Enterprise Security Architecture

Enterprise Security Architecture

by Nicholas Sherwood
Released November 2005
Publisher(s): CRC Press
ISBN: 9781498759908

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Security is too important to be left in the hands of just one department or employee-it's a concern of an entire enterprise. Enterprise Security Architecture shows that having a comprehensive plan requires more than the purchase of security software-it requires a framework for developing and maintaining a system that is proactive. The book is based

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Table of Contents
  7. Foreword
  8. Preface
    1. Benefits
    2. The Evolution of Information Security
    3. Information Security Literature
    4. How to Use This Book
    5. About the SABSA® Model
    6. Relationship to Other Methods, Models and Standards
    7. And Finally...
  9. Acknowledgements
  10. Part 1: Introduction
    1. Security Architecture
    2. Chapter 1: The Meaning of Security
      1. The Cultural Legacy: Business Prevention
      2. Measuring and Prioritising Business Risk
      3. Information Security as the Enabler of Business
      4. Adding Value to the Core Product
      5. Empowering the Customers
      6. Protecting Relationships and Leveraging Trust
      7. To Summarise: What Does ‘Security’ Mean?
    3. Chapter 2: The Meaning of Architecture
      1. The Origins of Architecture
      2. Managing Complexity
      3. Information Systems Architecture
      4. Enterprise Security Architecture
      5. Why Architectures Sometimes Fail to Deliver Benefit – and How to Avoid that Fate
      6. Security Architecture Needs a Holistic Approach
      7. To Summarise: What Does Architecture Mean?
    4. Chapter 3: Security Architecture Model
      1. The SABSA® Model
      2. The Architect’s View
      3. The Designer’s View
      4. The Builder’s View
      5. The Tradesman’s View
      6. The Facilities Manager’s View
      7. The Inspector’s View
      8. The SABSA® Matrix
      9. Detailed SABSA® Matrix for the Operational Layer
      10. To Summarise: The Security Architecture Model
    5. Chapter 4: Case Study
      1. Intergalactic Banking and Financial Services Inc
      2. Interviews at IBFS
      3. To Summarise: IBFS Inc
    6. Chapter 5: A Systems Approach
      1. The Role of Systems Engineering
      2. Why a Systems Approach?
      3. What Does the Systems Approach Make You Do?
      4. The Need for Systems Engineering in Security Architectures
      5. Some Basic Concepts
      6. The Control System Concept
      7. Using the Systems Approach in Security Architecture
      8. Case Study
      9. Advanced Modelling Techniques
      10. To Summarise: A Systems Approach
    7. Chapter 6: Measuring Return on Investment in Security Architecture
      1. What Is Meant by ‘Return on Investment’?
      2. Why Do You Need Metrics?
      3. The Security Management Dashboard
      4. The Balanced Scorecard Approach
      5. Business Drivers and Traceability
      6. Business Attributes and Metrics
      7. Setting Up a Metrics Framework
      8. Maturity Models Applied to Security Architecture
    8. Chapter 7: Using This Book as a Practical Guide
      1. Using the SABSA® Model to Define a Development Process
      2. Strategy and Concept Phase
      3. Design Phase
      4. Implementation Phase
      5. Manage and Measure Phase
      6. To Summarise: How to Use This Book as a Practical Guide
    9. Chapter 8: Managing the Security Architecture Programme
      1. Selling the Benefits of Security Architecture
      2. Getting Sponsorship and Budget
      3. Building the Team
      4. Getting Started: Fast Track™ Workshops
      5. Programme Planning and Management
      6. Collecting the Information You Need
      7. Getting Consensus on the Conceptual Architecture
      8. Architecture Governance and Compliance
      9. Architecture Maintenance
      10. Long-Term Confidence of Senior Management
      11. To Summarise: Managing the Security Architecture Programme
  11. Part 2: Strategy and Planning
    1. Strategy and Planning
    2. Contextual Security Architecture
    3. Conceptual Security Architecture
    4. Chapter 9: Contextual Security Architecture
      1. Business Needs for Information Security
      2. Security As a Business Enabler
      3. Digital Business
      4. Operational Continuity and Stability
