In [1]:
import pandas as pd
from tabulate import tabulate

# Data for each architecture
data = [
    {
        "Architecture": "Defense in Depth (DiD)",
        "Core Principles": "Multiple, independent security layers",
        "When to Use": "General-purpose enterprise security; layered infrastructure",
        "When Not to Use": "Highly agile or minimalist stacks with strict latency limits",
        "Appropriate Platforms": "Cloud, On-prem, Hybrid",
        "Usage": "Network → Endpoint → App → Data → Monitoring → Recovery",
        "Issues": "Overlapping controls, complexity",
        "Well-Known Problems": "Misconfigured firewalls, stale monitoring",
        "Known Cybersecurity Incidents": "Target breach (poor segmentation + endpoint compromise)",
        "Reference": "NIST SP 800-53, CIS Controls"
    },
    {
        "Architecture": "Zero Trust Architecture (ZTA)",
        "Core Principles": "Never trust, always verify; least privilege; micro-segmentation",
        "When to Use": "Distributed, remote-first, hybrid cloud environments",
        "When Not to Use": "Legacy environments without IAM capabilities",
        "Appropriate Platforms": "Cloud-native, SaaS, Hybrid",
        "Usage": "Auth → Microsegmentation → Continuous Verification",
        "Issues": "Integration complexity, user friction",
        "Well-Known Problems": "Poor token expiration, over-reliance on identity proxies",
        "Known Cybersecurity Incidents": "Okta token abuse case (2023)",
        "Reference": "NIST 800-207, Google BeyondCorp"
    },
    {
        "Architecture": "Secure Software Development Lifecycle (SSDLC)",
        "Core Principles": "Integrate security into each software lifecycle stage",
        "When to Use": "Any software-producing organization",
        "When Not to Use": "Manual, non-versioned, one-off script environments",
        "Appropriate Platforms": "CI/CD, DevOps, DevSecOps",
        "Usage": "Requirements → Design → Coding → Testing → Release → Monitoring",
        "Issues": "Requires cultural shift and training",
        "Well-Known Problems": "Skipping threat modeling, poor dependency hygiene",
        "Known Cybersecurity Incidents": "SolarWinds (malicious code in build pipeline)",
        "Reference": "OWASP SAMM, BSIMM, NIST SSDF"
    },
    {
        "Architecture": "Zero Knowledge Architecture (ZKA)",
        "Core Principles": "Service never sees or controls your data",
        "When to Use": "Privacy-focused apps, end-to-end encryption needs",
        "When Not to Use": "Apps needing server-side processing of plaintext data",
        "Appropriate Platforms": "Privacy-preserving apps, encrypted messaging, file storage",
        "Usage": "CSE → E2EE → BYOK → ZKPs",
        "Issues": "Limited searchability, complex key management",
        "Well-Known Problems": "Key loss = data loss, hard to integrate with AI",
        "Known Cybersecurity Incidents": "Encrypted messaging services (e.g., Signal warrant can't decrypt data)",
        "Reference": "ProtonMail, Signal whitepapers, zk-SNARKs"
    },
    {
        "Architecture": "Adaptive Security Architecture (ASA)",
        "Core Principles": "Real-time telemetry + contextual decisions",
        "When to Use": "Threat-prone, regulated, or high-risk environments",
        "When Not to Use": "Low-risk static applications without real-time needs",
        "Appropriate Platforms": "SOAR, SIEM, ML-powered platforms",
        "Usage": "Telemetry → UEBA → Dynamic Policy → Automated Response",
        "Issues": "False positives, privacy trade-offs",
        "Well-Known Problems": "Noise overwhelm in SIEM, delayed policy updates",
        "Known Cybersecurity Incidents": "Capital One breach (SIEM alerts not acted on in time)",
        "Reference": "Gartner Adaptive Security Architecture, MITRE D3FEND"
    },
    {
        "Architecture": "Model-View-Controller (MVC)",
        "Core Principles": "Separation of concerns: UI, business logic, data",
        "When to Use": "Web apps, GUIs needing modular and testable design",
        "When Not to Use": "Single-layer scripts or tightly-coupled logic",
        "Appropriate Platforms": "Web frameworks (Flask, Django, Rails), GUI apps",
        "Usage": "Model ↔ Controller ↔ View",
        "Issues": "Overhead for simple apps, learning curve for teams",
        "Well-Known Problems": "Improper validation in controller, data leaks from view",
        "Known Cybersecurity Incidents": "Injection attacks due to lack of model-view sanitization",
        "Reference": "MVC Patterns (Gang of Four), OWASP Secure Design"
    },
    {
        "Architecture": "TOGAF (The Open Group Architecture Framework)",
        "Core Principles": "Business-IT alignment via standardized architectural methodology",
        "When to Use": "Enterprise transformation, long-term IT planning",
        "When Not to Use": "Fast-moving startups, tactical-only tech planning",
        "Appropriate Platforms": "Large enterprises, multi-platform environments",
        "Usage": "ADM cycle: Architecture Vision → Business → Data → App → Tech → Implementation",
        "Issues": "Heavy documentation, requires enterprise buy-in",
        "Well-Known Problems": "Slow adoption, unclear value without governance",
        "Known Cybersecurity Incidents": "Poor enforcement of architecture decisions in legacy systems",
        "Reference": "TOGAF Standard v9.2, Open Group publications"
    },
    {
        "Architecture": "SABSA (Sherwood Applied Business Security Architecture)",
        "Core Principles": "Security aligned with business requirements and risk management",
        "When to Use": "Enterprise security strategy, governance & risk-aligned IT",
        "When Not to Use": "Tactical-only or purely technical deployments",
        "Appropriate Platforms": "Regulated industries, national security, financial services",
        "Usage": "Business → Architecture → Policy → Assurance → Design → Operations",
        "Issues": "Requires strong enterprise involvement, complex framework",
        "Well-Known Problems": "Misalignment between business and security layers",
        "Known Cybersecurity Incidents": "Strategic missteps from ignoring business-context threats",
        "Reference": "SABSA Institute, SABSA Blue Book"
    }
]

