Security Architecture and design
At the end of your textbook on page 385, the author mentions several “encouraging security architecture developments”:
The Open Group has created an Enterprise Security Architect certification. One of their first certified architects has subsequently created a few enterprise security reference architectures.
The SANS Institute hosted three “What Works in Security Architecture” Summits.
The IEEE initiated a Center for Secure Design. The Center published a “Top 10 Design Flaws” booklet.
Adam Shostack published Threat Modeling: Designing for Security, and renown threat modeler, John Steven, has told me that he’s working on his threat modeling book.
Anurag Agrawal of MyAppSecurity has been capturing well-known attack surfaces and their technical mitigations within his commercial threat modeling tool, “Threat Modeler.”
Choose 2 or 3 three items from the list above and provide an update to their development status. Make sure you provide some background on your selection and then provide the update of the development. Answer the questions with an APA-formatted paper (Title page, body and references only). Your response should have a minimum of 600 words. Count the words only in the body of your response, not the references. A table of contents and abstract are not required. A minimum of two references are required. One reference for the book is acceptable but multiple references are allowed. There should be multiple citations within the body of the paper. Note that an in-text citation includes author’s name, year of publication and the page number where the paraphrased material is located.