Security Architecture review is a holistic assessment of security layers across infrastructure, application, people, and processes.
The review process is integrated into the broader Architecture workflow, but can be triggered for:
And more generally:
Create an issues in the Security Architecture general project (internal only.
The Security Architecture review is conducted by a Security Architect who will:
The threats identified can be avoided (different architecture) or mitigated (security controls).
Depending on the type of change being reviewed, the Security Architect can involve:
Report (markdown file should be enough: searchable, collaborative, authoritative, like for threat modeling: Validation of the solution: