Introduction

How do you validate the design of new applications before coding even begins? Do you have a formal methodology to assess the fundamental design of third-party applications or services? The key to these issues is defining an enterprise-wide approach to security architectural risk analysis. Information security architecture is not a new concept, but it is still a relatively immature discipline with few effective models available. This chapter introduces a new model that can help organizations to tackle this kind of analysis without having to employ a team ...