system administration tasks,
allowing administrators to perform common tasks quickly and easily
without the need for a graphical user interface.
Page | 90
Network Interfaces (NIs)

Network Interfaces (NIs) are the interfaces that allow software
systems to communicate with other systems over a network. NIs can
take many forms, including network protocols like TCP/IP or HTTP,
or hardware interfaces like Ethernet or Wi-Fi.
For choosing and integrating system interfaces
When designing and implementing system interfaces, there are several tips that can help ensure their
effectiveness and usability:
• Keep it simple: Interfaces should be easy to use and understand, with clear and concise commands
or functions.
• Consistency: Use consistent design patterns and naming conventions across all interfaces to
minimise confusion and errors.
• Flexibility: Interfaces should be designed to accommodate different user needs and skill levels, with
options for customisation and personalization.
• Documentation: Provide clear and concise documentation for all interfaces, including instructions
for use, troubleshooting guides and examples.
• Testing: Perform thorough testing of all interfaces, including both functional and usability testing, to
ensure they meet user needs and expectations.
System interfaces are critical components of any software system, allowing different
systems and devices to work together seamlessly. APIs, UIs, CLIs, and NIs are just a
few examples of the types of system interfaces that are commonly used today. When
designing and implementing system interfaces, it is essential to keep them simple,
consistent, flexible, well-documented, and thoroughly tested. By following these tips,
developers can create effective and user-friendly system interfaces that will enable
users to easily interact with and benefit from the software system. As technology
continues to evolve, system interfaces will only become more important, and developers
must keep up with the latest trends and best practices to ensure that their software
systems remain relevant and competitive in the marketplace.
Page | 91
2.2.4 Security architecture design documentation

The Security Architecture Design Documentation template below outlines what you would include when
documenting your security solution.
Security Architecture Design Documentation template
Establish and document specific requirements of the security solution
Provide a summary of the specific requirements of the security solution. In your description, outline the
specific hardware components, software components, network components, data storage components and
user interface components that are required within the new security architecture for the organisation.
Establish and document specific features required in the security solution
Provide a summary of specific features required in the security solution. In your description, outline whether
the new security architecture requires modularity, scalability, or flexibility. Explain how your chosen features
will help protect the organisation from cyber-attacks.
Design new security architecture
Design the new security architecture: provide a diagram of the security architecture that illustrates how the
different components are connected and how they work together to provide comprehensive protection
against cyber-attacks for the organisation.
Creately video tutorial for beginners: Creately Tutorial 2023 for beginners - How to Use
Creately (Step by Step) - 10m09s
Page | 92
Here’s some real-world examples to illustrate the application of systems interfaces:
❑ Amazon Web Services (AWS) API: AWS provides a comprehensive set of APIs for
accessing its cloud services, allowing developers to easily integrate AWS services
into their own software systems.
❑ Windows Command Prompt: The Windows Command Prompt is a CLI interface

that allows users to interact with the Windows operating system through a
command-line interface.
❑ Slack User Interface: Slack's UI is a popular collaboration tool that provides an

intuitive and easy-to-use interface for team communication and collaboration.
❑ HTTP Network Interface: HTTP is a widely used network protocol that provides a
standard way for software systems to communicate over the internet.
Page | 93
2.3 Submit documentation for initial feedback
Network security architecture is a critical aspect of any organisation's security infrastructure. Submitting
documentation for initial feedback is an essential step in ensuring that the network security architecture is
designed and implemented according to the intended requirements. In this section, we will explore the
importance of submitting documentation for initial feedback for network security architecture, including
content development and explanations, tips, and examples.
When submitting documentation for initial feedback for network security architecture, the following key
elements should be included:
• Network diagram: A network diagram should be included in the documentation, providing a

comprehensive overview of the network architecture, including devices, connections, and traffic flow.
• Threat model: A threat model should be developed to identify potential threats and vulnerabilities to
the network. This should include potential attackers, their methods of attack and the potential impact
of a successful attack.
• Security controls: The security controls that will be used to mitigate identified threats and
vulnerabilities should be included in the documentation. This includes access controls, firewalls,
intrusion detection systems and encryption.
• Incident response plan: An incident response plan should be included in the documentation for
initial feedback. This plan outlines the procedures that will be followed in case of a security incident.
For submitting documentation
When submitting documentation for initial feedback for network security architecture, the following tips can
help ensure the effectiveness and usefulness of the documentation:
• Conduct a security risk assessment: A security risk assessment should be conducted to identify
potential threats and vulnerabilities of the network.
• Use industry standards: Use industry standards to ensure the security controls implemented in the
network meet best practices.
• Follow a secure development lifecycle: A secure development lifecycle should be followed to