# Convert to DataFrame and print
df = pd.DataFrame(data)

tf = df[['Architecture', 'Core Principles']]
print(tabulate(tf, headers="keys", tablefmt="fancy_grid"))


╒════╤═════════════════════════════════════════════════════════╤══════════════════════════════════════════════════════════════════╕
│    │ Architecture                                            │ Core Principles                                                  │
╞════╪═════════════════════════════════════════════════════════╪══════════════════════════════════════════════════════════════════╡
│  0 │ Defense in Depth (DiD)                                  │ Multiple, independent security layers                            │
├────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────┤
│  1 │ Zero Trust Architecture (ZTA)                           │ Never trust, always verify; least privilege; micro-segmentation  │
├────┼─────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────┤
│  2 │ Secure Software Development Lifecycle (SSDLC)           │ Integrate s

In [5]:
"""
This module contains a Python dictionary named `data` that summarizes
the key architectures, principles, and the SolarWinds case study from
the "Week-4 Cybersecurity Architecture" document.
"""

data = {
    "frameworks_vs_architecture": {
        "definition": {
            "framework": (
                "A structured collection of guidelines, standards, and best practices "
                "for managing cybersecurity risks (defines 'what' should be protected)."
            ),
            "architecture": (
                "A systematic design and approach for implementing security solutions "
                "within technology systems (defines 'how' security measures are organized)."
            )
        },
        "examples": {
            "framework": [
                "NIST Cybersecurity Framework (CSF)",
                "ISO/IEC 27001",
                "CIS Controls",
                "MITRE ATT&CK"
            ],
            "architecture": [
                "Zero Trust Architecture (ZTA)",
                "Defense in Depth (DiD)",
                "TOGAF Security Architecture",
                "SABSA"
            ]
        }
    },

