ACSC publishes defensible architecture advice

The Australian Cyber Security Centre has released, in collaboration with international partners, a new publication series on modern defensible architecture, providing advice to organisations on a clear pathway to begin investment and implementation.

The ACSC says organisations can take practical and proactive steps in the design and build of their IT environments to significantly minimise the risk of harm to their most critical systems. Adopting a modern defensible architecture approach will help organisations to prepare for and plan to adopt technologies based on:

• traceability of architectural designs to business objectives;
• zero trust principles of ‘never trust, always verify’, ‘assume breach’ and ‘verify explicitly’, implemented through zero trust architecture; and
• secure-by-design practices that institute a security mindset within organisations when it comes to procuring or developing software products and services.
   

The publication series includes three parts.

1. Foundations for modern defensible architecture

The Foundations are written for technical security and enterprise architects who are responsible for designing and building IT environments. Initially released in February for consultation, the Foundations have been updated to provide additional clarity, technical detail and threat context. The Foundations represent organisational goals or capabilities that will facilitate a more efficient adoption of zero trust technologies and architecture.

2. Modern defensible architecture for senior decision-makers

This publication helps senior decision-makers understand the contemporary threat landscape and how modern defensible architecture can help organisations defend against current and emerging threats.

3. Investing in modern defensible architecture

This publication supports organisations to develop a modern defensible architecture investment roadmap based on their organisational strategy, business and security objectives, risk profile and threat context.

ASD acknowledges that designing and implementing architectural improvements to an information environment takes significant time, resources and investment.

While difficult, investing in and implementing modern defensible architecture delivers significant benefits to organisations. Modern defensible architecture builds resiliency, supports continuous delivery of business services, empowers users to work securely, and provides visibility of organisational compliance with security policies.

Click here to learn more about investing in modern defensible architecture.

Image credit: iStock.com/alexsl