The Role Of Security Professionals In The Architecture Design Process - Term Paper Example

The design and selection of a suitable security system are contingent on knowing something regarding all the components of the security system (Scammel, 2008). It is significant to note that the potential dangers that may come with the wrong architecture design include failure of the security system to holistically detect, delay, deter, and respond to security threats. In other words, involving the security professional early in the design process can reduce project variation and the likely effects of a lapse in the design architecture (Vellani, 2009).

Failure to involve the professionals can lead to many variations in the design process. It, therefore, means that the design architecture needs to be structured to holistically address the entire system component as well as to coordinate processes, people, and tools that should be integrated into the security system to secure an organization's resources or assets. However, to maximize these efforts, organizations need to understand the key components of security architecture, their diverse frameworks for designing and assessing an effective architecture, as well how to evaluate the effectiveness of the architecture (ISACA, 2009).

This calls for the intervention of security professionals. However, as some studies have revealed, organizations still lack a clear understanding of the roles of security professionals in the architecture design process (Coole & Brooks, 2014). On the other hand, when security professionals are not involved in the design process, several issues may happen. This may include overspending on unnecessary security devices, and the facility owner’s increased liability to lawsuits, and lastly, security components may not serve their objective as required (Vellani, 2009).

The study empirically explored the roles of security professionals in ensuring the effective links between the varied components of the architecture design to ensure detection, deterrence, delay, and response to security threats.

The study also explored the role of security professionals in ensuring standardisation and cost-effectiveness of the security system. Additionally, it examined the role of security professionals in ensuring compliance to the regulatory and legal, financial, benchmarking and good practices and risk management of the security system. 1.1 Background 1.1.1 The role of security professionals Sennewald (2012) explains that the role of security management professionals has grown since the 1990s following the expansion of the private sector across the globe, which necessitated the need for professional services.

The rise in demand for security professional services also heightened after the 9/11, in addition to the tendencies by firms to downsize, outsource, and adopt technology in the 2000s. While security consulting has grown, the roles of security professionals continue to remain unclear. On a different account, Scholl et al (2010) suggest that most organisations have perceived a security professional as an individual who only serves to recommend proper, cost-effective strategies to attain a wide range of security objectives, crime prevention, loss control, and investigative roles.

Obviously, a rewarding dimension of security professional is the opportunity to manage and control organisation’s security. As an independent operator, security professional has little to do with organisational activities and the follow-up implementation of recommended programs (Tsohou et al., 2015). A professional is essentially an agent of change tasked with advising and facilitating through research, collecting data, analysis of data, preparing data, and presenting recommendations and the design or a project (Bogers et al., 2008). Security professionals seek to ensure that threats and controls are in balance.

To ensure that, the professionals need to use a holistic approach to security that covers the whole organisation. 1.2.3 Attributes system architecture and the design process System architecture is essentially a design that integrates a structure and connects the components of a structure. The major attributes include the dependencies and relationships, benefits, form and drivers. According to Gibbs (2008), dependencies and relationships depict the link between the varied components within IT architecture, and how they relate.

Benefits include standardisation and cost-effectiveness. Form is another attributes. Security architecture is associated with IT architecture. The last attribute is the drivers. It is based on four factors: regulatory and legal, financial, benchmarking and good practices and risk management (ISACA, 2009; Gibbs, 2008). In the architecture design structure, the design security architecture takes a five-phase approach. In phase 1, security assessment is conducted to take consideration of the status of the current security architecture.

The objective is to determine the threats and vulnerabilities of system (Farah, 2004). In phase 2, target security architecture is created based on the findings in phase 1. Two type security architecture types can be created: logical architecture to organise physical architecture and physical architecture, which includes network diagrams of architecture relating to security architecture such as mail gateways and firewalls. In phase 3, policies and procedures are formulated that define all information security architecture as well as what needs to be protected.

In phase 4, target security architecture design is implemented. In Phase 5, security practices needed for maintenance of the architecture to ensure secure environment are formed and the cycle goes on back to phase 1 (Farah, 2004). 1.2.4 Integrating system approach to architecture design System resources, information, software, computer system services, and network connectivity are vital company assets that need protection from security threats. Relying on these processes by an enterprise rises with their expansion (Walek & Masar, 2013).