Security Architecture
La security architecture définit des défenses en couches (network, application, data, IAM) et l'intégration de policies, standards, et technologies pour protéger les assets et supporter le risk management.
Une security architecture complète établit des practices de governance, risk management, et engineering pour protéger les information assets à travers les people, processes, et technology. Elle couvre la governance et la policy, les reference models, et un technical stack à travers plusieurs couches : governance/policy layer; network security; application security; data security; identity and access management; endpoint et cloud security; et supply chain security. Des architectures efficaces mappent les controls à des standards reconnus (e.g., NIST SP 800-53, ISO/IEC 27001, ISO/IEC 27002, NIST SP 800-160, CSA CCM; SABSA; TOGAF) et intègrent la security dans le software development lifecycle (secure SDLC) et le threat modeling (e.g., STRIDE, PASTA). Elles mettent l'accent sur une approche risk-based, le least privilege, et la defense-in-depth, avec une ownership claire, une mesure, et une amélioration continue à travers le monitoring (SIEM, EDR, IAM analytics) et les governance reviews. Les architecture artifacts incluent des reference diagrams, des policy mappings, des control catalogs, des data classification schemes, et un programme continu pour s'adapter aux menaces évolutives et aux exigences réglementaires. L'éducation et la sensibilisation, le supply chain risk management, et l'intégration de l'incident response complètent l'architecture, assurant l'alignement avec les business objectives et la posture réglementaire.
graph LR
Center["Security Architecture"]:::main
Rel_computer_architecture["computer-architecture"]:::related -.-> Center
click Rel_computer_architecture "/terms/computer-architecture"
Rel_security_automation["security-automation"]:::related -.-> Center
click Rel_security_automation "/terms/security-automation"
Rel_hardware_security["hardware-security"]:::related -.-> Center
click Rel_hardware_security "/terms/hardware-security"
classDef main fill:#7c3aed,stroke:#8b5cf6,stroke-width:2px,color:white,font-weight:bold,rx:5,ry:5;
classDef pre fill:#0f172a,stroke:#3b82f6,color:#94a3b8,rx:5,ry:5;
classDef child fill:#0f172a,stroke:#10b981,color:#94a3b8,rx:5,ry:5;
classDef related fill:#0f172a,stroke:#8b5cf6,stroke-dasharray: 5 5,color:#94a3b8,rx:5,ry:5;
linkStyle default stroke:#4b5563,stroke-width:2px;
🧒 Explique-moi comme si j'avais 5 ans
Generated ELI5 content
🤓 Expert Deep Dive
Generated expert content
❓ Questions fréquentes
What is the purpose of a security architecture?
To provide a risk-based blueprint for selecting and implementing security controls that protect critical assets while enabling business operations, governed by policy and continuous improvement.
What frameworks or standards guide security architecture?
Common references include NIST SP 800-53, ISO/IEC 27001/27002, NIST SP 800-160, SABSA, TOGAF, and threat modeling practices (STRIDE, MITRE ATT&CK).
What are typical layers or components?
Governance/policy, network security, application security, data security, identity and access management, endpoint/cloud security, and supply chain security.
How does security architecture relate to risk management?
It translates risk-based requirements into concrete controls, aligns with risk appetite, and enables measurable security outcomes.
What is Zero Trust in this context?
A model that requires verification and least-privilege access for every resource, irrespective of location or network perimeter.