Security Architecture

QinetiQ believe that an architectural approach is essential for an organisation that is serious about protecting its information assets.

A security architecture will form the core of a corporate strategy for information assurance. It will help an organisation to migrate from a purely reactive, ‘fire-fighting’ model of traditional ‘patch and mend’ security management, to a more forward-thinking approach. An architecture-based process gives clear direction for planned upgrades, while informing and prioritising responses to the inevitable security alerts.

Modern businesses are supported by multiple interconnected systems. Any one of these systems might be a ‘weak link’ in the organisation’s overall defences. Without a clear architectural view, it is difficult to know where such weaknesses lie, let alone make good the deficiency in a cost effective manner. Similarly, it is difficult to build a coherent business case to justify the costs of security mechanisms.

The primary objective of a security architecture is to ensure that the security provisions of diverse systems work together to meet corporate protection needs, while enabling business processes to operate effectively. It must therefore reflect the information exchange and processing needs of the business alongside the protection needs.

A useful security architecture must be clearly derived from corporate protection policy, couched in terms of board level objectives. At the same time, it must key in to the mechanisms and procedures which deliver the defences and incur the costs that the board must approve.

QinetiQ’s Domain Based Security (DBSy®) is designed to fulfil these criteria. It provides the essential link between board level concerns and technical solutions.