The “Security Architecture Working Group” also referred to as “SAWG” has been established to enable collaboration among security architects and those interested in this space. The groups has defined its Vision and Mission as follows.
With the ever increasing complexity of business operations, transformations, and technology systems, we see the need for a structured approach to enable these challenges. Acceleration of globalisation, increased supply chain dependencies, and geopolitical requirements further compound these intrinsic challenges.
The Security Architecture Working Group’s (SAWG) vision is to develop and champion models of implementable technology architectures based on common information structures, that include standardised notations, taxonomies, implementation behaviours, and governance techniques.
Specifically, the group aims to create a method of describing architectures using a common language that can be applied across technology, Security, business operations, and business disciplines. We envisage this language to define a universal business description, technology description, and implementation that includes service triggers, attributes, resources, relationships, actions, and expected outputs.
We standardise non-functional requirements and their fulfilment using common architectural notations, composable patterns and models.
We will promote the adoption of these patterns and their implementation by organizations. Under common notations, we create and all understand a common language that allows codifying the design of any business to a desired level of detail, but with standard notations that are machine readable and easily digestible by humans to be used for transformational changes or review. The work on common solution patterns will not only demonstrate the usefulness of these notations, but enable organizations to rapidly converge on industry good practices, considering aspects of security, reliability and customer expectations.
The model will enable organizations to customise the patterns to their needs and quickly react to customer, business, and regulatory demands. One of these challenges would be the increasing proliferation of regulations across regions and countries that while well intended often create additional sets of complex requirements for heavily regulated industries and global organizations.
Security teams struggle with quantitative approaches to security risk modelling and governance, leading to under informed business decisions. We see a need to develop and align models that support the amendment of proven patterns and allow organizations to develop better solutions based on current knowledge.