Architecture Assessment

Model | Verification | Architecture Assessment

The Architecture Assessment (AA) practice focuses on validating the effectiveness of security mechanisms within application and infrastructure architectures on the one hand, and verifying that the architecture is aligned with security requirements and best practices and addresses known compliance requirements on the other hand.

In its more advanced form, it formalizes the security architecture review process, and continuously evaluates the effectiveness of the architecture’s security controls and verifies their strategic alignment. Possible improvements are identified and fed back to the Security Architecture practice.

Maturity levelStream A
Architecture Validation
Stream B
Architecture Compliance
1Review the architecture to ensure baseline mitigations are in place for known risks.Identify application and infrastructure architecture componentsAd-hoc review of the architecture against compliance requirements
2Review the complete provision of security mechanisms in the architecture.Validate the architecture security mechanismsAnalyze the architecture against known security requirements and best practices
3Review the architecture effectiveness and feedback results to improve the security architecture.Review of the architecture components effectivenessFeed the architecture review results back into the enterprise architecture, organisation design principles & patterns, security solutions and reference architectures.