0

So I've been googling around and couldn't find an answer to my question (I don't discount the option that I could be asking the wrong question after all).

I see there is a question that deals with something similar (Established Security Design Patterns?) focused on software development but in my case I am looking for a higher level/overall architecture involving everything regarding information security. Not specifying the implementation or finer details.

Say for example: It would be a good security pattern to have a disaster recovery site, to implement a PKI and encrypt all information in transit and at rest, to rotate keys each X time, to authenticate all users that log on specific devices, to destroy all to-be-discarded devices that contain sensitive information, etc.

Is there something like that?

4d4143
  • 133
  • 1
  • 8
  • My guess at an answer is: Yes, there are, but they might not be called Patterns. The term Pattern in the sense you are asking about was introduced by architect (as in buildings, not software) Christopher Alexander in [*A Pattern Language*](https://wikipedia.org/wiki/A_Pattern_Language) in 1977, whereas the Patterns you are asking about are often thousands of years old (e.g. *Defense in Depth*, *Trade Space for Time*). But in a general sense, a "pattern" is just a "name for a known-good solution", and those do of course exist. – Jörg W Mittag Oct 13 '21 at 23:33
  • And where would one find a list or collection of those? – 4d4143 Oct 14 '21 at 14:28

0 Answers0