ISC2 ISSAP Domain 2: Security Architecture Modeling
“Cybercrime is the greatest threat to every company in the world.” — Ginni Rometty, Former IBM CEO.
In 2025, that quote feels more relevant than ever.
With data breaches rising by 20% year-over-year, the average breach cost soaring beyond $4.45 million, and AI-driven threats targeting even the most fortified infrastructures, it is no longer a question of if you need a security architecture; it is how soon you can build one that is both bulletproof and business-aligned.
Welcome to ISSAP Domain 2: Security Architecture Modeling (22%), specifically Section 2.1: Identify Security Architecture Approach. Whether you are preparing for the (ISC)² ISSAP exam or you are a cybersecurity leader ready to modernize your enterprise defense posture, this article walks you through everything you need to know, including frameworks, models, patterns, real-world strategies, and exam tips.
2.1: Identify Security Architecture Approach
What Is a Security Architecture Approach?
A Security Architecture approach is a strategic plan that integrates security seamlessly into every part of an enterprise’s IT ecosystem. This is not about slapping on firewalls or antivirus software. It is about designing systems, processes, and infrastructures that are secure by design, not by accident.
Historically, systems were designed in silos. The finance application had its own setup. The HR tool had a separate security policy. IT departments operated like islands. The result? Fragmented protections that left organizations vulnerable.
Today, the modern approach is enterprise-wide, holistic, integrated, and guided by well-established architecture models and frameworks.
Why Fragmented Architecture Fails?
- Lack of interoperability between systems
- Redundant controls that waste resources
- Gaps in compliance and audit trails
- Slow response to emerging threats
The Security Architect’s job is to fix that. For ISSAP aspirants, it is essential to understand how to identify and tailor an architecture that reflects the organizational context, risk posture, and business goals.
Key Components of Security Architecture
To design an effective security architecture, you need a multi-layered view of systems, people, and processes. Here is what typically goes into the architecture:
| Element | Role |
| Strategic Purpose | Redirect traffic by corrupting DNS records |
| Principles | Malicious DNS responses injected into a resolver’s cache |
| Technical Positions | DNS Cache Poisoning, DNS Spoofing |
| Patterns | DNS resolvers and cache, DNS queries |
| Vocabulary | Monitoring DNS traffic for anomalies, use of DNSSEC |
Exam Tip: Understand how these elements form the foundation for reference architectures, such as SABSA or TOGAF.
Patterns, Blueprints, and Build Guides: What is the Difference?
The bridge construction analogy is used to describe how security systems should be designed and implemented.
| Concept | Purpose | Analogy |
| Pattern | Generalized, reusable solution to common design problems | Suspension bridge type |
| Blueprint | Detailed technical design documents | Engineering diagrams |
| Build Guide | Step-by-step deployment/configuration instructions | Construction manual |
Each layer ensures security is designed, documented, and deployed correctly. These are not just “nice to have”, they ensure:
- Audit readiness
- Consistency across deployments
- Implementation by remote or less experienced staff
Understanding Architectural Types
Every organization operates with a blend of architectural models. As a Security Architect, you must identify:
- What’s currently deployed?
- What needs improvement?
- How to integrate various types into a unified, secure baseline?
Common Types of Architecture:
| Architecture Type | Characteristics |
| Peer-to-Peer | No central authority; hard to secure |
| Client/Server | Common for web services; central point of failure risk |
| Centralized | Easy control, vulnerable if the core fails |
| Decentralized | Scalable, resilient, but complex |
| Cloud | Fast and flexible, but requires new security models |
Exam Tip: Learn to analyze which architecture types are suitable for which environments. You may get scenario-based questions comparing options.
Performing a Gap Analysis
Gap analysis is the architect’s GPS from the current state to the ideal state. Before selecting or building architecture, assess:
- Current systems, networks, and applications
- Where data is stored, processed, and transmitted
- Existing security measures vs. business/technical goals
This analysis identifies gaps in protection, compliance, or scalability and provides a roadmap for architecture selection.
Reference Architectures and Frameworks You Must Know
These frameworks provide structured guidance to develop a security architecture that aligns with both business and IT needs
1. SABSA (Sherwood Applied Business Security Architecture)
SABSA is a 6-layer, business-driven security architecture model. Each layer reflects a role:
| Role | View | Focus |
| Business | Contextual | Risk, goals, values |
| Architect | Conceptual | Security principles, trust models |
| Designer | Logical | Architecture abstractions |
| Builder | Physical | System tech and configurations |
| Tradesman | Components | Individual system elements |
| Service Manager | Operational | Day-to-day security monitoring and resilience |
Exam Tip: Expect diagram-based or scenario questions based on SABSA layers. Memorize their purpose and flow.
2. TOGAF (The Open Group Architecture Framework)
A popular enterprise-level framework with a structured lifecycle (phases A–H) for managing IT transformations. While not security-specific, TOGAF:
- Helps gather and align business requirements
- Supports architecture design from a top-down perspective
- Can be mapped to SABSA for security alignment
3. SOMF (Service-Oriented Modeling Framework)
Useful for service-based and cloud architectures, SOMF:
- Breaks down complex systems into manageable components
- Supports “used-to-be,” “as-is,” and “to-be” models
- Useful when designing microservices, APIs, and scalable systems
4. Enterprise Security Architecture (ESA)
ESA is the ultimate goal: a repeatable, scalable architecture model used across multiple projects. It enables:
- Security standardization across business units
- Future-proofing for digital transformation (cloud, IoT, DevOps)
- Unified governance and policy enforcement
ESA aligns:
- Contextual layer: Business needs, risks, environment
- Conceptual layer: Principles and security objectives
- Logical/technical layers: Controls, tools, networks, policies
Cloud and Modern Perimeter Expansion
Cloud has transformed architectural design. Many organizations now follow a “cloud-first” strategy, demanding:
- Integration with Cloud Security Alliance (CSA) frameworks
- Use of Trusted Cloud Initiative (TCI) for reference architecture
- Consideration for multi-tenancy, shared responsibility, and zero-trust
And it is not just IT networks anymore. OT (Operational Technology), like ICS and SCADA systems, also connect to enterprise networks.
Architects must now protect:
- Cloud-native workloads (SaaS, PaaS, IaaS)
- ICS, SCADA, and IoT devices
- Edge systems and remote endpoints
These require tailored reference models, segmentation strategies, and defense-in-depth, especially in regulated environments.
Common Mistakes to Avoid
- Skipping current state analysis: Leads to poor architecture fit
- Ignoring legacy systems: Leaves gaping security holes
- No traceability from business to control: Fails audit and stakeholder trust
- Lack of documentation: Hinders future scaling and patching
- Choosing frameworks blindly: Misalignment causes inefficiency
Exam Tip: Look out for exam questions presenting flawed architecture designs. You’ll need to identify what’s missing—gap analysis, traceability, or stakeholder input.
ISSAP Training with InfosecTrain
Security is not a product; it is an architecture. And great architecture starts with a clear understanding of where you are, where you are headed, and how to get there securely.
From aligning business goals to designing enterprise-wide blueprints, from ICS segmentation to cloud-ready frameworks, ISSAP Domain 2.1 lays the foundation for every serious Security Architect.
With InfoSecTrain’s ISSAP Training, you will gain the practical insights, strategic frameworks, and exam-ready expertise needed to not just pass the certification, but to lead architecture decisions that truly defend and deliver.
TRAINING CALENDAR of Upcoming Batches For
| Start Date | End Date | Start - End Time | Batch Type | Training Mode | Batch Status |
|---|