Product Description

'Destined to be a classic work on the topic, Enterprise Security Architecture fills a real void in the knowledge base of our industry. In a comprehensive, detailed treatment, Sherwood, Clark and Lynas rightly emphasize the business approach and show how

Security is too important to be left in the hands of just one department or employee -- it's a concern of an entire enterprise. Enterprise Security Architecture shows that having a comprehensive plan requires more than the purchase of security software -- it requires a framework for developing and maintaining a system that is proactive.

Product Details

• Amazon Sales Rank: #212374 in Books
• Published on: 2005-11-12
• Original language: English
• Number of items: 1
• Binding: Hardcover
• 608 pages

About the Author
John Sherwood, active in operational risk management for more than a decade and as an information systems professional for more than 30 years, is the Chief Architect of the SABSA(r) model. He is also a visiting lecturer and external examiner at Ro

Customer Reviews

Really helpful for enterprise securty. Not a techie cookbook.
This is a particularly interesting book in that it proposes an approach to developing security architectures that are aligned with Business Needs. Most of the other literature that I have seen in this field seems to throw itself into technical detail and try to be a "cookbook" for techies.

The book is in two distinct parts - this first outlines the philosophy and approach of SABSA (Sherwood Applied Security Architecture) and the second draws on the authors' considerable experience in using SABSA in real-life scenarios, giving a set of "standard" services and mechanisms that should be considered when building an Enterprise Security Architecture.

If you are looking just to do techie "black box" security engineering with routers and servers then this book is not really for you. This is a book for those with a responsibility for enterprises where security can be seen as enabling the business rather than fighting it.

Like others with whom I have spoken, I liked the "quick notes" in the left hand column of every page that let's you speed read each chapter. They made it really easy to set a good insight into the subject quickly and focus on the areas that I really wanted to know more about.

One hidden gem in this book is the approach to Measuring Return on investment in security - it opened my eyes to using security as a business enabler.

Step by step professional
It is amazing how different books can be. I read dozens of information security management related books, but this one is only I can use in my everyday job. If you are consultant or professional CISO, this book offers tips of how to do things right and how to be efficient. It is information security management bible. Buy hardcover version because you will use it every day.

Good Conceptual Security Modeling Book
The Enterprise Security Architecture book plays heavily on the SABSA business model created by one of the Authors. It appears to be a good high-level large business model, and my company has adopted it.

The problem with the approach is that it is very conceptual, and not well defined for actual business practices. I doubt any company has ever actually implemented the SABSA model in their practices yet.

If your willing to charge ahead and define your own processes, this could be a great framework for you. The first third of the book was slow and hard for me to read, but the last two thirds were very logical for my understanding.

Whether or not you decide to use the SABSA model, but book is great reference for a high level enterprise architect or security specialist to suggest better strategies for securing your enterprise.