Security Architecture
-
Does anyone use Axio for their NIST CSF assessments?
I’m wondering about your experience with it. Good, bad and ugly.
-
Is anyone else excited for NIST CSF v2?
Basically the title. I’m excited and grateful to everyone that contributed to this new iteration. Can’t wait to see the results. What do you think?
-
Are we stuck in the stoneage?
As I work to get templates created (documents, models, visuals, etc) through Word, Excel, Visio and Sharepoint, I’m thinking to myself “Why can’t we have something a bit more modern to do our daily work?”
Technology has advanced so much but it seems like architecture is ages behind with no clear path to modernize from word documents, spreadsheets, Visio and manual data analysis. I understand that it could be worse (physical paper) but I’m wondering why are we continuing to work this way? Is there something better out there? Some web application to do form like data capture, models, reports, data mining, etc.?
-
Threat Modeling
Is anyone using threat modeling as a means of continuous architecture? Meaning, you have a threat mode for the entire organization and you periodically review it to ensure your current architecture is capable of handling emerging and changing threats.
-
Happy 4th of July!
I hope everyone has an amazing 4th of July celebration and that everyone keeps their 10 fingers intact!
-
How are you visualizing your company’s security maturity?
At the moment, my team and I are assessing our current security posture by doing a HITRUST self-assessment. At the end of it, we are producing a written “enhancement roadmap”, but I would also like to build some type of comprehensive visual of our current state based on the data that we captured during the self-assessment. I’m curious to hear if any of you have ever done something similar and if you have, what format did you use?
-
Looking to document architecture decisions?
I've been trying to push myself and my team members to document the outcome of decisions we make and the analysis/research performed to reach said decision. We are often asked questions like "Did you think about doing ... instead of ....?" or "Did you account for ....?". Most of the time, they are valid questions, and more often than not the concern was evaluated but we have no way to prove it or to ensure that we indeed account for what we are being asked for.
I spent a lot of time trying to come out with a comprehensive template to codify architectural decision and had to scrap a lot of ideas, then I found a fantastic resource publicly available! So I thought this would be a fantastic resource for other architects that may be looking/struggling to do this.
Architecture Decision Record by joelparkerhenderson
I hope it is as useful to you as it was for me!