At the same time as there are multiple architecture frameworks, there are also a number of different security frameworks, standards, and regulations that, while not often containing architectural elements in and of themselves, are nevertheless important for the architect to understand. These include the following:
Formal standards that govern elements either of security for an entire program or organization or for specific elements of a larger program (for example, risk management, technical standards). Examples include:
- ISO/IEC 27001 (Information Security Program Management),
- KMIP for cryptographic key management,
- TLS/IPsec for transport layer security,
- the Payment Card Industry Data Security Standard, and numerous others.
Documents that, while not official standards, nevertheless provide guidance about how to implement and manage security within an organization. Examples include:
Governing legislation that contains elements applicable to information security. Examples include national laws" such as
- HIPAA in the United States,
- the Cyber Security Law of the People's Republic of China,
- and local or regional laws such as US state breach notification laws.
MIT License & cc license
This work is licensed under a Creative Commons Attribution 4.0 International License.
To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.