Chapter 11. Security Operations

Now we need to consider how to securely operate the solution in production, also known as Day-2 operations. It’s the stage where an operations team maintains, monitors, and optimizes the system for continued operation. Effective Day-2 operations need clarity around the operational responsibilities for the security controls to ensure continued protection of the information assets, detection and response to threats, and recovery from any outages that might occur. We can start to achieve that by defining responsibilities and the required processes for the successful operation of the controls.

The chapter starts by discussing the definition of responsibilities together with the documentation of processes, procedures, and work instructions. For effective operation of the controls, we enhance the swimlane diagram, discussed in Chapter 4, by discussing decomposition and providing additional detail for recording audit trails.

The chapter continues with exploring two specific processes that utilize threat modeling, from Chapter 6, to identify threats that may require threat detection. We use the identified threats to define how the detection of threats and the response to incidents should take place. As architects, we need to be able to support the definition of threat detection use cases and incident response runbooks. We need our solution architecture to describe how we provide information for protection and automation for response activities.

As you consider ...