*Work in progress*
\nThis page is a curated list of resources I have found useful as a security architect. I will be adding items to the list from time to time, so check back when you remember. There are more than enough “security lists” in the wild, but not many have a focus on security architecture.<\/p>\n
I consider these resources to be recommended for anyone interested in security architecture.<\/p>\n
Frameworks<\/strong> SABSA white paper<\/a>, SABSA Foundation Books<\/strong> Certification<\/strong> Reference patterns\/designs<\/strong> Web resources<\/strong> *Work in progress* This page is a curated list of resources I have found useful as a security architect. I will be adding items to the list from time to time, so check back when you remember. There are more than enough “security lists” in the wild, but not many have a focus on security … <\/p>\n
\nFrameworks are great as a guideline, and some clients may insist you follow a particular framework. I find that having knowledge of a few complimentary frameworks provides the most well-rounded professional. Security oriented frameworks tend to be elusive, but they are out there. In order to fit in with the rest of the organisation, it is best to also be familiar with enterprise architecture frameworks.<\/p>\n
\nTOGAF<\/a>, The Open Group
\nO-ESA<\/a>, The Open Group
\nVisual architecting<\/a>, Dana Bredemeyer and Ruth Malan<\/a>. Bredemeyer consulting. Additional resource: Trace in the sand<\/a>
\nBSIMM<\/a>, Building Security In<\/p>\n
\n[security engineering, design, coding<\/em>]
\nSecure by design<\/a> by\u00a0Dan Bergh Johnsson, Daniel Deogun, Daniel Sawano. Manning publications, 2017.
\n[security engineering<\/em>]
\nSecurity engineering<\/a>\u00a0by Ross Anderson. Wiley, 2008.
\n[software engineering<\/em>]
\nThe Phoenix Project<\/a>\u00a0by Gene Kim, Kevin Behr, George Spafford.
\n[enterprise architecture<\/em>]
\nEnterprise architecture as strategy<\/a>\u00a0by Jeanne Ross, Peter Weill, David Robertson. Harvard Business School Press, 2006.
\nDreaming in code<\/a> by Scott Rosenberg. Crown, 2007.
\n[Cybersecurity risk<\/em>]
\nHow to measure anything in Cybersecurity Risk<\/a> by Douglas W. Hubbard and Richard Seiersen. Wiley, 2016.<\/p>\n
\nSABSA<\/a>
\nITIL<\/a>
\nCCSK<\/a><\/p>\n
\nOpen Security Architecture patterns<\/a>
\nThe Architecture of Open Source Applications<\/a><\/p>\n
\nSaaS CTO checklist<\/a>
\nThe Security Checklist: For developers<\/a>
\nCloud-Standards.org<\/a>
\nThe Cutter Consortium<\/a>
\nCAPEC: Common Attack Pattern Enumeration and Classification<\/a>
\nMicrosoft Security Development Lifecycle<\/a>
\nOWASP Development Guide Project<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"