March 22, 2017

What is Security Architecture?

BY :     March 22, 2017

In a recent client meeting when we started discussing ‘Security Architecture’, I came across interesting views of what Security Architecture actually is. As a result of that discussion, I created a set of slides that describes how Security Architecture works. Of course, there are many ways to design Security Architecture but a common consensus of the how you view the topic is quite important to define.

security architecture

As you see in the above picture I use IAF (Integrated Architecture Framework) as a model to build my architecture. IAF is part of TOGAF since TOGAF 9. An architecture consists of four large parts: Business, Information, Information System and Technical Infrastructure. Security architecture is not a specific architecture within this framework. In some cases, you model an IAM-system and call it a security architecture but that is not correct. That´s a Technical Infrastructure architecture of a security system. A security architecture is actually something completely but it ends up in changing the current architecture you have to make sure that its secure. The red dots show examples where an architecture could be changed to make it secure.

So basically, ‘Security Architecture’ is the process of making an architecture more secure.

Jesper Kråkhede


Jesper Kråkhede has had a long and diverse career within as disparate areas as social worker and security architect. From 1995 till 1998 he worked as a social worker/IT-responsible but decided to quit the same day a client tried to stab him with a screwdriver. After attending different courses he started as an infrastructure consultant at MercatoR 1998 where he started looking more deeply into the field of security. 2001 he moved on to G2 Solutions for a year where the focus area was secure coding. In 2002 he joined Capgemini as an infrastructure engineer and soon began to build a security practice. As Jesper is a very curious person he has worked in all fields of security from pen testing to security strategy but the last eight years his primary focus has been security architecture and compliance.

More on Jesper Kråkhede.

Related Posts

Your email address will not be published. Required fields are marked *

8 + 2 =

    *Opinions expressed on this blog reflect the writer’s views and not the position of the Sogeti Group