Architectural Risk Analysis (ARA) is a key component of Risk Management Framework (RMF). One of the reasons is because 50% of security problems come from design flaws, which can be mitigated to a reasonable degree through a solid ARA, among other things. It is a process whereby you start at more of 10,000 foot view. An example given in the book pgs 151/152 was a financial application that ran a firm of 100 employees, yet only one person in the entire organization knew how it really worked. To mitigate risk, a forest-level view and relevant documentation was created to begin the ARA, before drilling down and prioritizing other risks.
There are three main steps (sub-processes) in the ARA:
1) Attack resistence analysis: using information of known attacks, patterns, vulernabilities based on similar systems and black-hat capabilities know today; how will the system fare given this knowledge?
2) Ambiguity analysis: trying to find new risks (typically 2 analysis with lots of experience); they will do their own analysis activities in parallel and then come back together to compare and decide what their finaly analysis and recommendations are for risks/concerns/gaps, together
3) Weakness analysis: are there any external software dependencies; what about outside code, middleware, distributed systems/code, etc.? This process looks for the weakest links based on these external linkages with off-the-shelf software, frameworks, network topologies, physical environments housing systems, etc.; this is difficult and considered “weakness” because some of this will be somewhat outside your control for security and risk management, but should still be known and documented and the business should still be advised on known weaknesses.
Having a solid ARA process regularly in place as part of your RMF and SDLC will mitigate overall risk in your projects, saving the company time and money. There should be fewer security breaches. You will be fostering very good documentation. You will have good summaries (forest-level) of your risks that can more easily be consumed by non-technical people.
They have a magnificent team. These people are always kind and willing to listen to your concerns or issues. Better yet, your assignment is always ready before the time, they usually send you a draft to double-check before they finalize your paper.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more