    "architectures": [
        {
            "name": "Model-View-Controller (MVC)",
            "core_principles": [
                "Separation of Concerns: Model (data), View (UI), Controller (logic)",
                "Modularity: Independent development/testing of components",
                "Reusability: Shared data models or controllers across different views"
            ],
            "when_to_use": [
                "Web applications with clear separation of data, presentation, and logic",
                "GUI apps needing modular, testable design"
            ],
            "when_not_to_use": [
                "Very simple scripts where MVC overhead is unnecessary",
                "Highly coupled, single-layer applications"
            ],
            "appropriate_platforms": [
                "Web frameworks (Flask, Django, Ruby on Rails, ASP.NET)",
                "GUI frameworks"
            ],
            "security_implications": {
                "model": "Secure database interaction, data validation",
                "view": "Output encoding to prevent XSS, no sensitive info leakage",
                "controller": "Input validation, authorization checks, rate limiting"
            },
            "issues_considerations": [
                "Overhead for small apps",
                "Learning curve for teams",
                "Fat controller if business logic isn’t placed in Model",
                "Risk of SQL injection or XSS if validation/encoding is weak"
            ],
            "known_incidents": (
                "Web app breaches often involve injection (SQLi) or XSS due to improper "
                "MVC validation/encoding."
            ),
            "references": [
                "Design Patterns (Gang of Four)",
                "OWASP Secure Design Principles"
            ]
        },
        {
            "name": "Defense in Depth (DiD)",
            "core_principles": [
                "Multiple, independent security layers",
                "Redundancy and diversity of controls",
                "Comprehensive coverage across network, endpoint, application, data"
            ],
            "when_to_use": [
                "General-purpose enterprise security",
                "Protecting high-value assets or critical infrastructure"
            ],
            "when_not_to_use": [
                "Very low-risk environments with limited budgets",
                "Latency-sensitive stacks where many layers might cause overhead"
            ],
            "appropriate_platforms": [
                "Cloud (AWS, Azure, GCP)",
                "On-prem or Hybrid data centers"
            ],
            "aws_azure_controls_table": [
                {
                    "layer": "User Access",
                    "aws": "IAM policies, MFA",
                    "azure": "Azure AD, MFA",
                    "purpose": "Least privilege and identity verification"
                },
                {
                    "layer": "Network Perimeter",
                    "aws": "Security Groups, NACLs, ELB, VPC",
                    "azure": "NSGs, Azure Firewall, Azure Load Balancer, VNet",
                    "purpose": "Define trusted boundaries and control traffic"
                },
                {
                    "layer": "Threat Detection",
                    "aws": "GuardDuty, Inspector, Macie",
                    "azure": "Azure Defender, Sentinel",
                    "purpose": "Detect malware, data exposure, anomalies"
                }
                # Add more layers if desired
            ],
            "issues_considerations": [
                "Complexity in managing multiple layers",
                "Cost overhead",
                "Misconfigurations leading to layered failures",
                "Stale monitoring or ignoring alerts"
            ],
            "known_incidents": [
                "Target breach (2013) due to weak segmentation and endpoint compromise",
                "Equifax breach (2017) due to unpatched vulnerability in web application layer"
            ],
            "references": [
                "NIST SP 800-53",
                "CIS Controls"
            ]
        },
        {
            "name": "Zero Trust Architecture (ZTA)",
            "core_principles": [
                "Never trust, always verify",
                "Least privilege access",
                "Micro-segmentation",
                "Continuous authorization and monitoring"
            ],
            "when_to_use": [
                "Distributed, remote-first, hybrid cloud environments",
                "Protecting sensitive data with modern IAM solutions"
            ],
            "when_not_to_use": [
                "Very small/static environments lacking IAM capabilities",
                "Legacy systems without robust identity or segmentation"
            ],
            "appropriate_platforms": [
                "Cloud-native, SaaS, Hybrid setups",
                "Environments with strong identity frameworks (Okta, Azure AD)"
            ],
            "aws_azure_controls_table": [
                {
                    "pillar": "Identity Verification",
                    "aws": "IAM Identity Center",
                    "azure": "Azure AD",
                    "purpose": "Ensure strong auth (MFA) & least privilege"
                },
                {
                    "pillar": "Device Trust",
                    "aws": "Inspector",
                    "azure": "Azure Security Center / Intune",
                    "purpose": "Verify endpoint posture"
                },
                {
                    "pillar": "Micro-Segmentation",
                    "aws": "VPC, Security Groups",
                    "azure": "VNet, NSGs, Azure Firewall",
                    "purpose": "Limit lateral movement"
                }
                # Add more pillars if desired
            ],
            "issues_considerations": [
                "Integration complexity with legacy systems",
                "User friction from frequent MFA prompts",
                "Overreliance on identity proxies or mismanaged token expiration"
            ],
            "known_incidents": [
                "Okta token abuse (2023) highlighted identity compromises",
                "Colonial Pipeline (2021) used compromised credentials—need strong auth"
            ],
            "references": [
                "NIST SP 800-207",
                "Google BeyondCorp"
            ]
        },
        {
            "name": "Secure Software Development Lifecycle (SSDLC)",
            "core_principles": [
                "Security by Design",
                "Shift Left (address security early)",
                "Continuous testing (SAST, DAST, dependency checks)",
                "Risk management at each phase"
            ],
            "when_to_use": [
                "Any software-producing organization",
                "Especially for sensitive or high-risk environments"
