from craft to engineering

Security Architecture implies plurality.

In our recent Operativ InfoSec course, my eminent colleague Sebastian Åkerman talked about nomenclature and a systemic approach with a toolbox of Security Mechanisms. If an organisation can agree on terminology, it can describe existing capabilities (as well as desired ones) with bidirectional traceability between business need and component.

When InfoSec deals with building systems one at a time, architecture can help security work mature from craft to engineering.