ABSTRACT
Security architecture practices may iterate as a part of the architecture and design work. Therefore, security architecture may actually deal with all principles. Indeed, a security architect can provide an enterprise architecture with a cohesive set of security capabilities. The capabilities thus specified support the mission of the enterprise and its various functions with sufficient protections and controls to bring the enterprise architecture to the organization’s desired security posture. Attacks are the mental currency that glues other, also required knowledge domains together into the whole known as security architecture. For instance, in order to protect data in storage, one must have a working knowledge of how file systems work, where the file driver comes into play as a part of an operating system, and at least a glancing understanding of how the bits actually get written into storage. Beyond writing and debugging code, for the security architect, a firm grasp of software architectures and software design is essential.