ensure that security is built into the network from the beginning.
• Consider the user experience: When designing security controls, it is important to consider the
user experience to ensure that the security measures do not impede the usability of the network.
Submitting documentation for initial feedback is a critical aspect of ensuring that the network security
architecture is designed and implemented according to the intended requirements.
Page | 94
By including a network diagram, threat model, security controls and incident response plan in the
documentation, network administrators can ensure that their network is designed and implemented with
security in mind. Following industry standards, a secure development lifecycle and considering the user
experience can further improve the security of the network. Through submitting the documentation for initial
feedback, network administrators can receive feedback on the security architecture of the network,
allowing them to make necessary changes and improvements.
Submitting documentation for initial feedback is a critical step in the process of

developing any project, as it allows stakeholders to review and provide feedback on the
project's progress. Following the tips outlined in this chapter can help you submit
documentation for initial feedback effectively and ensure that the project remains on
track. By submitting documentation for initial feedback, you can ensure that the project
meets stakeholders' needs and requirements and is completed successfully.
Here are some examples of network security architecture design documentation that
could be submitted for initial feedback:
❑ Network Security Architecture Design Document: This document should provide a

comprehensive overview of the network security architecture, including the
network diagram, threat model, security controls and incident response plan.
❑ Security Risk Assessment Report: This report should detail the results of the
security risk assessment conducted for the network, including identified threats and
vulnerabilities.
❑ Security Controls Implementation Plan: This plan should outline the specific
security controls that will be implemented to mitigate identified threats and
vulnerabilities.
Page | 95
Jay signed off on the information gathering report that Bridie submitted and Bridie moved
on to develop and document the new security architecture. The report she provided to Jay
is shown below:
Security Architecture Design - Brewed Awakening
Establish and document specific requirements of the security solution
Provide a summary of the specific requirements of the security solution. In your description, outline the
specific hardware components, software components, network components, data storage components and
user interface components that are required within the new security architecture for the organisation.
After conducting a thorough analysis of Brewed Awakenings infrastructure and operations, the following
security solutions are recommended to protect against cyber-attacks:
• Physical door and lock on server in office
• Two firewalls
• Server
• Router
• Switch
• Printer
• Four PCs
• Cloud storage
• Two-factor authentication
Page | 96
Security Architecture Design - Brewed Awakening
Establish and document specific features required in the security solution
Provide a summary of specific features required in the security solution. In your description, outline whether
the new security architecture requires modularity, scalability, or flexibility. Explain how your chosen features
will help protect the organisation from cyber-attacks.
After conducting a thorough analysis of Brewed Awakenings infrastructure and operations, the following
security features are recommended to protect against cyber-attacks:
• The system should be designed with modularity in mind, allowing the IT team to easily add or remove
components as the organisation grows and cyber threats evolve.
• Modularity will also separate the system so that the sensitive data is stored in a self-contained module,
reducing the risk of unauthorised access.
• The system must be scalable so that as Brewed Awakenings grows, more employees can be allowed
access to the system without compromising performance.
Design new security architecture
Design the new security architecture: provide a diagram of the security architecture that illustrates how the
different components are connected and how they work together to provide comprehensive protection
against cyber-attacks for the organisation.
Page | 97
Page | 98
3 Finalise Security Architecture

So far in this eBook we have addressed how to:
• Prepare to design security infrastructure
• Design security architecture
This section of the eBook will focus on how to finalise security architecture, including how to:
• Demonstrate security design utilises major industry standard design methodologies
• Demonstrate security design addresses organisational cyber security requirements
• Submit documentation to required personnel and seek and respond to feedback
Page | 99
3.1 Demonstrate security design utilises major industry standard design

methodologies
This content may help you with Assessment: Activity 2.1. and 2.2
A robust security architecture is critical for organisations to protect their critical assets and minimise
potential risks. Utilising major industry-standard design methodologies, such as NIST, ISO/IEC 27001,
SABSA and TOGAF, can help organisations develop comprehensive, risk-based security architectures
tailored to their unique needs. In this section, we will explore the benefits and implementation process for
each of these methodologies, demonstrating how an e-commerce company can successfully integrate
them into a comprehensive security design.
1.1.3 NIST: Risk-based approach to security architecture

