Simple Security Architecture (SimpSPA)

Lots of organization’s accept that security should be an important project activity, but the truth is, that a lot of security experts get a bit lost in the fuzzy front end of projects.

Security is not a "thing" in itself; it is an attribute or characteristic of a thing. In the project "fuzzy front end", where there are few definites, it can often be difficult to make progress with security analysis of an ill defined widget that the project is trying to create. Getting the Security Engineer involved too early can cause project constipation, as they start adding red lines to pages that lock down design possibilities.

In early stages of the project it is important to be able to pick out the major costly controls and start to blend them into the design of the system. It is also important to retain flexibility to support the growth of definition of what the thing is it is supposed be.

The SimpSA approach supports this by leading the Security engineer/architect/designer to obtain a list of controls from standards and guidance. This supports an initial "quick and dirty" analysis to provide a framework in the early stages of the project.

For more details, download the white paper: