It´s not that easy to start creating a Security Architecture when it’s hard to define it in the first place. A Security Architecture has a few starting points. The first one is the realization that you have something to protect. That may sound very simple but without your assets defined you cannot define a security architecture.
Before you need to start building the list of requirements you need to adhere to the following:
This list consists of your risk analysis, applicable laws you need to adhere to and compliance schemes you need to follow. Of course, you could have others that are on a voluntary basis and those should be included in the list as well as long as you don´t regard them as strict mandatory.
The list you provide will be your risk register that you will start working with.
Follow the series of blogs about Security Architecture by subscribing to the blog.