Security patterns are artefacts used within cybersecurity for architecture and design. They represent a defined and re-usable solution to a recurring problem within the cybersecurity domain.

What is a Security Pattern

A security pattern is typically defined by the following following 4 characteristics.

  1. Written in context of a security problem and how it affects the asset.
  2. Abstracted from specific vendor or technology implementations.
  3. Maintains traceability of prescribed controls to the original threats being mitigated.
  4. Standardisation of threat and control taxonomies to promote reusability.

There are many variations to what represents a security pattern, including definitions of Security Architecture Patterns, Security Design Patterns and Security BluePrints.

Security patterns are typically described in a template format that includes the following information:

A risk-based selection to controls

Regulatory and compliance frameworks have an increasing focus on applying a risk-based approach to implementing security controls. That is, making an assessment of the risks and then making a selection of the appropriate controls.

Security patterns provide the means to apply a risk based selection to determining appropriate security controls, with traceability to the threats that they are mitigating.

Security by Design

Security patterns are often used as part of security by design. They provide a standardized design approach that focuses on understanding the context of a problem rather than just prescribing a list of controls.

The adoption of security patterns has been driven by a number of factors, including:

Alignement into Architecture Frameworks

SABSA (Sherwood Applied Business Security Architecture)

The SABSA framework caters for the use of security patterns as part of its methodology. The definition of security patterns is not explicitly tied to SABSA but does act as an artefact within the Conceptual and Logical layers of the SABSA Matrix.

Security patterns can be used at all stages of the SABSA lifecycle, from strategy and planning to design, implementation, and operation.

Why Use Security Patterns ?

Security patterns are design artefacts that represent a defined and re-usable solution to recurring security problems. Security patterns are asset-centric and focus describing security controls in context of those assets. Patterns ensure the security controls identified are based on threat modelling associated to protecting the assets.

There are a lot of different initiatives that may trigger you to write a security pattern, such as

The guides made available in provide steps for both writing and using your own security patterns.

Feel free to customise these templates for your own purposes (and in fact, we encourage you to do so).

Interested to learn more ?

To read through the full Step-by-Step Guide check out How to Write a Security Pattern or jump straight into reading How to Use a Security Pattern.

For working examples of security patterns, check out the following Security Patterns