Cybersecurity Architecture

Cybersecurity Architecture

Roger Clark

Cybersecurity Architecture


CYB – 690


It is harder in the complex environment in which businesses work to protect transfers, data and network components. A successful security infrastructure incorporates a range of strategies and strategic innovation as well as robust information and knowledge systems. The design of protection is the blueprint for putting all elements together to satisfy the guidelines laid out in the policies (Eloff, & Eloff, 2005). The technology infrastructure will offer for most organizations a structure for combining emerging technologies and resources to address customer demands and expect potential market directions.

Security architecture diagram




Client machine

Sensitive data

The critical, protected information is sensitive data. One may consider various information sensitive depending on the industry, but it can be anything private and protected that your company, employees, customers or third parties might expect.

Customer Information 

Customer data is what many people first think while discussing sensitive data. These could involve client names, home addresses, records on credit cards, social security numbers, passwords, program features, birthdays, and more.

Employee Data

The employee data is identical to consumer records in several ways. Users have the names, addresses and social security numbers of your employee and you might even have their account records, usernames and/or passwords used with client logins, or details relevant to a certification method. This is confidential information which makes it important for organizations to securely store it and that the client trusts you to take care of.

Data storage security

The security of data storage involves protecting the data and storing resources stored both on-site and in outside data centers and the cloud from accidental damage or destruction, and unauthorized users and uses. This is an area of vital importance for companies because most data violations are caused primarily by a data storage security failure.

Hardware and Software


A firewall is another way to make your network more secure. As hardware or software (or as both), a firewall may exist (Kurdziel, 2014, May). A hardware firewall is a network-connected system that filters packets according to a set of rules. On the operating system, a software firewall runs, intercepting packets on arrival at the device. A firewall prevents all servers and devices in organizations by blocking packets that do not follow specific requirements from outside the network of the organization. The packet flow from the company can also be restricted via a firewall. This will remove staff from the company’s device playing video or internet usage (Kurdziel, 2014, May).

Intrusion Detection Systems

An IDS is an extra device that can be built for protection throughout the network. An IDS does not introduce extra protection nor includes the ability to monitor when the network is targeted. It can set up an IDS to monitor specific types of operations and alert safety staff if such operations are performed (Kurdziel, 2014, May). For further analysis an IDS may also log different types of traffic in the network. An IDS is part of every program that is efficient.

Security controls

The architecture objects explain how the protection mechanisms are located and how they affect the overall IT Infrastructure. Such safeguards protect the standard qualities of the program, including security, honesty, transparency, efficiency, and reliability. Security services and mechanisms are strongly related as they are used to providing a function through a process or a mixture of processes.

Network Security Service 

This is a service provided by an open network protocol layer that ensures adequate protection of systems or data transfers. It increases data processing and transmission efficiency (Markham & Payne, 2001). A response may protect data Integrity-A data source, one data, or chosen fields. Unauthorized alteration or removal of records causes a lack of credibility.

Data Confidentiality– The security of permitted limits on access to and divulgation of details, including the protection of safety and transparency. The unauthorized publication of knowledge represents a breach of confidentiality.

Authenticity -Authenticate the node and base station to use the minimal resources available. It also guarantees that the contact only takes place with the designated node.

Non-repudiation– it prevents the refusal of a transmitted message to the sender or recipient. Therefore, the receiver should claim that the supposed sender has already delivered the message when a response is received. Similarly, the sender may claim that the supposed user genuinely reads the message when a response is sent.

Cryptography Mechanisms 

Cryptography is a way to store and transmit data in a form so that the persons they intend it for can only read and process it (Piper, 2003). The word typically includes plaintext scrapping in the ciphertext (a method called encryption) and then restoring (called decryption) (ordinary text, often referred to as plaintext). There are three specific forms of cryptographic structures that are commonly used to accomplish these objectives: covert (or symmetrical) cryptography, transparent (or asymmetrical) encryption and hash functions (Piper, 2003).

Security control specifications

Data encryption

The traditional approach to encrypting sensitive data is to ensure that it is both authenticated and kept independently from the decryption keys. It is also important to ensure that it encrypts confidential data in motion throughout your network to prevent databases being threatened by security (not stored in encryption, but plaintext next to the keys). (Apart from encrypting data in plaintext).

Minimizing Database value

Intruders may access its contents through the database such that no sensitive knowledge is kept and does not have to be there. Manage the data effectively to enable deletion if it needs no data from the database. It may transfer information that may be maintained for enforcement or other reasons to safe storage that is not so responsive to security risks to the database (Piper, 2003).

Likewise, historical files written on the server after the initial update process and removed (for example, MySQL file and MySQL history). Although these files help test if the install fails, they cannot provide knowledge beneficial to attackers if the update is effective.

Managing Database

The administrator will aim to allow access to the database to the lowest number of users. They will have the lowest rights, and only for occasions where access is of need. This might not be realistic in smaller organizations, but departments or functions can handle authorizations instead of explicitly issued.

It controls automatic access using access management tools considered by administrators. It provides allowed users with the rights needed to enter a database with a temporary password. It also logs the activities performed during that time and prevents the share of passwords between administrators. Although it can be easier for administrators to exchange credentials, adequate database protection and transparency are nearly impossible.

Auditing and monitoring Database activities

It involves monitoring the operating system and server logins (and failed logins) and periodically checks reports identifying unusual activity. Even if an identity reported as hacked, an employee can involve illegal process, or it targets the network, successful surveillance will allow one to find. It will also allow one to figure out how users swap accounts and alert users against making accounts without authorization.

The DAM software can aid by delivering tracking separate from the Native Server reporting and verification features and tracking of the admin operation. DAM software offers monitoring services.


Another effective tool for information security is a comprehensive backup plan for the whole organization. This is important not only to backup data from client servers but also to backup the company’s individual machines. A good contingency plan must have several elements.

A comprehensive view of organizational database. What is the organization’s information? Any data they remain stored on the servers of the company, some in the cloud, and others on the websites of third parties, on the hard drives of users. A company will store any details and backed up in full and determine the best way to guarantee that it protects this data.

All evidence backed up periodically. The backup duration will depend on the company’s value for details and the company’s capacity to restore missing data. One could back sensitive data up every day, and it should back less important data up every week.

Security Policies

Besides the above operational restrictions, organizations will always enforce security policies as an institutional function. These policies will also be a point of departure for a robust protection strategy. A strong information management policy offers instructions for staff to utilize knowledge services of the organization and corrects them if an individual breaks a policy.


Because computers and networking are becoming an important part of the industry, they too have become the focus of criminals. Organizations will be sensitive to the way it secures their finances. The same holds valid for us too. It is important for us on how we defend ourselves when digital technologies are becoming intertwined with our lives.


Eloff, J. H. P., & Eloff, M. M. (2005). Information security architecture. Computer Fraud & Security2005(11), 10-16.

Kurdziel, M. T. (2014, May). Cyber threat model for tactical radio networks. In Wireless Sensing, Localization, and Processing IX (Vol. 9103, p. 910305). International Society for Optics and Photonics.

Markham, T., & Payne, C. (2001, June). Security at the network edge: A distributed firewall architecture. In Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX’01 (Vol. 1, pp. 279-286). IEEE.

Parker, B. J., Werner, S. W., Diaz, C., & Frederick, T. M. (2008). U.S. Patent No. 7,316,029. Washington, DC: U.S. Patent and Trademark Office.

Piper, F. (2003). Some trends in research in cryptography and security mechanisms. Computers & Security22(1), 22-22.

Ftp server



mail server

directory server

web server

"Is this question part of your assignment? We can help"