Stratia Consulting specialise in Information Assurance and Risk Management.

We have years of experience in providing information assurance and information risk management services to all kinds of businesses. It does not matter whether you run a small start-up company or a large corporation, we will ensure your assets are protected and maintained efficiently. Our aim is to find the best form of protection for your business and provide you with the means to manage risks effectively in order to minimise financial costs and prevent damage to your reputation.

Cookie Policy

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Contact Info

Security Architecture

Security Architecture is the name given to the process of including security in the design of a system, a principle known as security-by-design. It is often the case that a system is designed to work and that securing that system is a problem solved once it’s built and working. This can lead to compromising and isn’t as effective.

Security architecture is a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls. The design process is generally reproducible.

In security architecture, the design principles are reported clearly, and in-depth security control specifications are generally documented in independent documents. System architecture can be considered a design that includes a structure and addresses the connection between the components of that structure.

Including security in design allows you to build a secure base that any future security updates can be built upon and updated. It is also a very cost-effective system because of this, once you have designed the architecture it becomes reproduceable. Multiple systems can employ the same design with the same guaranteed level of security.


During the design process you are able to consider the risks of each feature you design into your system, this allows you to see the potential threats before the system is built so that you may prepare for them and reduce the risks rather than the more costly approach of finding an exploit post-release and then patching.


The key phases in the security architecture process are as follows:

  • Architecture Risk Assessment: Evaluates the business influence of vital business assets, and the odds and effects of vulnerabilities and security threats.
  • Security Architecture and Design: The design and architecture of security services, which facilitate business risk exposure objectives.
  • Implementation: Security services and processes are implemented, operated and controlled. Assurance services are designed to ensure that the security policy and standards, security architecture decisions, and risk management are mirrored in the real runtime implementation.
  • Operations and Monitoring: Day-to-day processes, such as threat and vulnerability management and threat management. Here, measures are taken to supervise and handle the operational state in addition to the depth and breadth of the systems security.