      5. Safety-Critical Dependencies
      6. Business Goals, Success Factors and Operational Risks
      7. Operational Risk Assessment
      8. Business Processes and Their Need for Security
      9. Organisation and Relationships Affecting Business Security-Needs
      10. Location Dependence of Business Security Needs
      11. Time Dependency of Business Security Needs
      12. To Summarise: Contextual Security Architecture
    5. Chapter 10: Conceptual Security Architecture
      1. Conceptual Thinking
      2. Business Attributes Profile
      3. Control Objectives
      4. Security Strategies and Architectural Layering
      5. Security Entity Model and Trust Framework
      6. Security Domain Model
      7. Security Lifetimes and Deadlines
      8. Assessing the Current State of your Security Architecture
      9. To Summarise: Conceptual Security Architecture
  12. Part 3: Design
    1. Design
    2. Logical Security Architecture
    3. Physical Security Architecture
    4. Component Security Architecture
    5. Chapter 11: Logical Security Architecture
      1. Business Information Model
      2. Security Policies
      3. Security Services
      4. Application and System Security Services
      5. Security Management Services
      6. Entity Schema and Privilege Profiles
      7. Security Domain Definitions and Associations
      8. Security Processing Cycle
      9. Security Improvements Programme
      10. To Summarise: Logical Security Architecture
    6. Chapter 12: Physical Security Architecture
      1. Business Data Model
      2. Security Rules, Practices and Procedures
      3. Security Mechanisms
      4. User and Application Security
      5. Platform and Network Infrastructure Security
      6. Control Structure Execution
      7. To Summarise: Physical Security Architecture
    7. Chapter 13: Component Security Architecture
      1. Detailed Data Structures
      2. Security Standards
      3. Security Products and Tools
      4. Identities, Functions, Actions and ACLs
      5. Processes, Nodes, Addresses and Protocols
      6. Security Step-Timing and Sequencing
      7. To Summarise: Component Security Architecture
  13. Part 4: Operations
    1. Operations
    2. Operational Security Architecture
    3. Style of Part 4
    4. Chapter 14: Security Policy Management
      1. The Meaning of Security Policy
      2. Structuring the Content of a Security Policy
      3. Policy Hierarchy and Architecture
      4. Corporate Security Policy
      5. Policy Principles
      6. Information Classification
      7. System Classification
      8. CA and RA Security Policies
      9. Application System Security Policies
      10. Platform Security Policies
      11. Network Security Policies
      12. Other Infrastructure Security Policies
      13. Security Organisation and Responsibilities
      14. Security Culture Development
      15. Outsourcing Strategy and Policy Management
      16. To Summarise:
    5. Chapter 15: Operational Risk Management
      1. Introduction to Operational Risk Management
      2. Regulatory Drivers for Operational Risk Management
      3. The Complexity of Operational Risk Management
      4. Approaches to Risk Assessment
      5. Managing Operational Risk
      6. Risk Mitigation
      7. Risk-Based Security Reviews
      8. Risk Financing
      9. The Risk Management Dashboard
      10. To Summarise:
    6. Chapter 16: Assurance Management
      1. Assurance of Operational Continuity
      2. Organisational Security Audits
      3. System Security Audits
      4. System Assurance Strategy
      5. Functional Testing
      6. Penetration Testing
      7. To Summarise:
    7. Chapter 17: Security Administration and Operations
      1. Introduction to Security Management and Administration
      2. Managing the People
      3. Managing Physical and Environmental Security
      4. Managing ICT Operations and Support
      5. Access Control Management
      6. Compliance Management
      7. Security-Specific Operations
      8. Managed Security Services
      9. Product Evaluation and Selection
      10. Business Continuity Management
      11. To Summarise:
  14. Appendix A: List of Acronyms
  15. Index

Product information

  • Title: Enterprise Security Architecture
  • Author(s): Nicholas Sherwood
  • Release date: November 2005
  • Publisher(s): CRC Press
  • ISBN: 9781498759908