Identifying assets and assessing risks
The e-commerce company begins by identifying its critical assets, including customer data, payment
processing systems and IT infrastructure. It then conducts a risk assessment to identify potential threats
and vulnerabilities to these assets, considering factors such as the likelihood of an attack, potential impact,
and existing security controls.
Prioritising security efforts and allocating resources
Based on the risk assessment, the company prioritises its cyber security efforts, focusing on the most
critical assets and risks. It allocates resources, accordingly, ensuring that the most significant risks are
addressed first. This prioritisation allows the organisation to optimise its security investments and minimise
the potential impact of a successful attack.
1.1.4 ISO/IEC 27001: Establishing an information security management system

(ISMS)
Identifying risks and applying security controls
The e-commerce company identifies risks to its critical assets and processes by conducting a risk
assessment as part of its ISMS implementation. Based on the identified risks, the company applies relevant
security controls from the ISO/IEC 27001 Annex A, tailoring the controls to its specific needs and risk
appetite.
Conducting regular audits and reviews
The company conducts regular audits and reviews of its security controls and ISMS to ensure compliance
with the ISO/IEC 27001 standard and maintain the effectiveness of the ISMS. This includes assessing the
performance of implemented controls, identifying areas for improvement, and making necessary
adjustments to the ISMS based on the findings.
Page | 100
1.1.5 SABSA: Business-driven security architecture

Developing a risk management plan
The e-commerce company develops a risk management plan using the SABSA framework, which
prioritises its cyber security efforts based on the potential impact to the business. This plan helps the
organisation allocate resources effectively, focusing on the most critical risks and ensuring that security
measures are proportional to the level of risk.
Designing security services and components based on SABSA methodology
The company designs security services and components that align with its business objectives and risk
appetite, following the SABSA methodology. This includes implementing preventive and detective controls,
such as access controls, encryption, and intrusion detection systems, as well as designing incident
response plans and recovery strategies.
1.1.6 TOGAF: Structured approach to security architecture

Leveraging TOGAF's reference models
The e-commerce company utilises the TOGAF Technical Reference Model (TRM) and Integrated
Information Infrastructure Reference Model (III-RM) as starting points for designing a secure architecture
that aligns with its business objectives and risk appetite. These reference models provide a common
language and taxonomy for describing IT architectures and can be tailored to include specific security
requirements.
Aligning security architecture with business objectives
The company ensures that its security architecture supports its overall business goals, such as maintaining
customer trust, ensuring regulatory compliance, and enabling secure online transactions. By aligning the
security architecture with business objectives, the company can more effectively prioritise its security
efforts and ensure that its cyber security investments support its strategic goals.
The demonstrations provided for NIST, ISO/IEC 27001, SABSA and TOGAF illustrate how different
industry-standard design methodologies can be applied to create robust security architectures. Despite
their unique approaches, these methodologies share several similarities:
• Risk-based approach: All these methodologies emphasise the importance of identifying critical
assets, assessing risks, and prioritising security efforts based on the potential impact to the
organisation.
• Alignment with business objectives: Each methodology encourages organisations to align their
security architecture with their overall business goals, ensuring that cyber security investments
support strategic objectives and add value to the organisation.
• Implementation of security controls: All the methodologies involve the selection and
implementation of appropriate security controls to protect critical assets and mitigate identified risks.
These controls may include access controls, encryption, intrusion detection systems and incident
response plans.
• Continuous improvement: These methodologies promote continuous monitoring, assessment, and

improvement of the security architecture to ensure its effectiveness against evolving threats and
changing business needs.
Page | 101
• Structured approach: Each methodology provides a structured approach to security design, offering
a systematic way of developing and implementing security architectures that are adaptable and
resilient.
By understanding the similarities between these methodologies, organisations can more effectively
leverage their respective strengths and tailor them to their unique needs, resulting in comprehensive and
robust security architectures.
By integrating these major industry-standard design methodologies, organisations can

