Identification, quantification, and broaches the matter of security risks
Secure Architecture ReviewRequest a brochure
Secure Architecture Review focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology management looks at the security of supporting technologies used during development,deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling.
The Architectural Secure Design activity allows identification, quantification, and broaches the matter of security risks associated with the new architectural solutions designed.
The Architectural Secure Design process is developed in 3 phases:
- Decomposition of the Architecture
The goal of this phase is to get a detailed picture of the architecture and understand the interaction with the set of assets. The objective is achieved through the search for information, documentation and meetings.
- Identification and Classification of Threats
It is important in threat identification to use a threat categorization methodology. The goal of threat categorization is to help identify threats from both an attack and a defense perspective.Threats can be classified according to the risk factor. By determining the risk factor through the various threat identifiers, it is possible to create a list of threats enumerated and ordered according to the level of risk in order to define a risk mitigation strategy, and decide which threats must be mitigated first. Different risk factors can be used to determine the High, Medium, or Low level.
- Identification of security requirements
The goal of identifying countermeasures is to determine whether or not there are any type of protective measures (for example security checks, policies) that can prevent any threat previously identified through the analysis. Vulnerabilities are therefore those threats that have no countermeasures whatsoever.