Security patterns are artefacts used within cybersecurity for architecture and design. They represent a defined and re-usable solution to a recurring problem within the cybersecurity domain.
What is a Security Pattern
A security pattern is typically defined by the following following 4 characteristics.
- Written in context of a security problem and how it affects the asset.
- Abstracted from specific vendor or technology implementations.
- Maintains traceability of prescribed controls to the original threats being mitigated.
- Standardisation of threat and control taxonomies to promote reusability.
There are many variations to what represents a security pattern, including definitions of Security Architecture Patterns, Security Design Patterns and Security BluePrints.
Security patterns are typically described in a template format that includes the following information:
- Problem: A description of the security problem that the pattern addresses.
- Context: A description of the context in which the pattern is applicable and the assets.
- Threat Model: Identify the cybersecurity threats and how they may impact the assets.
- Solution: A description of the pattern solution, including its components, interactions, and constraints.
- Controls: List of controls that are applied to mitigate the threats with examples of how the control is applied for that asset.
A risk-based selection to controls
Regulatory and compliance frameworks have an increasing focus on applying a risk-based approach to implementing security controls. That is, making an assessment of the risks and then making a selection of the appropriate controls.
Security patterns provide the means to apply a risk based selection to determining appropriate security controls, with traceability to the threats that they are mitigating.
Security by Design
Security patterns are often used as part of security by design. They provide a standardized design approach that focuses on understanding the context of a problem rather than just prescribing a list of controls.
The adoption of security patterns has been driven by a number of factors, including:
- The increasing complexity of security threats and attacks.
- The need to demonstrate traceability to which controls are mitigating which threats.
- Auditability within security architecture processes for the selection of controls required to mitigate those identified threats.
Alignement into Architecture Frameworks
SABSA (Sherwood Applied Business Security Architecture)
The SABSA framework caters for the use of security patterns as part of its methodology. The definition of security patterns is not explicitly tied to SABSA but does act as an artefact within the Conceptual and Logical layers of the SABSA Matrix.
Security patterns can be used at all stages of the SABSA lifecycle, from strategy and planning to design, implementation, and operation.
Why Use Security Patterns ?
Security patterns are design artefacts that represent a defined and re-usable solution to a recurring security problems. The security patterns defined in these guides are asset-centric and focus describing security controls in context of those assets. Patterns ensure the security controls identified are based on threat modelling associated to protecting the assets.
There are a lot of different initiatives that may trigger you to write a security pattern, such as
- Security risks or issues raised by a project team that require mitigation.
- Security concerns based on issues identified within similar organisations.
- New products or capabilities being brought into your organisation.
The guides made available in securitypatterns.io provide steps for both writing and using your own security patterns.
Feel free to customise these templates for your own purposes (and in fact, we encourage you to do so).
Interested to learn more ?
To read through the full Step-by-Step Guide check out How to Write a Security Pattern or jump straight into reading How to Use a Security Pattern.
For working examples of security patterns, check out the following Security Patterns