Enterprise Security Architecture - A Business-Driven Approach

John Sherwood, Andrew Clark and David Lynas

Publisher CMP Books
ISBN 978-1-57820-318-5
RRP $69.95
Reviewed by Jim McGhie CEng CITP MBCS
Senior Consultant, LogicaCMG UK Ltd
Score 9 out of 10

Enterprise Security Architecture This comprehensive and detailed volume on the subject of network security is based around the SABSA layered framework first developed by John Sherwood in 1995. It focuses on providing a structured approach to the steps and processes involved in developing security architectures as well as considering how some of the major business issues likely to be encountered can be resolved.

The book benefits from not being restricted to considering particular technologies or technical solutions but concentrates on proposing a systems methodology which can be applied in whole or part to the majority of networking situations.

It contains a wealth of case studies, models and explanatory tables to illustrate and underline many of the recommended good practice points made in the text.

Organized into four parts, the first section introduces the need for security architectures from a business perspective along with the purpose and benefits to be gained from employing the SABSA lifecycle.

It provides an excellent introduction to the topic for anyone seeking to become informed on network security and the issues that need to be addressed.

Subsequent parts of the book deal with strategy and planning, followed by design and finally, security operations. The overall result is a wide-ranging roadmap which can be applied in whole or in part to assist in achieving a secure and successful enterprise security solution.

I particularly liked the inclusion of the margin notes on each page which aid overall readability and permit skim reading of the paragraph contents.

The book is likely to prove useful both to technical security personnel and business managers and can be used both as a tutorial volume or reference work.

The book easily earns a score of nine, based on its comprehensive coverage of the subject, readability of the contents and value for money.