            ],
            "when_not_to_use": [
                "Rarely optional—though minimal for small, low-risk or internal-only code",
                "One-off scripts with no real exposure (still, basic checks apply)"
            ],
            "appropriate_platforms": [
                "CI/CD pipelines (Jenkins, GitLab CI, GitHub Actions, Azure DevOps)",
                "DevOps & DevSecOps environments"
            ],
            "aws_azure_controls_table": [
                {
                    "phase": "Secure Development",
                    "aws": "CodeCommit, CodeGuru, 3rd-party scanners",
                    "azure": "Azure Repos, DevOps SAST/DAST",
                    "purpose": "Identify coding vulnerabilities early"
                },
                {
                    "phase": "Build & Deploy",
                    "aws": "CodePipeline, CodeBuild, CodeDeploy",
                    "azure": "Azure Pipelines",
                    "purpose": "Automate security gates in CI/CD"
                },
                {
                    "phase": "Monitoring",
                    "aws": "CloudWatch, GuardDuty, Macie",
                    "azure": "Azure Monitor, Azure Defender, Sentinel",
                    "purpose": "Continuous anomaly detection"
                }
                # Add more if desired
            ],
            "issues_considerations": [
                "Cultural shift for developers (DevSecOps)",
                "Time & resource investment",
                "Skipping threat modeling or ignoring library vulnerabilities",
                "Malicious code injection (SolarWinds case)"
            ],
            "known_incidents": [
                "SolarWinds (build pipeline compromise)",
                "Heartbleed (OpenSSL coding flaw), Adobe Flash vulnerabilities"
            ],
            "references": [
                "OWASP SAMM",
                "NIST SSDF (SP 800-218)"
            ]
        },
        {
            "name": "Zero Knowledge Architecture (ZKA)",
            "core_principles": [
                "Provider never sees or decrypts user data",
                "Client-side or end-to-end encryption (E2EE)",
                "User-held keys (BYOK)",
                "Zero-Knowledge Proofs (ZKPs) for access/auth without revealing data"
            ],
            "when_to_use": [
                "Privacy-focused apps needing full data confidentiality",
                "End-to-end encrypted messaging, secure file storage"
            ],
            "when_not_to_use": [
                "Apps requiring server-side plaintext processing or analytics",
                "Environments needing robust server-side search/indexing on unencrypted data"
            ],
            "appropriate_platforms": [
                "Encrypted messaging (Signal, ProtonMail)",
                "Client-side encryption (S3 or Azure Blob with BYOK)"
            ],
            "aws_azure_controls_table": [
                {
                    "control": "Client-Side Encryption (CSE)",
                    "aws": "S3 client-side encryption, KMS external mode",
                    "azure": "Azure Blob with BYOK",
                    "purpose": "Cloud provider never sees plaintext"
                },
                {
                    "control": "Key Ownership",
                    "aws": "AWS KMS (external), CloudHSM",
                    "azure": "Azure Key Vault (HSM-backed customer keys)",
                    "purpose": "User fully controls cryptographic keys"
                },
                {
                    "control": "Zero Knowledge Proofs",
                    "aws": "zk-SNARK APIs, custom integration",
                    "azure": "Custom code/VMs with zk support",
                    "purpose": "Prove identity/rights without revealing data"
                }
            ],
            "issues_considerations": [
                "Limited server-side functionality (search, ML) with encrypted data",
                "Key management complexity—key loss = permanent data loss",
                "Integration challenges with third-party services expecting plaintext"
            ],
            "known_incidents": (
                "Metadata exposure in encrypted email services; law enforcement cannot decrypt "
                "data without user keys."
            ),
            "references": [
                "ProtonMail Security Whitepaper",
                "Signal Technical Docs",
                "zk-SNARKs research"
            ]
        },
        {
            "name": "Adaptive Security Architecture (ASA)",
            "core_principles": [
                "Real-time telemetry + contextual decisions",
                "Behavioral analytics (UEBA) for anomalies",
                "Continuous monitoring with dynamic policy enforcement",
                "Automated response (SOAR)"
            ],
            "when_to_use": [
                "High-risk or heavily regulated environments",
                "Systems needing rapid threat detection and response"
            ],
            "when_not_to_use": [
                "Very small orgs lacking resources for complex monitoring",
                "Low-risk static apps with minimal runtime exposure"
            ],
            "appropriate_platforms": [
                "SIEM/SOAR (e.g. Splunk, Sentinel, AWS GuardDuty, etc.)",
                "Endpoints with EDR, ML-powered threat detection"
            ],
            "aws_azure_controls_table": [
                {
                    "control": "Telemetry Collection",
                    "aws": "CloudWatch, GuardDuty, CloudTrail",
                    "azure": "Azure Monitor, Defender, Sentinel",
                    "purpose": "Gather logs/events for analysis"
                },
                {
                    "control": "Behavioral Analytics",
                    "aws": "Macie, Lookout for Metrics, GuardDuty UEBA",
                    "azure": "Microsoft Defender for Cloud UEBA, Sentinel",
                    "purpose": "Detect anomalies in user/entity behavior"
                },
                {
                    "control": "Automated Response",
                    "aws": "SOAR via EventBridge, Lambda",
                    "azure": "Sentinel Playbooks (Logic Apps)",
                    "purpose": "Immediate threat containment"
                }
            ],
            "issues_considerations": [
                "Integration complexity and alert fatigue",
                "Privacy trade-offs with extensive monitoring",
                "False positives can disrupt operations if automated incorrectly"
            ],
            "known_incidents": [
                "Capital One (2019) had SIEM alerts not acted on promptly",
                "Equifax (2017) failed to adapt to known vulnerability threats"
            ],
            "references": [
                "Gartner Adaptive Security Architecture",
                "MITRE D3FEND"
            ]
        }
    ],

