Enterprise Security Architecture: A Business-Driven Approach

11 Nov 01:20

Security architecture theory and practice are brought together in a new book for IT business managers. Enterprise Security Architecture: A Business Driven Approach by top independent information security experts John Sherwood, Andy Clark and David Lynas, provides a much-needed generic framework to develop solutions that can be unique for individual enterprises.

Welcomed by system architects who for years have struggled to achieve integrated security for individual businesses, the book marks a very significant advance in security architecture. "This birth-to-death treatment is unique and should be on every CIO, ICT infrastructure and application development directors' desk," said Professor Brian S Collins of Cranfield University and the British Computing Society.

Andy Clark, co-author and a director of digital forensics specialists Inforenz, explained: "Our book is intended for technical security personnel and business managers who have very real security issues to confront in their day-to-day business. It is designed as a tutorial and a reference tool and has examples of real business security solutions. To ensure that it is grounded in the real world, we have incorporated the varying perspectives of the main players in any business upon whom security architecture impinges."

Using key theoretical models and decades of combined practical experience, the authors have designed SABSA (Sherwood Applied Business Security Architecture), a generic model which can be used to develop unique solutions for any enterprise. Central to the framework is Business Attribute Profiling, a key step in capturing business requirements, defining measurement approaches and setting performance targets for information system risk management.

Enterprise Security Architecture: A Business Driven Approach by John Sherwood, Andy Clark and David Lynas is published by CMP Books and is available through Amazon.

[This is a MUST READ book for everybody in information assurance. It is an authoritative work describing a framework solidly anchored in business processes, into which ALL information, IT and general security problems and solutions will fit. It is the first, and so far only, work to provide a truly holistic model to design not just security but ASSURANCE. SABSA is THE framework into which all solutions should be put. A full-length review of the book will appear in one of the next ISBs, but don't wait - read the book before your colleague :-) --Ed].

Related links: (Open in a new window.)
www.amazon.com

Taken from Information Security Bulletin.