OSA Landscape

In order to determine that OSA has the correct topic coverage we need to define the landscape for security architecture. That way we can identify topics that have poor coverage, determine priorities for new patterns, and help the community co-ordinate their activities.

In the perfect world there would be a classification for security architecture that we could adopt, but we do not know an existing potent slicing and dicing (do you?), and while the standards such as NIST, ISO and ISF divide their materials into chapters these do not translate into a security architecture landscape very well.

Therefore the two authors of this article dare to propose a landscape here, that we hope with the help of the community (that is YOU :-) can be refined over time to give a useful reference for OSA as well as the wider world.

Security Architecture Landscape


osa security architecture landscape components


The items in this landscape represent the major infrastructure and application architecture topics that keep IT departments busy.

V10: Updated landscape to include additional elements for greater coverage- Legal & Reg, Backup, Change Mgmt, Config and Asset Mgmt, extended Service Operations block, reorganised central security services