develop a comprehensive, adaptable, and resilient security architecture that effectively
addresses their unique security challenges and supports their overall business
objectives. The e-commerce company's example demonstrates how to leverage NIST,
TOGAF, SABSA, and ISO/IEC 27001 frameworks to create a robust and effective
security design. By following these methodologies and tailoring them to their specific
needs, organisations can ensure they have a strong foundation for protecting critical
assets and minimising potential risks.
Read more about Cybersecurity Framework | NIST
Read more about ISO/IEC 27001 certification standard
Read more about The SABSA Institute - Enterprise Security Architecture
Read more about The TOGAF® Standard | The Open Group Website
Watch this short video (1m 37s) about Prioritise: NIST CSF | Pluralsight
Watch this short video (0m 57s) about Risk Assessment: NIST CSF | Pluralsight
Watch this short video (4m 42s) about Risk Assessment: ISO 27001:2013 | Pluralsight
Watch this short video (2m 22s) about Internal Audits: ISO 27001:2013 | Pluralsight
Page | 102
3.2 Demonstrate security design addresses organisational cyber security

requirements
This content may help you with Assessment: Activity 2.1. and 2.2
Demonstrating that a security design addresses organisational cyber security requirements is an essential
aspect of any security program. It ensures that the security measures implemented meet the intended
goals and objectives and that the organisation is protected against potential cyber threats. In this section,
we will explore the importance of demonstrating security design addresses organisational cyber security
requirements, including content development and explanations, tips, and examples.
Demonstrating that a security design addresses organisational cyber security requirements requires a
comprehensive approach. The following key elements should be included:
• Security design documentation: A comprehensive security design documentation should be

developed to outline the intended security measures to be implemented. This should include an
overview of the security architecture, the threat model, security controls and incident response plan.
• Security risk assessment: A security risk assessment should be conducted to identify potential
threats and vulnerabilities to the organisation's assets. This will help ensure that the security
measures implemented are appropriate for the identified risks.
• Compliance and standards: Compliance with relevant regulatory requirements and industry
standards should be included in the security design documentation. This will help ensure that the
security measures implemented meet best practices.
• Testing and validation: The security design should be tested and validated to ensure that it
effectively addresses organisational cyber security requirements. This includes testing of security
controls, incident response procedures and other security measures.
For demonstrating security design requirements
When demonstrating that a security design addresses organisational cyber security requirements, the
following tips can help ensure the effectiveness and usefulness of the approach:
• Develop a comprehensive security design documentation: The security design documentation

should provide a comprehensive overview of the intended security measures to be implemented,
including the threat model, security controls and incident response plan.
• Conduct a security risk assessment: A security risk assessment should be conducted to identify
potential threats and vulnerabilities to the organisation's assets.
• Use industry standards and best practices: The security design should comply with relevant
regulatory requirements and industry standards to ensure that the security measures implemented
meet best practices.
Page | 103
• Regularly test and validate the security design: The security design should be regularly tested
and validated to ensure that it effectively addresses organisational cyber security requirements.
Demonstrating that a security design addresses organisational cyber security

requirements is a crucial aspect of any security program. By developing a
comprehensive security design documentation, conducting a security risk assessment,
complying with industry standards and regulations, and regularly testing and validating
the security design, organisations can ensure that their security measures effectively
address potential cyber threats. Through a comprehensive approach, organisations can
demonstrate their commitment to cyber security and protect their assets from potential
attacks.
Here are some examples of demonstrating security design addresses organisational cyber
security requirements:
❑ Security Design Documentation: A comprehensive security design documentation

should be developed, outlining the intended security measures to be implemented.
This should include the threat model, security controls and incident response plan.
❑ Security Risk Assessment Report: A security risk assessment report should be

