Architecture Planning (Hardware/Software) - performance and security
Security architecture must be designed to sustain security attacks without sacrificing performance degradation. The system architecture must balance between system performance and security as we operate the infrastructure to support the mission. Security architecture is designed with a defense in depth concept that builds multiple layers of security measures. Security architecture, and which controls to select to put in place should be risk-based and driven by business needs, expressed in policy. Defense in depth is the practice of layering defenses to improve an organization’s security posture. Examples of security layers include:
Perimeter (Network Layer): Boundary routers, VPN, Firewalls, Proxy Servers, Network IDS/IPS, RADIUS, NAC, IPSEC, Gateway Anti-Virus, Spam Filter.
Software (Application Layer): Web server Security, Application Proxy, Input Validation, Database Security, Content Filtering, Data Encryption, Identity Management.
Personnel (User Layer): Authentication & Authorization, PKI, RBAC Training, Multi-Factor Authentication, Biometric, Security Clearance, Periodic Security Training
Host (Platform Layer): Host IDS/IPS, Anti-Virus, Anti-Spyware, Patch Management, Server Certificate
Physical Security: Locks, Biometrics, PIV/CAC credential/ID badges, CCTV, BC/DR/COOP, Security Guards, RFID, and Fences.