    "solarwinds_sunburst_supply_chain_attack": {
        "description": (
            "A sophisticated state-sponsored supply chain attack discovered in December 2020, "
            "where the SolarWinds Orion updates were trojanized with a backdoor (SUNBURST). "
            "Attackers compromised the build system, injected malicious code, "
            "and distributed it with legitimate digital certificates."
        ),
        "attack_flow": [
            "Initial Access via weak credentials or vulnerabilities",
            "Build system compromise (injected malicious code into Orion)",
            "Malicious DLL signed and distributed as a legitimate update",
            "Dormancy period to evade detection",
            "Selective second-stage payloads (e.g., TEARDROP, RAINDROP)",
            "Lateral movement and data exfiltration"
        ],
        "architectural_failure_points": [
            "Inadequate segmentation of build servers",
            "Insufficient monitoring and alerting on code/signing processes",
            "Weak credential management (e.g. 'solarwinds123')",
            "Lack of Zero Trust principles (excessive trust in internal networks)"
        ],
        "mitigation_perspective": {
            "defense_in_depth": [
                "Segment build environment from corporate network",
                "Strict egress filtering and micro-segmentation",
                "Hardening and monitoring of build servers with EDR",
                "File integrity monitoring on source code and build outputs"
            ],
            "zero_trust_architecture": [
                "Strong MFA, least privilege for developers/CI pipelines",
                "Micro-segmentation of build/signing infrastructure",
                "Continuous verification of code signing requests"
            ],
            "ssdlc_lesson": [
                "Secure build pipeline with integrity checks",
                "Enforce code reviews and threat modeling around build processes",
                "Signed artifacts with strict cryptographic controls (HSMs)"
            ]
        }
    }
}



