I came across this good reference on attributes and suggested ways to measure them. Of course, the Blue Book (https://www.amazon.com/Enterprise-Security-Architecture-Business-Driven-Approach/dp/157820318X) has them as well.
If you don’t know about SABSA or attributes, you are seriously missing out on an incredible tool for solving problems and delivering measurably effective and stakeholder aligned architectures.
https://onlinelibrary.wiley.com/doi/pdf/10.1002/9780470476017.app1
I recently wrote about a definition and the key attributes of reference architectures. Interestingly, I read an email on July 6, 2021 by Andrew Townley (go to https://archistry.com to subscribe and receive daily updates) on the same topic. Below is an excerpt from the email. It lists other key attributes of a security architecture / reference architecture…enjoy and use it.
In short, a security architecture should not be a “documentation showpiece” like a Ferrari, but a workhorse like a Ford F150…The security architecture (and reference architectures in general)…
…gets dirty.
And…most importantly…
It gets used.
It doesn’t sit on some shelf, forgotten and covered in dust.
It doesn’t sit behind glass, on display for all to see how much work was done to create it.
It’s dog-eared, scribbled over and pasted to the walls above everyone’s desk.
Because that’s where they need it.
And they need it because it helps them make the decisions they need to make to do their job every day of keeping the organization safe and serving its customers.
Computer Security News, Advice and Research
In-depth security news and investigation
Robert Rost 