Enterprise Security Architecture: A Business-Driven Approach

John Sherwood, Andrew Clark, David Lynas

  • 出版商: CMP Books
  • 出版日期: 2005-11-15
  • 售價: $3,150
  • 貴賓價: 9.5$2,993
  • 語言: 英文
  • 頁數: 608
  • 裝訂: Hardcover
  • ISBN: 157820318X
  • ISBN-13: 9781578203185
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Description:

Security is too important to be left in the hands of one systems architect or department -- it is the concern of every enterprise. Having a comprehensive plan for making and keeping an enterprise secure is the responsibility of every senior manager, and requires more than the purchase of security software. Enterprise security requires a framework for developing and maintaining a proactive system to provide business assurance and enable new business opportunities.

The authors have designed a much-needed framework for developing enterprise security architecture using key theoretical models and decades of practical experience. The SABSA(r) (Sherwood Applied Business Security Architecture) model is generic and defines a process for architecture development, with each solution unique to the individual business. At the heart of this framework is Business Attribute Profiling, the key step in capturing business requirements, defining measurement approaches and setting performance targets for information system risk management. This approach, lacking for decades in the development of information systems, provides a quantum leap for the many systems architects who have been struggling to achieve this business linkage.

Both technical security personnel and business managers will find this book useful as a tutorial or reference tool. It relates security architecture issues to business requirements using charts and graphs, and includes descriptions of real business situations.

商品描述(中文翻譯)

描述:
安全性對於一個企業來說太重要了,不能單單交由一個系統架構師或部門來負責,而是每個企業都應關注的問題。擁有一個全面的計劃來確保企業的安全是每個高級經理的責任,並且需要更多於購買安全軟體。企業安全需要一個框架來開發和維護一個主動系統,以提供業務保證並促進新的業務機會。

作者們設計了一個非常需要的框架,使用關鍵的理論模型和數十年的實踐經驗來開發企業安全架構。SABSA(Sherwood Applied Business Security Architecture)模型是通用的,定義了一個架構開發的過程,每個解決方案都是獨特的。這個框架的核心是業務屬性分析,這是捕捉業務需求、定義測量方法和設定信息系統風險管理的性能目標的關鍵步驟。這種方法在信息系統的開發中缺乏了數十年,對於那些一直在努力實現業務聯繫的系統架構師來說,這是一個巨大的飛躍。

技術安全人員和業務經理都會發現這本書作為教程或參考工具非常有用。它通過圖表和圖形將安全架構問題與業務需求相關聯,並包括對真實業務情況的描述。