Product Description

The first guide to tackle security architecture at the software engineering level
Computer security has become a critical business concern, and, as such, the responsibility of all IT professionals. In this groundbreaking book, a security expert with AT&T Business's renowned Network Services organization explores system security architecture from a software engineering perspective. He explains why strong security must be a guiding principle of the development process and identifies a common set of features found in most security products, explaining how they can and should impact the development cycle. The book also offers in-depth discussions of security technologies, cryptography, database security, application and operating system security, and more.

Product Details

• Amazon Sales Rank: #751476 in Books
• Published on: 2002-03-15
• Original language: English
• Number of items: 1
• Binding: Paperback
• 480 pages

From the Back Cover
Tackling security architecture from a software engineering perspective
With the growth of the Internet, computer security is rapidly becoming a critical business concern. In turn, as security becomes the responsibility of all IT professionals, companies must rethink the way software is built to have confidence that their mission-critical applications are protected and the privacy and integrity of their data is maintained. In this groundbreaking book, Jay Ramachandran, a security expert with AT&T’s renowned Network Services organization, explores system security architecture from a software engineering viewpoint. He explains why strong security must be a guiding principle of the development process, describes how to weave security into a system’s architecture, and identifies common patterns of implementation found in most security products. This book is an essential reference for software architects and engineers integrating security products into their applications to satisfy corporate security requirements.

Offering in-depth discussions of security principles, software process, and security technologies for cryptography, application, database, and operating system security, this book covers:

• The integration of architecture reviews and security assessments into the software development process, explaining application architecture as a collection of protected components communicating over secure channels and operating under constraints
• Security principles and architecture basics, including the impact of security products and security infrastructure components on applications
• Middleware, application, database, and operating system security
• Architectural tensions, describing how to balance security against other architectural goals such as high availability and reliability
• Enterprise security management, including a case study on how to build financial business cases to justify security costs

Wiley Computer Publishing
Timely. Practical. Reliable.

About the Author
JAY RAMACHANDRAN is a certified architect and security expert at AT&T, involved in enterprise security architecture and development. Over the past eight years, he has developed software and evaluated tools for security assurance, auditing, and management for many mission-critical network systems. He coordinated architecture reviews for operations support systems for AT&T’s core network for two years, and currently teaches workshops on systems architecture and network security. Jay holds a PhD from Ohio State University.

Customer Reviews

The Most Practical Security Design Book I've Read
I am primarily a systems engineer with an emphasis on system and network security. This book provides an excellent framework and methodology for developing a security architecture from the ground up. It's avoids a purely academic approach by including methods that can be applied in the real world. The book reads well and is indexed in a manner that allows it to be used as a desk reference. This is currently the best security book on my shelf. Buy this book!!!

Best Security Architecture I Have Seen
Although there are a number of books claiming to talk about security architecture, this one really does! This book is really helpful in describing the high level concepts that security engineers should know when developing a security architecture. It is a little weak on cost-benefit analyses, but provides a good foundation for security architects. Clearly, the author has given some thought to the content and does more than tell anecdotes and describe various security technologies. I highly recommend this book to anyone designing a security architecture.

ACM Computing Reviews, Meg Broderick, Aug 2002, (excerpts)
(Full review on www.reviews.com)

In this book, Ramachandran has developed a very "practical handbook on security architecture," targeted at project managers, software engineers, and system architects. By guiding the reader through the steps of systems engineering, he builds an effective framework. ... The book is arranged into five parts: architecture and security, low-level architecture, mid-level architecture, high-level architecture, and business cases and security.

In the first section, the author prepares a tutorial to refresh the reader on various software methodologies ... [and on] ... the contents of a security assessment, including preparation, assessment and reporting. Through this discussion, he introduces the reader to the business realities of planning for security-both cost and time-and how to evaluate the tradeoffs. Ramachandran also gives a focused tutorial on the concepts and basic tools available.

In Part 2, Ramachandran provides practical, concrete reasons for the application of sound system development principles, without sounding preachy. His analysis of code reviews would be useful for any team leaders who want to improve their groups' deliverables. ... He continues to use the approach of theory, example, methods, challenges, and evaluation in the following chapters on cryptography, trusted code, and secure communications.

Part 3 examines mid-level architecture, including middleware, Web security, application and OS security, and database security. The key message in this section is the complexity of issues that must be handled here ... Once again, the author has provided neat descriptions of the functions and problems of the elements at this level. The author keeps the pace and language consistent throughout.

Part 4 reviews the high-level architecture ... [and] ... compares the "building" to the original security and architectural goals ... by encouraging the architect to look at security as a process, not just as a single event. Taking it a step further, he compares enterprise security architecture to a data management problem, which although a manual process, provides good payback. The book could have ended here. Instead, the author realized that payback has another dimension.

In Part 5, the author provides very graphic examples of real situations in which the absence of adequate security resulted in catastrophic outcomes. ...

In this book, Ramachandran has compiled a great deal of useful information. In a single volume, he has provided an overview of the many elements to be considered in the development and operations of systems to ensure they are secure, and the reasons he selected those elements. ...

Overall, this work provides an excellent single volume reference for the system architect, project manager, or software engineer who needs to understand where security fits into the deliverables being produced. I found it to be well written, well organized, and a good addition to my technical library.