Monitor the Cybersecurity Architecture
After completing this unit, you’ll be able to:
- Describe how to test systems for vulnerabilities.
- Explain the importance of security assessments.
Detect Risks with Vulnerability Assessments
So you’ve successfully planned and established your technology solution across the enterprise, and now there is a robust cybersecurity architecture in place. Our work here is done, right?
Not so fast. Just like a bodybuilder continues to monitor their calories, macros, weight, and muscle growth even after they reach a fitness goal, a cybersecurity architect plays an important role in the upkeep of the cyber health of IT systems. As a cybersecurity architect, you continue to monitor the security state of the IT environment throughout the system lifecycle to continue to make necessary improvements.
One of the key tools cybersecurity architects use to monitor the security of the IT environment is vulnerability testing. Vulnerability testing involves running scans to check for common vulnerabilities that can allow an attacker to inappropriately access the network. When you discover a vulnerability, you notify both the business unit it impacts and the technical staff, so that they can assess and prioritize the vulnerability and quickly work to patch it or put a longer term remediation plan in place.
You may also work closely with a penetration testing team to look at vulnerabilities from an attacker’s perspective. This team may be internal to the organization or hired on as a third-party service. The team identifies a particular system to assess and tries to exploit vulnerabilities in that system and its surrounding personnel, procedures, or processes the same way that an attacker would. They not only validate threat models, as discussed in Unit 1, but they also try to find weaknesses in them. You may support the team by providing information about the system architecture or by working with the business unit that owns the system to implement any recommended remediations stemming from the engagement. With both vulnerability assessments and penetration tests, the goal is to help the organization identify vulnerabilities in the IT environment before a compromise can take place.
Using System Security Assessments
Part of your role as a cybersecurity architect is giving a snapshot of security performance to decision makers in an organization to help monitor key risk indicators. A tool for this is conducting system security assessments.
Instead of looking narrowly at penetration tests or vulnerability assessments, security assessments have a broader scope. They look at many controls across multiple domains and may include assessing policies and procedures, change management, and other architectural considerations. The assessment is usually performed with the full cooperation of the business unit being assessed so that you are able to fully understand all of the necessary details regarding the network, system, and controls. During these assessments, you collect, analyze, and summarize security data and trends to determine the security of systems and any residual risk. One framework used for these assessments is the Application Security Verification Standards (ASVS).
When the assessment is complete, you prepare a report that contains the results, including a summary of the risks associated with any weaknesses identified during the assessment. You then communicate this cyber risk information to business leaders so that they can make good business decisions. You also work with system owners to plan how to remediate any findings that result from an assessment, as well as any findings from internal or third-party audits and regulatory exams. You continue to perform these assessments on a periodic basis and in response to any major events such as an incident or a regulatory audit. Much like vulnerability assessments and penetration tests, the purpose of the security assessment is to prevent defects and vulnerabilities from being exploited by an attacker.
Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, select the appropriate word from the options provided in the drop-down within the paragraph. When you finish selecting all the words, click Submit to check your work. If you’d like to start over, click Restart.
- External Link: National Institute for Standards and Technology (NIST): Developing Cyber Resilient Systems: A Systems Security Engineering Approach
- External Link: Center for Internet Security (CIS): How to Build a Cybersecurity Compliance Plan
- External Link: SANS: Continuous Monitoring and Security Operations