In [17]:
# df_arch.columns

In [18]:
# pd.DataFrame(data["architectures"]).columns

In [9]:
architectures_list = data["architectures"]

# 2. Convert to DataFrame
df_arch = pd.DataFrame(architectures_list)

# 3. Flatten list-of-string columns
list_cols = [
    'core_principles',
    'when_to_use',
    'when_not_to_use',
    'appropriate_platforms',
    'issues_considerations',
    'known_incidents',
    'references',
]
for col in list_cols:
    df_arch[col] = df_arch[col].apply(lambda x: ", ".join(x) if isinstance(x, list) else "")



# Let’s see the columns:
print("Columns:", df_arch.columns)
df_arch.head()

Columns: Index(['name', 'core_principles', 'when_to_use', 'when_not_to_use',
       'appropriate_platforms', 'security_implications',
       'issues_considerations', 'known_incidents', 'references',
       'aws_azure_controls_table'],
      dtype='object')


Unnamed: 0,name,core_principles,when_to_use,when_not_to_use,appropriate_platforms,security_implications,issues_considerations,known_incidents,references,aws_azure_controls_table
0,Model-View-Controller (MVC),"Separation of Concerns: Model (data), View (UI...",Web applications with clear separation of data...,Very simple scripts where MVC overhead is unne...,"Web frameworks (Flask, Django, Ruby on Rails, ...","{'model': 'Secure database interaction, data v...","Overhead for small apps, Learning curve for te...",,"Design Patterns (Gang of Four), OWASP Secure D...",
1,Defense in Depth (DiD),"Multiple, independent security layers, Redunda...","General-purpose enterprise security, Protectin...",Very low-risk environments with limited budget...,"Cloud (AWS, Azure, GCP), On-prem or Hybrid dat...",,"Complexity in managing multiple layers, Cost o...",Target breach (2013) due to weak segmentation ...,"NIST SP 800-53, CIS Controls","[{'layer': 'User Access', 'aws': 'IAM policies..."
2,Zero Trust Architecture (ZTA),"Never trust, always verify, Least privilege ac...","Distributed, remote-first, hybrid cloud enviro...",Very small/static environments lacking IAM cap...,"Cloud-native, SaaS, Hybrid setups, Environment...",,"Integration complexity with legacy systems, Us...",Okta token abuse (2023) highlighted identity c...,"NIST SP 800-207, Google BeyondCorp","[{'pillar': 'Identity Verification', 'aws': 'I..."
3,Secure Software Development Lifecycle (SSDLC),"Security by Design, Shift Left (address securi...","Any software-producing organization, Especiall...","Rarely optional—though minimal for small, low-...","CI/CD pipelines (Jenkins, GitLab CI, GitHub Ac...",,"Cultural shift for developers (DevSecOps), Tim...","SolarWinds (build pipeline compromise), Heartb...","OWASP SAMM, NIST SSDF (SP 800-218)","[{'phase': 'Secure Development', 'aws': 'CodeC..."
4,Zero Knowledge Architecture (ZKA),"Provider never sees or decrypts user data, Cli...",Privacy-focused apps needing full data confide...,Apps requiring server-side plaintext processin...,"Encrypted messaging (Signal, ProtonMail), Clie...",,"Limited server-side functionality (search, ML)...",,"ProtonMail Security Whitepaper, Signal Technic...","[{'control': 'Client-Side Encryption (CSE)', '..."