developed, detailing the identified threats and vulnerabilities to the organisation's
assets.
❑ Compliance with Industry Standards and Regulations: The security design should
comply with relevant industry standards and regulations, including HIPAA, NIST, or
ISO.
❑ Regular Security Testing and Validation: Regular security testing and validation
should be conducted to ensure that the security design effectively addresses
organisational cyber security requirements.
3.2.1 Showing how the design aligns with the organisation's goals and objectives
When developing a design, it is essential to ensure that it aligns with the organisation's goals and
objectives. This ensures that the design is in line with the organisation's overall strategy and can help to
ensure its success. In this section, we will explore the importance of showing how the design aligns with
the organisation's goals and objectives.
Showing how the design aligns with the organisation's goals and objectives requires a comprehensive
approach. The following key elements should be included:
• Overview of goals and objectives: The design should include an overview of the organisation's
goals and objectives, providing a clear understanding of what the organisation hopes to achieve.
Page | 104
• Identification of design requirements: The design should include a clear identification of the
design requirements that will help achieve the organisation's goals and objectives.
• Justification of design decisions: The design should include a justification of the design decisions
made, outlining how they align with the organisation's goals and objectives.
• Metrics for evaluation: The design should include metrics for evaluating its success in achieving the
organisation's goals and objectives.
For showing design alignments
When showing how the design aligns with the organisation's goals and objectives, the following tips can
help ensure the effectiveness and usefulness of the approach:
• Clearly define the organisation's goals and objectives: The design should clearly define the
organisation's goals and objectives to ensure that the design is in line with the organisation's overall
strategy.
• Identify design requirements: The design should identify the design requirements that will help
achieve the organisation's goals and objectives.
• Justify design decisions: The design should provide a justification for the design decisions made,
outlining how they align with the organisation's goals and objectives.
• Develop metrics for evaluation: Metrics should be developed for evaluating the success of the
design in achieving the organisation's goals and objectives.
Showing how the design aligns with the organisation's goals and objectives is an
essential aspect of any design process. By including an overview of the organisation's
goals and objectives, identifying design requirements, justifying design decisions, and
developing metrics for evaluation, designers can ensure that their design is in line with
the organisation's overall strategy. Through a comprehensive approach, designers can
help to ensure the success of their design and contribute to the overall success of the
organisation.
Page | 105
Here are some examples of showing how the design aligns with the organisation's goals
and objectives:
❑ Design Overview: The design should include an overview of the organisation's

goals and objectives, providing a clear understanding of what the organisation
hopes to achieve.
❑ Design Requirements: The design should identify the design requirements that will
help achieve the organisation's goals and objectives, such as specific features or
functionality.
❑ Justification of Design Decisions: The design should provide a justification for the
design decisions made, outlining how they align with the organisation's goals and
objectives, such as how a particular feature will help the organisation achieve a
specific objective.
❑ Metrics for Evaluation: Metrics should be developed for evaluating the success of
the design in achieving the organisation's goals and objectives, such as measuring
user adoption rates or tracking the achievement of specific milestones.
Page | 106
3.3 Submit documentation and seek and respond to feedback
3.3.1 Presenting the final design to stakeholders

Presenting the final design to stakeholders is a critical aspect of the design process. Stakeholders play a
vital role in ensuring the success of the design and their feedback and input can help to ensure that the
design meets the intended goals and objectives. In this section, we will explore the importance of
presenting the final design to stakeholders, including content development and explanations, tips, and
examples.
Presenting the final design to stakeholders requires a comprehensive approach. The following key
• Overview of the design: The design should be presented to stakeholders in a clear and concise
manner, providing an overview of the design and its intended goals and objectives.
• Identification of stakeholders: The stakeholders who will be impacted by the design should be
identified and included in the presentation.
• Demonstration of the design: The design should be demonstrated to stakeholders, showcasing its
functionality and features.
• Feedback and input: Feedback and input from stakeholders should be gathered and incorporated
into the final design, where appropriate.
For presenting final design to stakeholders
When presenting the final design to stakeholders, the following tips can help ensure the effectiveness and
usefulness of the approach:
• Be clear and concise: The design should be presented in a clear and concise manner to ensure
that stakeholders understand its intended goals and objectives.
• Identify all relevant stakeholders: All stakeholders who will be impacted by the design should be
identified and included in the presentation.
• Demonstrate the design: The design should be demonstrated to stakeholders to showcase its
functionality and features.
• Gather feedback and input: Feedback and input from stakeholders should be gathered and
incorporated into the final design, where appropriate.
Page | 107
Presenting the final design to stakeholders is a crucial aspect of the design process. By
providing an overview of the design, identifying all relevant stakeholders, demonstrating
the design, and gathering feedback and input, designers can ensure that their design
meets the intended goals and objectives and is well-received by stakeholders. Through a
comprehensive approach, designers can help to ensure the success of their design and
contribute to the overall success of the organisation.
Read more about Security Design Document for ABC: Name Changed
Watch this short video (1m 29s) about Formatting a Business Document - YouTube
Here are some examples of presenting the final design to stakeholders:
❑ Software User Interface Design: A software user interface design can be presented
to stakeholders in a demo video, showcasing its functionality and features.
❑ Website Design: A website design can be presented to stakeholders through a

walkthrough of the site, highlighting its intended goals and objectives.
❑ Network Security Architecture Design: A network security architecture design can

be presented to stakeholders through a comprehensive overview of the design,
including a demonstration of the security measures implemented.
❑ Marketing Campaign Design: A marketing campaign design can be presented to

stakeholders through a presentation showcasing the intended goals and objectives
of the campaign.
3.3.2 Obtaining feedback and making necessary changes

