Conceptual Security Architecture

The Architect's View

An architect is a visionary who creates the concept of how the system will be built, and sets the design rules.

The Conceptual layer of the security architecture model I selected is also known as the architect’s view. The architect is a visionary according to Sherwood, Clark, and Lynas. They provide impressionistic drawings and high-level descriptions. (Sherwood, Clark, & Lynas, 2005) The Conceptual architecture is about being able to design the forest rather than the trees. Learn to stand back from the trees and being able to see the forest. (Sherwood, Clark, & Lynas, 2005) Van Gogh’s impressionist paintings illustrate the concept. One has to stand at a distance to appreciate the painting in its totality. It is at a distance that the architect envisions the final work of art. Looking at the painting up close, one can easily miss what the artist is trying to convey. Looking at the painting up close, there’s fuzziness and confusion as to what the image is. Looking at the painting from a distance, one can see the picture. It is this gift that the architect at the conceptual layer that needs to have a vision of what it is, how it looks like, the overall shape and size, mix of color, texture, mood, atmosphere, what’s going on in the foreground, middle ground, and background.

Image Source:

https://upload.wikimedia.org/wikipedia/commons/thumb/3/31/Van_Gogh_-_Ebene_bei_Auvers_mit_Regenwolken.jpeg/960px-Van_Gogh_-_Ebene_bei_Auvers_mit_Regenwolken.jpeg

Once again one needs to ask the six key questions for the vertical analysis.

What? - The Business Attributes. What do you want to protect, expressed in the SABSA Model in terms of a SABSA Business Attributes Profile?

Image Source: sabsa.org

Why? - Control Objectives - the motivation for security. Why the protection is important, in terms of control objectives?

How? How you want to achieve the protection, in terms of high-level technical and management security strategies?

Who? Who is involved in security management, in terms of entity relationship models, and the trust framework within which

entities interact with one another?

Where? Where you want to achieve the protection conceptualized in terms of security domains?

When? When is the protection relevant, in terms of both points in time and periods of time? (Sherwood, Clark, & Lynas, 2005)

Source:

Sherwood, J., Clark, A., & Lynas, D. (2005). The Architect's View, Conceptual Thinking. In J. Sherwood, A. Clark, & D. Lynas,

Enterprise Security Architecture (pp. 37, 218). San Francisco: CMP Books.