Security Architecture
La security architecture define defensas en capas (network, application, data, IAM) y la integración de policies, standards, y technologies para proteger assets y soportar risk management.
Una comprehensive security architecture establece governance, risk management, y engineering practices para proteger information assets a través de people, processes, y technology. Abarca governance y policy, reference models, y un technical stack a través de múltiples capas: governance/policy layer; network security; application security; data security; identity and access management; endpoint y cloud security; y supply chain security. Arquitecturas efectivas mapean controls a recognized standards (e.g., NIST SP 800-53, ISO/IEC 27001, ISO/IEC 27002, NIST SP 800-160, CSA CCM; SABSA; TOGAF) e integran security en el software development lifecycle (secure SDLC) y threat modeling (e.g., STRIDE, PASTA). Enfatizan un risk-based approach, least privilege, y defense-in-depth, con clear ownership, measurement, y continuous improvement a través de monitoring (SIEM, EDR, IAM analytics) y governance reviews. Architecture artifacts incluyen reference diagrams, policy mappings, control catalogs, data classification schemes, y un ongoing program para adaptar a evolving threats y regulatory requirements. Education y awareness, supply chain risk management, e incident response integration completan la architecture, asegurando alignment con business objectives y regulatory posture.
graph LR
Center["Security Architecture"]:::main
Rel_computer_architecture["computer-architecture"]:::related -.-> Center
click Rel_computer_architecture "/terms/computer-architecture"
Rel_security_automation["security-automation"]:::related -.-> Center
click Rel_security_automation "/terms/security-automation"
Rel_hardware_security["hardware-security"]:::related -.-> Center
click Rel_hardware_security "/terms/hardware-security"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explícalo como si tuviera 5 años
Generated ELI5 content
🤓 Expert Deep Dive
Generated expert content
❓ Preguntas frecuentes
What is the purpose of a security architecture?
To provide a risk-based blueprint for selecting and implementing security controls that protect critical assets while enabling business operations, governed by policy and continuous improvement.
What frameworks or standards guide security architecture?
Common references include NIST SP 800-53, ISO/IEC 27001/27002, NIST SP 800-160, SABSA, TOGAF, and threat modeling practices (STRIDE, MITRE ATT&CK).
What are typical layers or components?
Governance/policy, network security, application security, data security, identity and access management, endpoint/cloud security, and supply chain security.
How does security architecture relate to risk management?
It translates risk-based requirements into concrete controls, aligns with risk appetite, and enables measurable security outcomes.
What is Zero Trust in this context?
A model that requires verification and least-privilege access for every resource, irrespective of location or network perimeter.