Obtaining feedback and making necessary changes is a crucial aspect of any design process. Feedback
from stakeholders can help to ensure that the design meets the intended goals and objectives and is well-
received by those impacted by it. In this section, we will explore the importance of obtaining feedback and
making necessary changes, including content development and explanations, tips, and examples.
Page | 108
Obtaining feedback and making necessary changes requires a comprehensive approach. The following
key elements should be included:
• Gathering feedback: Feedback should be gathered from stakeholders, including end-users, team
members and others impacted by the design.
• Analysing feedback: The feedback should be analysed to identify common themes, areas of
concern and potential areas for improvement.
• Making necessary changes: Based on the feedback received, necessary changes should be made
to the design to ensure that it meets the intended goals and objectives.
• Testing and validation: Once changes have been made, the design should be tested and validated
to ensure that it effectively addresses feedback received.
For obtaining feedback and applying changes
When obtaining feedback and making necessary changes, the following tips can help ensure the
effectiveness and usefulness of the approach:
• Be open to feedback: Designers should be open to feedback from stakeholders and willing to make
necessary changes based on that feedback.
• Analyse feedback thoroughly: Feedback should be analysed thoroughly to identify common

themes, areas of concern and potential areas for improvement.
• Prioritise changes: Changes should be prioritised based on their potential impact on the system or
process.
• Regularly test and validate the design: The design should be regularly tested and validated to
ensure that it effectively addresses feedback received and continues to meet the intended goals and
objectives.
Obtaining feedback and making necessary changes is an essential aspect of any design
process. By gathering feedback, analysing it thoroughly, making necessary changes, and
regularly testing and validating the design, designers can ensure that their design meets
the intended goals and objectives and is well-received by those impacted by it. Through a
Page | 109
Here's how the company might implement VLANs:
❑ Here are some examples of obtaining feedback and making necessary changes:
❑ Software User Interface Design: Feedback on a software user interface design can
be obtained through user testing and necessary changes can be made based on
that feedback.
❑ Website Design: Feedback on a website design can be obtained through user

testing and analytics data and necessary changes can be made based on that
feedback.
❑ Network Security Architecture Design: Feedback on a network security architecture

design can be obtained through security audits and testing and necessary changes
can be made based on that feedback.
❑ Marketing Campaign Design: Feedback on a marketing campaign design can be

obtained through surveys or focus groups and necessary changes can be made
based on that feedback.
P a g e | 11 0
Final considerations for security architecture design

Designing a secure system or process is a critical aspect of any organisation's operations. Security
architecture design should be implemented to protect an organisation's critical assets and maintain its
operations. In this section, we will explore the final considerations for security architecture design, including
content development and explanations, tips, and examples.
Final considerations for security architecture design require a comprehensive approach. The following key
• Compliance: Compliance with relevant regulatory requirements and industry standards should be
considered during the design process.
• Threat intelligence: Threat intelligence should be considered to identify potential threats and
vulnerabilities and develop appropriate mitigation strategies.
• Documentation: Comprehensive documentation should be developed to ensure that the design is

well-documented and can be effectively maintained.
• Training and awareness: Training and awareness should be provided to stakeholders to ensure
that they understand the security measures in place and their role in maintaining security.
For considering security architecture design
When considering security architecture design, the following tips can help ensure the effectiveness and
usefulness of the approach:
• Stay up to date on regulatory requirements and industry standards: Compliance with relevant
regulatory requirements and industry standards should be regularly reviewed and maintained.
• Continuously monitor threat intelligence: Threat intelligence should be continuously monitored to

identify potential threats and vulnerabilities and develop appropriate mitigation strategies.
• Develop comprehensive documentation: Comprehensive documentation should be developed to

ensure that the design is well-documented and can be effectively maintained.
• Provide regular training and awareness: Regular training and awareness should be provided to
stakeholders to ensure that they understand the security measures in place and their role in
maintaining security.
P a g e | 111
Designing a secure system or process is critical to maintaining an organisation's

