Buy New

Sign in to turn on 1-Click ordering.
Buy Used
Used - Very Good See details
Price: £49.23

Trade in Yours
For a £13.63 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Image not available

Tell the Publisher!
I’d like to read this book on Kindle

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Enterprise Security Architecture: A Business-Driven Approach [Hardcover]

John Sherwood , Andrew Clark , David Lynas
5.0 out of 5 stars  See all reviews (4 customer reviews)
Price: £54.99 & FREE Delivery in the UK. Details
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
Only 8 left in stock (more on the way).
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 30 July? Choose Express delivery at checkout. Details


Amazon Price New from Used from
Hardcover £54.99  
Trade In this Item for up to £13.63
Trade in Enterprise Security Architecture: A Business-Driven Approach for an Amazon Gift Card of up to £13.63, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Book Description

15 Nov 2005

Security is too important to be left in the hands of just one department or employee—it’s a concern of an entire enterprise. Enterprise Security Architecture shows that having a comprehensive plan requires more than the purchase of security software—it requires a framework for developing and maintaining a system that is proactive. The book is based around the SABSA layered framework. It provides a structured approach to the steps and processes involved in developing security architectures. It also considers how some of the major business issues likely to be encountered can be resolved.

Frequently Bought Together

Enterprise Security Architecture: A Business-Driven Approach + Open Enterprise Security Architecture (O-ESA): A Framework and Template for Policy-Driven Security (Security (Van Haren Publishing))
Price For Both: £87.98

Buy the selected items together

Product details

  • Hardcover: 608 pages
  • Publisher: CRC Press; 1 edition (15 Nov 2005)
  • Language: English
  • ISBN-10: 157820318X
  • ISBN-13: 978-1578203185
  • Product Dimensions: 26.1 x 21.1 x 4.3 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Bestsellers Rank: 241,142 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, and more.

Product Description

About the Author

John Sherwood, active in operational risk management for more than a decade and as an information systems professional for more than 30 years, is the Chief Architect of the SABSA(r) model. He is also a visiting lecturer and external examiner at Ro

Inside This Book (Learn More)
Explore More
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

Customer Reviews

4 star
3 star
2 star
1 star
5.0 out of 5 stars
5.0 out of 5 stars
Most Helpful Customer Reviews
15 of 16 people found the following review helpful
I first saw a colleague's preview copy of this book in September and have just got a copy of the real thing. First things first, this book describes exactly what it says on the cover i.e. a Business Driven Approach to security. If you are used to technical security architectures being the start point for security implementations then think again. This book says you should start your work by talking with the "top of the shop" at any enterprise and make sure that your ESA is aligned with the real business drivers of the business. Although this sounds like common sense, in my opinion too many of us have got bogged down in the technologies of authentication, encryption etc. over the years and failed to recognise the real needs of the businesses in which we work.
I particularly liked two things about this book:
- the layout in two distinct parts, ths first covering the philosophy and approach of SABSA, followed by more of a reference type second section;
- the "quick notes" in the left hand column of every page that let's you speed read each chapter.
I think that this book will challenge a lot of conventional approaches - for example where else do you see a section on Measuring Return on Investment in Security?
This book will not be a favourite of everyone that reads it - I did like it and am using it already in my work.
Comment | 
Was this review helpful to you?
8 of 9 people found the following review helpful
The SABSA method has been under development and in practical use for ten-fifteen years, mostly based on progressive conference presentations by the authors. The impression brought home from listening to the presentations was that this was something really great, breaking new ground and vastly more comprehensive than other enterprise security methods developed by the large consulting companies and a range of mostly American authors. If only it were possible to find all of it documented in one single place so that it could be understood holistically.

This book does exactly that, and it does not disappoint. It is worth the ten-fifteen years wait and without any doubt the best work so far written about corporate security architectures. If government departments and their sub-contractors had followed this development process and implemented it rigorously we would not have seen the past few years' data loss scandals.

The SABSA method should be used as the primary planning tool by all large organisations, not least governments. It makes it possible to introduce top level security without losing usability and flexibility - and without getting into the situation where a single rogue element in an organisation can cause huge havoc. It allows data to be valued correctly so that organisations avoid spending money on unnecessary security measures while providing appropriate information security throughout. The scope of the SABSA method, while primarily intended to provide an information security architecture, actually extends further and will help set up corporate management structures that can be used for other purposes as well.

The book is written by three of the best experts of information security, globally. It should be studied by anybody involved with information security and corporate governance.
Comment | 
Was this review helpful to you?
8 of 9 people found the following review helpful
5.0 out of 5 stars Excellent and Complete! 1 Jun 2006
Format:Hardcover|Verified Purchase
I cannot praise this book too highly. It covers the whole field of enterprise security architecture in great breadth and detail. Numerous useful models and patterns are included. Valuable (and sometimes amusing) case histories abound.

