Comprehensive Security Architecture Review

Date:

2024

The Comprehensive Security Architecture Review (CSAR) standard provides a structured, holistic approach to evaluating and enhancing an organization's security posture, encompassing strategic alignment, cloud security, secure design principles, and regulatory compliance. Through its six-phase methodology—Discovery, Collect, Analyze, Remediate, Operate and Maintain, and Oversee and Govern—CSAR enables security architects to systematically assess, improve, and maintain robust security architectures that adapt to evolving threats while aligning with business objectives.

​

Document Management: ISAU-STD-409-v1.2024-CSAR

Enterprise Segmentation Strategy

Date:

2024

Enterprise segmentation emerges as a potent strategy to fortify defenses and safeguard critical assets. This holistic approach involves meticulously segmenting an organization's network, cloud, and IT infrastructure into isolated zones, each governed by granular access controls and tailored security policies. By adopting a comprehensive enterprise segmentation strategy, organizations can enhance their security posture, limit the potential impact of cyber threats, and ensure regulatory compliance – all while aligning with unique business requirements and risk appetites. This comprehensive guide delves into the intricate implementation phases, from conducting thorough infrastructure assessments and identifying critical assets to designing and deploying segmentation controls across network, cloud, and identity and access management solutions.

​

Document Management: ISAU-SG-201-v1.2024-ESS

Cloud Security Architecture (HLA)

Date:

2024

The HLA standard outlined in this document provides a consistent and standardized approach that aligns with industry frameworks, methodologies, and principles, enabling organizations to effectively mitigate risks and protect their critical assets in cloud environments. It serves as a blueprint for developing DLAs that address the unique requirements, configurations, and security controls specific to the chosen cloud solution(s) and deployment models.

​

Task Group: ISAU-TG33-2025

API Security Standard

Date:

2024

As organizations increasingly rely on APIs to facilitate seamless communication and data exchange between disparate systems and applications, the need to secure these interfaces against evolving cyber threats and vulnerabilities becomes paramount. This technical standard aims to provide comprehensive guidance and best practices for implementing robust API security measures within DevOps environments.

​

Document: ISAU-STD-405-v1.2024-API

Security Artifacts Management (SAM)

Date:

2024

Security architecture is critical to delivering architecture artifacts that safeguard digital assets, infrastructure, and data against various threats in today's interconnected world. As technology evolves and threats become increasingly sophisticated, the need for comprehensive security architecture has never been more pronounced. Security architecture designers are tasked with developing, delivering, and maintaining architecture artifacts to ensure the effectiveness of security measures across various systems and networks.

​

Document: ISAU-STD-406-v1.2024-SAM

Enterprise Security Architecture Body of Knowledge (ESABOK)

Date:

2024

The primary objective of this principle is to empower security architects to systematically identify and fortify the weakest links within the organizational architecture, including infrastructure and network components. The focus is on developing a comprehensive understanding of potential vulnerabilities and points of exploitation that could compromise the security posture of the organization.

​

Task Group: ISAU-TG14- 2023

Proactive Weakest Link Discovery-RP-203

Date:

2024

The primary objective of this principle is to empower security architects to systematically identify and fortify the weakest links within the organizational architecture, including infrastructure and network components. The focus is on developing a comprehensive understanding of potential vulnerabilities and points of exploitation that could compromise the security posture of the organization.

​

Task Group: ISAU-TG14- 2023

Threat Intelligence Preparation-RP-212

Date:

2024

Security architects must possess an intimate understanding of potential adversaries, and technical exigencies underscore the significance of this knowledge in navigating the broader threat landscape. Technical acumen regarding potential attackers' motives, tactics, and techniques is indispensable for preemptively addressing vulnerabilities. This proactive and technically informed approach fortifies the organization's resilience and ensures that security strategies are intricately adaptive to the ever-shifting contours of cyber threats.

​

Task Group: ISAU-TG14- 2023

Data Flow Security Standard

Date:

2024

Interconnected digital landscape, organizations must have a comprehensive understanding of how sensitive data moves within and across their systems, applications, and cloud environments. By implementing a structured approach to data flow mapping, access control, encryption, and real-time monitoring, enterprises can gain the necessary visibility and control to protect their most valuable information assets.

​

Document: ISAU-STD-404-v1.2024-DFS

Minimize Your Attack Surface-RP-215

Date:

2024

Understanding the attack surface in this context involves a meticulous examination of potential entry points, vulnerabilities, and avenues for exploitation that may be accessible from the internet. By scrutinizing the attack surface of these assets, organizations can identify and prioritize security measures to fortify against external threats. This encompasses securing exposed ports, validating user inputs, implementing robust access controls, and regularly assessing for vulnerabilities.

​

Task Group: ISAU-TG14- 2023

Know Your Architecture-RP-216

Date:

2024

Technical architecture encompasses infrastructure, networks, and associated components and systems.  This recommended principle (RP) establishes the base requirements of architecture security for organizations that design, operate, implement, and support architecture for use in on-premises, cloud, and or hybrid. This RP provides security practitioners with an enhanced framework to reveal and manage risk, promote a learning environment, and continually improve architecture security and integrity by using this principle.

​

Task Group: ISAU-TG14- 2023

Structured Layered Defense-RP-208

Date:

2024

Prioritizing the imperative to ‘Structured Layered Defenses aka Defense in Depth’, this approach centers on identifying segments within an organization's architecture, particularly its infrastructure, and network. Due to potential Internet security risks occurring at various levels, you need to set up security measures that provide multiple layers of defense against these risks.  This RP provides security practitioners with an enhanced framework to reveal and manage risk, promote a learning environment, and continually improve architecture security and integrity by using this principle.

​

Task Group: ISAU-TG14- 2023

Security Tool Lifecycle Template

Date:

2024

Security Tool Lifecycle, this term encompasses the entire life cycle of a security tool, including its purpose, configuration, calibration standards, and maintenance history. It reflects the proactive and continuous nature of documenting key aspects of security tools, serving as a valuable resource for audits and troubleshooting throughout their operational life.

The Defense in Depth Principle (Revision required)

Date:

2023

How Network and Cloud Use Defense in Depth:

Network and cloud use Defense in Depth by implementing multiple safeguard layers to help prevent security breaches.

​

Task Group: ISAU-TG14- 2023