Two professions are deeply involved in the development of an organization’s self-defence:
- Security Architects: are in charge of creating a comprehensive vision of security within a company, defining a defense-in-depth strategy and ensuring technical consistency in the security of products, services and the company itself.
- System Designers: are in charge of designing and implementing security functions of the products and services offered by a company and of detailing security implementation, configuration and test plans.
According to us, these jobs are currently at the forefront of cybersecurity and of business projects and we believe that organizations that rely on a “Security by design” approach based on A&SD principles and Risk analysis methods are those who excel the most.
The arrival of new, more formal risk analysis methods such as EBIOS RM, the understanding of cyber-attacks mechanics as formalised in MITRE ATT&CK and the variety of research projects on modeling of security in systems engineering, show an improved understanding of the Architecture and System Design domain as well as its increasing maturity.
We can see the first effects of this increasing maturity as CIOs put these professions at the center of their priorities and strategic business decisions. It is after all, the deployment of adequate technical solutions to protect against malicious acts that keep their companies out of the news.