Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Wednesday, 30 August 2017 14:32

Conducting an Architectural Risk Assessment — Step 1

An architectural risk assessment is not a penetration test or merely a vulnerability scan. It is an engineering process with the aim of understanding, defining, and defending all the functional output from customers, line workers, corporate staff, and client-server interactions. Architectural risk assessments include ethical hacking, source code review, and the formation of a new network design.

As Fred Donovan wrote in the Cutter Consortium Executive Update, Architectural Risk Assessment: Matching Security Goals to Business Goals, “Performed correctly, [an architectural risk assessment] will empower the technology staff and enable the business to focus less on security and more on customers.”

According to Donovan, the first step of an architectural risk assessment is to conduct interviews with line workers — the people who interact daily with customers. These line workers who know many of the issues — without understanding the technical details — that may negatively affect customer interaction with a running application. This knowledge will benefit the redesign of the network architecture.