Close Open

Please Update Your Browser.

It is recommended that you update your browser to the latest version to view the website's full experience.

Dismiss

Center for EA

You are here

Edward Glantz

Improving Risk Identification in Security Architecture

Edward Glantz, Ph.D., CEA Faculty

Security architecture challenges the architect to reduce risk and thereby improve information confidentiality, integrity, and availability across current and planned business, database, application, and technology layers.  Guidance to architects to accomplish this comes from models and frameworks such as FAIR, COSO, COBIT, OCTAVE, NIST, ISO/IEC, ITIL, and so on.  Choosing and implementing an approach increases in importance with growth in the threat landscape from business trends in cloud computing, BYOD, and IoT, as well as external threat actors.  

The first part of this security architecture session compares a few of these models and frameworks, as well as presents common pitfalls to avoid that otherwise may lead to a false sense of security. 

The second part of this session provides an outline to improve risk identification.  It should not be overlooked that all security architecture methods are limited to controlling only those risks that have been identified.  As such, improving risk identification can greatly contribute to improved security.