Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Security architecture

Security architecture

Skill Definition

Security architecture relates to the secure design of computer systems. It combines technical architecture and risk management, along with knowledge of how systems can be compromised to help design systems that (among other things) are sufficiently hard to compromise or disrupt while being sufficiently easy to monitor and maintain.

Awareness

  • Demonstrates knowledge of internal and external sources of published security architecture guidance, including secure design principles and patterns
  • Demonstrates broad-ranging Technical Security knowledge necessary to understand system architectures, including common server roles, cryptography, key management, security technologies, virtual private networks (VPNs), load balancers, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)

Working

  • Supports the design and/or review of common system architecture problems (e.g. typical website architectures or remote access solutions), using knowledge of common vulnerabilities, threats and methods of attack to identify recommended security controls, working under supervision
  • Has broad-ranging Technical Security knowledge necessary to understand system architectures that include common technologies (e.g. Windows and Linux servers, end user compute platforms, databases, common server roles, cryptography, security technologies, load balancers, cloud services)
  • Understands the application of security architecture in one or more domains – digital services, enterprise IT, operational technologies etc., as well as the other relevant inputs to architectural design in those domains (regulatory, government policy, standards etc.)

Practitioner

  • Has experience of reviewing system architectures to:
    • identify single points of vulnerability and common architectural flaws
    • identify security issues relating to configuration of components in an architecture
    • validate and explain how common attack methods are mitigated by the design identify areas where detailed technical analysis will be required to understand important nuances that could have significant security implications
  • Articulates security issues identified, proposes and prioritises appropriate mitigation options, taking into consideration other potential constraints (functional impact, cost etc.)
  • Contributes to the design of system architectures that solve common business problems, including specifying required security controls
  • Understands the context and has required domain knowledge to tailor advice to the specific need of the customer

Expert

  • Designs and reviews system architectures for a broad range of complex or uncommon requirements to identify security weaknesses and recommend mitigations
  • Designs (or significantly influences) the technical design of a system to enforce security properties that have been derived from first principles to meet a complex or uncommon set of requirements
  • Follows a methodical and repeatable approach to reviewing the security of a system architecture, and can describe that approach
  • Advises on security architecture implications of technological trends when applied to existing systems, such as migration to the cloud. Can explain how those technologies change the security approach required
  • Contributes to new and innovative security architecture guidance for others to re-use
  • May have one or more technology specialisms where they are regarded as an expert in how their specialism supports security architecture design (e.g. telecoms, power, microservice architectures, identity)

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now