To understand ‘Security Architecture’ we must first make sure that you fully understand the meaning of security. Security is used to protect assets with a value. If assets are in some way damaged or destroyed, then you will experience a business impact. The potential event by which you can suffer the damage or destruction is a threat, to prevent threats from crystallizing into a loss event that has a business impact, you use a protection or mitigation, measure to keep the threats away from your assets. The process of identifying business assets, recognizing the threats, assessing the level of business impact that would be suffered if the threats were to materialize and analyzing the vulnerabilities, is known as a risk assessment and a risk assessment is not a one of exercise. Risk assessment and risk mitigation jointly comprise what is often called operational risk management.