Product Description

'Destined to be a classic work on the topic, Enterprise Security Architecture fills a real void in the knowledge base of our industry. In a comprehensive, detailed treatment, Sherwood, Clark and Lynas rightly emphasize the business approach and show how

Security is too important to be left in the hands of just one department or employee -- it's a concern of an entire enterprise. Enterprise Security Architecture shows that having a comprehensive plan requires more than the purchase of security software -- it requires a framework for developing and maintaining a system that is proactive.

Product Details

• Amazon Sales Rank: #167445 in Books
• Published on: 2005-11-15
• Original language: English
• Number of items: 1
• Binding: Hardcover
• 608 pages

About the Author
John Sherwood, active in operational risk management for more than a decade and as an information systems professional for more than 30 years, is the Chief Architect of the SABSA(r) model. He is also a visiting lecturer and external examiner at Ro

Customer Reviews

Outstanding - the SABSA Business Approach documented at last
I first saw a colleague's preview copy of this book in September and have just got a copy of the real thing. First things first, this book describes exactly what it says on the cover i.e. a Business Driven Approach to security. If you are used to technical security architectures being the start point for security implementations then think again. This book says you should start your work by talking with the "top of the shop" at any enterprise and make sure that your ESA is aligned with the real business drivers of the business. Although this sounds like common sense, in my opinion too many of us have got bogged down in the technologies of authentication, encryption etc. over the years and failed to recognise the real needs of the businesses in which we work.
I particularly liked two things about this book:
- the layout in two distinct parts, ths first covering the philosophy and approach of SABSA, followed by more of a reference type second section;
- the "quick notes" in the left hand column of every page that let's you speed read each chapter.
I think that this book will challenge a lot of conventional approaches - for example where else do you see a section on Measuring Return on Investment in Security?
This book will not be a favourite of everyone that reads it - I did like it and am using it already in my work.

Excellent and Complete!
I cannot praise this book too highly. It covers the whole field of enterprise security architecture in great breadth and detail. Numerous useful models and patterns are included. Valuable (and sometimes amusing) case histories abound.

The writing is particularly clear; difficult topics are explained in full and I gained new insights in many areas.

THE authoritative treatise on enterprise security
The SABSA method has been under development and in practical use for ten-fifteen years, mostly based on progressive conference presentations by the authors. The impression brought home from listening to the presentations was that this was something really great, breaking new ground and vastly more comprehensive than other enterprise security methods developed by the large consulting companies and a range of mostly American authors. If only it were possible to find all of it documented in one single place so that it could be understood holistically.

This book does exactly that, and it does not disappoint. It is worth the ten-fifteen years wait and without any doubt the best work so far written about corporate security architectures. If government departments and their sub-contractors had followed this development process and implemented it rigorously we would not have seen the past few years' data loss scandals.

The SABSA method should be used as the primary planning tool by all large organisations, not least governments. It makes it possible to introduce top level security without losing usability and flexibility - and without getting into the situation where a single rogue element in an organisation can cause huge havoc. It allows data to be valued correctly so that organisations avoid spending money on unnecessary security measures while providing appropriate information security throughout. The scope of the SABSA method, while primarily intended to provide an information security architecture, actually extends further and will help set up corporate management structures that can be used for other purposes as well.

The book is written by three of the best experts of information security, globally. It should be studied by anybody involved with information security and corporate governance.