operations and protecting its critical assets. By considering compliance with relevant
regulatory requirements and industry standards, threat intelligence, comprehensive
documentation, and regular training and awareness, security architecture design can
effectively protect an organisation from potential threats and vulnerabilities. Through a
Here are some examples of final considerations for security architecture design:
❑ Network Security Architecture Design: A network security architecture design can

be designed to comply with relevant regulatory requirements and industry
standards, incorporate threat intelligence, have comprehensive documentation,
and provide regular training and awareness.
❑ Incident Response Plan: An incident response plan can be designed to comply with
relevant regulatory requirements and industry standards, incorporate threat
intelligence, have comprehensive documentation, and provide regular training and
awareness.
❑ Business Continuity Plan: A business continuity plan can be designed to comply

with relevant regulatory requirements and industry standards, incorporate threat
intelligence, have comprehensive documentation, and provide regular training and
awareness.

ICTCYS613 Ebook v1.0

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ICTCYS613 Ebook v1.0

Uploaded by

Copyright:

Available Formats

Page | 2

1 Prepare to Design Security Infrastructure ..................................................................................... 23

1.1 Analyse an organisation's operation and infrastructure ............................................................. 24

Case Study: Brewed Awakening ............................................................................................................. 69

2 Design Security Architecture .......................................................................................................... 73

2.1 Establish and document specific requirements and features ..................................................... 74

Case Study: Brewed Awakening ............................................................................................................. 95

3 Finalise Security Architecture ......................................................................................................... 98

Getting the most out of the resources for this unit

• Support your learning journey and

Throughout this eBook you will find:

• Learning content that includes:

o Reading material to develop your understanding of the topic.

Man-in-the-Middle A type of attack where an attacker intercepts communications between two

SABSA A security architecture framework that focuses on aligning security architecture

Threat Landscape The overall picture of potential threats to a system or network

What is this Unit of Competency about?

Throughout this unit, you will learn how to:

• Prepare to design security infrastructure.

• Design security architecture.

• Finalise security architecture.

Principles of cyber security

This content may help you with Assessment: Activity 1.1

There are several ways to ensure confidentiality, including:

• Secure communication channels: Confidential information should be transmitted over secure

There are several ways to ensure integrity, including:

There are several ways to ensure availability, including:

There are several ways to ensure authentication, including:

• Biometrics: Biometrics involves using physical or behavioural characteristics, such as fingerprints or

• Two-factor authentication: Two-factor authentication involves using two different methods of

There are several ways to ensure Authorisation, including:

• Attribute-based access control: Attribute-based access control (ABAC) is a method of

There are several ways to ensure non-repudiation, including:

There are several ways to implement Defence-in-depth, including:

There are several ways to implement least privilege, including:

There are several ways to implement continuous monitoring, including:

The principles of cyber security provide a framework for organisations to implement

Read more about Fundamental Security Concepts PDF (328KB)

Here’s some examples of principles of cyber security:

❑ Confidentiality: A healthcare provider has an obligation to protect patient records

❑ Availability: An e-commerce retailer uses redundancy to ensure that its website

❑ Authentication: A government agency uses two-factor authentication to ensure

Principles of security architecture

This content may help you with Assessment: Activity 1.1

There are several ways to implement separation of duties, including:

There are several ways to implement fail-safe defaults, including:

The principles of security architecture are critical in developing effective security

Here’s some examples of principles of security architecture:

❑ Defence-in-depth: An e-commerce retailer uses Defence-in-depth by

❑ Least Privilege: A financial institution uses least privilege by granting employees

❑ Separation of Duties: An accounting firm uses separation of duties by requiring

Different types of cyber security risks

This content may help you with Assessment: Activity 1.2

Malware, or malicious software, is a type of cyber

Social engineering is a type of cyber threat that

Phishing is a type of social engineering attack that uses

DDoS, or Distributed Denial of Service, attacks

Man-in-the-middle attacks are a type of cyber threat

Password attacks are a type of cyber threat where an

• To protect against malware, organisations can use antivirus software, firewalls

• To protect against social engineering, organisations can use employee education

• To protect against Man-in-the-middle attacks, organisations can use encryption, two-factor

Read more about Common cyber-attacks and threats | Cyber.gov.au