Enterprise Security Architecture: A Business-Driven Approach (Hardcover)

~ John Sherwood (Author), Andrew Clark (Author), David Lynas (Author)
Key Phrases: trusted time service, business risk model, logical security services, Soft Independent, Architecture Capability Maturity Model, Architecture Board (more...)

Editorial Reviews

Product Description

'Destined to be a classic work on the topic, Enterprise Security Architecture fills a real void in the knowledge base of our industry. In a comprehensive, detailed treatment, Sherwood, Clark and Lynas rightly emphasize the business approach and show how

Security is too important to be left in the hands of just one department or employee -- it's a concern of an entire enterprise. Enterprise Security Architecture shows that having a comprehensive plan requires more than the purchase of security software -- it requires a framework for developing and maintaining a system that is proactive.

About the Author

John Sherwood, active in operational risk management for more than a decade and as an information systems professional for more than 30 years, is the Chief Architect of the SABSA(r) model. He is also a visiting lecturer and external examiner at Ro

Product Details

• Hardcover: 608 pages
• Publisher: CMP (November 12, 2005)
• Language: English
• ISBN-10: 157820318X
• ISBN-13: 978-1578203185
• Product Dimensions: 9.9 x 8 x 1.3 inches
• Shipping Weight: 3.5 pounds (View shipping rates and policies)
• Average Customer Review: 4.7 out of 5 stars  See all reviews (3 customer reviews)
• Amazon.com Sales Rank: #68,114 in Books (See Bestsellers in Books)

  Popular in these categories: (What's this?)

  #41 in	Books > Computers & Internet > Certification Central > Exams > Security+
  #43 in	Books > Computers & Internet > Web Development > Security & Encryption > Encryption
  #57 in	Books > Computers & Internet > Business & Culture > Privacy

Customer Reviews

Most Helpful Customer Reviews

14 of 16 people found the following review helpful:

5.0 out of 5 stars Really helpful for enterprise securty. Not a techie cookbook., February 21, 2006

By	R. Whitehead "author of 'Leading a Software D... (Surrey, United Kingdom) - See all my reviews (REAL NAME)

This is a particularly interesting book in that it proposes an approach to developing security architectures that are aligned with Business Needs. Most of the other literature that I have seen in this field seems to throw itself into technical detail and try to be a "cookbook" for techies.

The book is in two distinct parts - this first outlines the philosophy and approach of SABSA (Sherwood Applied Security Architecture) and the second draws on the authors' considerable experience in using SABSA in real-life scenarios, giving a set of "standard" services and mechanisms that should be considered when building an Enterprise Security Architecture.

If you are looking just to do techie "black box" security engineering with routers and servers then this book is not really for you. This is a book for those with a responsibility for enterprises where security can be seen as enabling the business rather than fighting it.

Like others with whom I have spoken, I liked the "quick notes" in the left hand column of every page that let's you speed read each chapter. They made it really easy to set a good insight into the subject quickly and focus on the areas that I really wanted to know more about.

One hidden gem in this book is the approach to Measuring Return on investment in security - it opened my eyes to using security as a business enabler.

4 of 4 people found the following review helpful:

5.0 out of 5 stars Step by step professional, January 15, 2007

By	Biljana Cerin - See all my reviews (REAL NAME)

It is amazing how different books can be. I read dozens of information security management related books, but this one is only I can use in my everyday job. If you are consultant or professional CISO, this book offers tips of how to do things right and how to be efficient. It is information security management bible. Buy hardcover version because you will use it every day.

0 of 1 people found the following review helpful:

4.0 out of 5 stars Good Conceptual Security Modeling Book, November 14, 2007

By	Nocturne - See all my reviews

The Enterprise Security Architecture book plays heavily on the SABSA business model created by one of the Authors. It appears to be a good high-level large business model, and my company has adopted it.

The problem with the approach is that it is very conceptual, and not well defined for actual business practices. I doubt any company has ever actually implemented the SABSA model in their practices yet.

If your willing to charge ahead and define your own processes, this could be a great framework for you. The first third of the book was slow and hard for me to read, but the last two thirds were very logical for my understanding.

Whether or not you decide to use the SABSA model, but book is great reference for a high level enterprise architect or security specialist to suggest better strategies for securing your enterprise.