The writing is particularly clear; difficult topics are explained in full and I gained new insights in many areas.
Comment | 
Was this review helpful to you?
1 of 1 people found the following review helpful
5.0 out of 5 stars end-to-end security architecture bible 2 Oct 2013
By Dhiren
Format:Hardcover|Verified Purchase
I bought this book some three years ago after speaking briefly with on of the authors and a couple of the reviewers/contributors. As an enterprise architect this book provides fantastic knowledge which I can relate to in my day-to-day work. It provides for methods, concepts and relationships at each architectural tier. Anyone wanting to design security into the business should seriously consider buying and reading this book. The authors rightly point out that the architecture must meet business objectives. This should be aligned using Contextual and Conceptual architectures that are underwritten/approved by the business before any investment should be made in the Logical/Physical architecture. If done correctly you will have a good security service for your business - priceless information. There are loads of tips and clues in this excellent book, a must buy for any Information Security Manager, enterprise architect and those techies who want to understand frameworks. Sorry for the late review!!!
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on (beta) 4.4 out of 5 stars  8 reviews
8 of 8 people found the following review helpful
4.0 out of 5 stars Sorry 18 Feb 2011
By tutsi buster lizzy - Published on
Format:Hardcover|Verified Purchase
First off, I have read this book cover to cover. I have been practicing information security architecture and implementation for 10 years. I really liked the in-depth coverage of information security in general. The mapping of the Zachman Framework cells to the so-called SABSA framework is also impressive, but is simple enough to not warrant a whole chapter to be honest. But what is evident to me might not be so to the novice so I take nothing away from the author here.

However, I am very disappointed with this book from an application of methods standpoint. I was expecting so much more.
At the very least I expected some 'real-world' scenarios to be covered in some detail so the practitioner can use material, techniques presented in the book on the job. In several places, this book comes close to revealing the application of methodology being propounded under the trade name of SABSA but then fails to do so. Time and again, I turned over to the next page in anticipation but was left disappointed and exasperated! The author simply refers the reader to contact him for further details- well that's the point of reading the book isn't it? I bought this book for the details but left with an imitation of the Zachman Framework, which by the way is still more directly applicable to information security than SABSA in my most humble opinion. If I am wrong in having said that, it is because I did not learn how or why based on my reading of this book.

I still give it 4 because I like to round up from 3.5- there is too much good information here for the novice for me to rate it 3.
20 of 25 people found the following review helpful
5.0 out of 5 stars Really helpful for enterprise securty. Not a techie cookbook. 21 Feb 2006
By R. Whitehead - Published on
This is a particularly interesting book in that it proposes an approach to developing security architectures that are aligned with Business Needs. Most of the other literature that I have seen in this field seems to throw itself into technical detail and try to be a "cookbook" for techies.

The book is in two distinct parts - this first outlines the philosophy and approach of SABSA (Sherwood Applied Security Architecture) and the second draws on the authors' considerable experience in using SABSA in real-life scenarios, giving a set of "standard" services and mechanisms that should be considered when building an Enterprise Security Architecture.

If you are looking just to do techie "black box" security engineering with routers and servers then this book is not really for you. This is a book for those with a responsibility for enterprises where security can be seen as enabling the business rather than fighting it.

Like others with whom I have spoken, I liked the "quick notes" in the left hand column of every page that let's you speed read each chapter. They made it really easy to set a good insight into the subject quickly and focus on the areas that I really wanted to know more about.

One hidden gem in this book is the approach to Measuring Return on investment in security - it opened my eyes to using security as a business enabler.
7 of 8 people found the following review helpful
5.0 out of 5 stars Step by step professional 15 Jan 2007
By Biljana Cerin - Published on
It is amazing how different books can be. I read dozens of information security management related books, but this one is only I can use in my everyday job. If you are consultant or professional CISO, this book offers tips of how to do things right and how to be efficient. It is information security management bible. Buy hardcover version because you will use it every day.
5 of 6 people found the following review helpful
5.0 out of 5 stars A Book That Should Be On Every Security Architect's Desk 26 May 2011
By prophet - Published on
This book (and the Sherwod/Clark/Lynas philosophy) was developed in parallel to the Zachman Framework (unbeknownst to either groups). If you a familar with Zachman, you will note several consistancies here. Though some may clain this is only a conceptual read, there are many oppurtunities to take pieces of the book and apply it in daily architecture. For example, on page 88, it gives several examples of "Business Attributes" in identifying types of business drivers ranging from user, management, operational, risk management, legal/regulatory, technical strategies and business strategies attributes. Thinking these through (and identifying which key ones are important) early in the stages of security architecture help direct the design in the right way. Also, the book provides several real world examples to help illustrate the "whys".

I had the oppurtunity to attend training given by David Lynas on Enterprise Security Architecture. I would also recommend attending, as David walks through several exercises in how to apply this methodology.

In the end, if you are responsible for any security architecture, using the principles/concepts/methodologies in this book will assist in making more concious, sound, security decison making.
2 of 3 people found the following review helpful
4.0 out of 5 stars Great Book for Security Theory - Easier read than CISSP. 12 April 2011
By Sketchie - Published on
I gave the book 4 stars as it covers the theories of security very well and was somewhat easier to read than the CISSP books. They cover roughly the same topics, but teach differently. If you can read and understand the CISSP books, then this will be a breeze.
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category