| | |  | Computer Security | Home » » Enterprise Security Architecture: A Business-Driven Approach | | | | | | | Product Promotions: | | | | | Description: | | 'Destined to be a classic work on the topic, Enterprise Security Architecture fills a real void in the knowledge base of our industry. In a comprehensive, detailed treatment, Sherwood, Clark and Lynas rightly emphasize the business approach and show how
Security is too important to be left in the hands of just one department or employee -- it's a concern of an entire enterprise. Enterprise Security Architecture shows that having a comprehensive plan requires more than the purchase of security software -- it requires a framework for developing and maintaining a system that is proactive. | | | Product Details: | | | Author:
| John Sherwood | | Hardcover:
| 608 pages | | Publisher:
| CMP | | Publication Date:
| November 12, 2005 | | Language:
| English | | ISBN:
| 157820318X | | Product Length:
| 10.28 inches | | Product Width:
| 8.3 inches | | Product Height:
| 1.68 inches | | Product Weight:
| 3.56 pounds | | Package Length:
| 9.92 inches | | Package Width:
| 7.95 inches | | Package Height:
| 1.34 inches | | Package Weight:
| 3.53 pounds | | Average Customer Rating:
|  based on 6 reviews |
| | | | Customer Reviews: | |
Average Customer Review:
 ( 6 customer reviews )
Write an online review and share your thoughts with other customers.
Most Helpful Customer Reviews
18 of 21 found the following review helpful:
 Really helpful for enterprise securty. Not a techie cookbook.Feb 21, 2006
By R. Whitehead
"author of 'Leading a Software Development Team'"
This is a particularly interesting book in that it proposes an approach to developing security architectures that are aligned with Business Needs. Most of the other literature that I have seen in this field seems to throw itself into technical detail and try to be a "cookbook" for techies.
The book is in two distinct parts - this first outlines the philosophy and approach of SABSA (Sherwood Applied Security Architecture) and the second draws on the authors' considerable experience in using SABSA in real-life scenarios, giving a set of "standard" services and mechanisms that should be considered when building an Enterprise Security Architecture.
If you are looking just to do techie "black box" security engineering with routers and servers then this book is not really for you. This is a book for those with a responsibility for enterprises where security can be seen as enabling the business rather than fighting it.
Like others with whom I have spoken, I liked the "quick notes" in the left hand column of every page that let's you speed read each chapter. They made it really easy to set a good insight into the subject quickly and focus on the areas that I really wanted to know more about.
One hidden gem in this book is the approach to Measuring Return on investment in security - it opened my eyes to using security as a business enabler.
7 of 7 found the following review helpful:
Step by step professionalJan 15, 2007
By Biljana Cerin
It is amazing how different books can be. I read dozens of information security management related books, but this one is only I can use in my everyday job. If you are consultant or professional CISO, this book offers tips of how to do things right and how to be efficient. It is information security management bible. Buy hardcover version because you will use it every day.
3 of 3 found the following review helpful:
A Book That Should Be On Every Security Architect's DeskMay 26, 2011
By prophet
This book (and the Sherwod/Clark/Lynas philosophy) was developed in parallel to the Zachman Framework (unbeknownst to either groups). If you a familar with Zachman, you will note several consistancies here. Though some may clain this is only a conceptual read, there are many oppurtunities to take pieces of the book and apply it in daily architecture. For example, on page 88, it gives several examples of "Business Attributes" in identifying types of business drivers ranging from user, management, operational, risk management, legal/regulatory, technical strategies and business strategies attributes. Thinking these through (and identifying which key ones are important) early in the stages of security architecture help direct the design in the right way. Also, the book provides several real world examples to help illustrate the "whys".
I had the oppurtunity to attend training given by David Lynas on Enterprise Security Architecture. I would also recommend attending, as David walks through several exercises in how to apply this methodology.
In the end, if you are responsible for any security architecture, using the principles/concepts/methodologies in this book will assist in making more concious, sound, security decison making.
2 of 2 found the following review helpful:
 Great Book for Security Theory - Easier read than CISSP.Apr 12, 2011
By Sketchie
I gave the book 4 stars as it covers the theories of security very well and was somewhat easier to read than the CISSP books. They cover roughly the same topics, but teach differently. If you can read and understand the CISSP books, then this will be a breeze.
2 of 2 found the following review helpful:
SorryFeb 18, 2011
By tutsi buster lizzy
"javed"
First off, I have read this book cover to cover. I have been practicing information security architecture and implementation for 10 years. I really liked the in-depth coverage of information security in general. The mapping of the Zachman Framework cells to the so-called SABSA framework is also impressive, but is simple enough to not warrant a whole chapter to be honest. But what is evident to me might not be so to the novice so I take nothing away from the author here.
However, I am very disappointed with this book from an application of methods standpoint. I was expecting so much more.
At the very least I expected some 'real-world' scenarios to be covered in some detail so the practitioner can use material, techniques presented in the book on the job. In several places, this book comes close to revealing the application of methodology being propounded under the trade name of SABSA but then fails to do so. Time and again, I turned over to the next page in anticipation but was left disappointed and exasperated! The author simply refers the reader to contact him for further details- well that's the point of reading the book isn't it? I bought this book for the details but left with an imitation of the Zachman Framework, which by the way is still more directly applicable to information security than SABSA in my most humble opinion. If I am wrong in having said that, it is because I did not learn how or why based on my reading of this book.
I still give it 4 because I like to round up from 3.5- there is too much good information here for the novice for me to rate it 3.
See all 6 customer reviews on Amazon.com
| | |
|
