• RRP: £63.99
  • You Save: £7.00 (11%)
FREE Delivery in the UK.
Only 6 left in stock (more on the way).
Dispatched from and sold by Amazon.
Gift-wrap available.
Enterprise Security Archi... has been added to your Basket
Trade in your item
Get a £11.00
Gift Card.
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Enterprise Security Architecture: A Business-Driven Approach Hardcover – 15 Nov 2005

See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
"Please retry"
£49.89 £50.00

Frequently Bought Together

Enterprise Security Architecture: A Business-Driven Approach + Open Enterprise Security Architecture (O-ESA): A Framework and Template for Policy-Driven Security (The Open Group Series)
Price For Both: £89.98

Buy the selected items together

Trade In this Item for up to £11.00
Trade in Enterprise Security Architecture: A Business-Driven Approach for an Amazon Gift Card of up to £11.00, which you can then spend on millions of items across the site. Trade-in values may vary (terms apply). Learn more

Product details

  • Hardcover: 608 pages
  • Publisher: CRC Press; 1 edition (15 Nov. 2005)
  • Language: English
  • ISBN-10: 157820318X
  • ISBN-13: 978-1578203185
  • Product Dimensions: 4.4 x 21 x 26 cm
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Bestsellers Rank: 333,910 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, and more.

Product Description

About the Author

John Sherwood, active in operational risk management for more than a decade and as an information systems professional for more than 30 years, is the Chief Architect of the SABSA(r) model. He is also a visiting lecturer and external examiner at Ro

Inside This Book (Learn More)
Explore More
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

5.0 out of 5 stars
5 star
4 star
3 star
2 star
1 star
See all 4 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

15 of 16 people found the following review helpful By "jonasbelbin" on 25 Nov. 2005
Format: Hardcover
I first saw a colleague's preview copy of this book in September and have just got a copy of the real thing. First things first, this book describes exactly what it says on the cover i.e. a Business Driven Approach to security. If you are used to technical security architectures being the start point for security implementations then think again. This book says you should start your work by talking with the "top of the shop" at any enterprise and make sure that your ESA is aligned with the real business drivers of the business. Although this sounds like common sense, in my opinion too many of us have got bogged down in the technologies of authentication, encryption etc. over the years and failed to recognise the real needs of the businesses in which we work.
I particularly liked two things about this book:
- the layout in two distinct parts, ths first covering the philosophy and approach of SABSA, followed by more of a reference type second section;
- the "quick notes" in the left hand column of every page that let's you speed read each chapter.
I think that this book will challenge a lot of conventional approaches - for example where else do you see a section on Measuring Return on Investment in Security?
This book will not be a favourite of everyone that reads it - I did like it and am using it already in my work.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
8 of 9 people found the following review helpful By N. J. Bjergstrom on 9 Dec. 2008
Format: Hardcover
The SABSA method has been under development and in practical use for ten-fifteen years, mostly based on progressive conference presentations by the authors. The impression brought home from listening to the presentations was that this was something really great, breaking new ground and vastly more comprehensive than other enterprise security methods developed by the large consulting companies and a range of mostly American authors. If only it were possible to find all of it documented in one single place so that it could be understood holistically.

This book does exactly that, and it does not disappoint. It is worth the ten-fifteen years wait and without any doubt the best work so far written about corporate security architectures. If government departments and their sub-contractors had followed this development process and implemented it rigorously we would not have seen the past few years' data loss scandals.

The SABSA method should be used as the primary planning tool by all large organisations, not least governments. It makes it possible to introduce top level security without losing usability and flexibility - and without getting into the situation where a single rogue element in an organisation can cause huge havoc. It allows data to be valued correctly so that organisations avoid spending money on unnecessary security measures while providing appropriate information security throughout. The scope of the SABSA method, while primarily intended to provide an information security architecture, actually extends further and will help set up corporate management structures that can be used for other purposes as well.

The book is written by three of the best experts of information security, globally. It should be studied by anybody involved with information security and corporate governance.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
1 of 1 people found the following review helpful By Dhiren on 2 Oct. 2013
Format: Hardcover Verified Purchase
I bought this book some three years ago after speaking briefly with on of the authors and a couple of the reviewers/contributors. As an enterprise architect this book provides fantastic knowledge which I can relate to in my day-to-day work. It provides for methods, concepts and relationships at each architectural tier. Anyone wanting to design security into the business should seriously consider buying and reading this book. The authors rightly point out that the architecture must meet business objectives. This should be aligned using Contextual and Conceptual architectures that are underwritten/approved by the business before any investment should be made in the Logical/Physical architecture. If done correctly you will have a good security service for your business - priceless information. There are loads of tips and clues in this excellent book, a must buy for any Information Security Manager, enterprise architect and those techies who want to understand frameworks. Sorry for the late review!!!
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
8 of 9 people found the following review helpful By Mr. J. Arnold on 1 Jun. 2006
Format: Hardcover Verified Purchase
I cannot praise this book too highly. It covers the whole field of enterprise security architecture in great breadth and detail. Numerous useful models and patterns are included. Valuable (and sometimes amusing) case histories abound.

The writing is particularly clear; difficult topics are explained in full and I gained new insights in many areas.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 9 reviews
9 of 9 people found the following review helpful
Sorry 18 Feb. 2011
By tutsi buster lizzy - Published on Amazon.com
Format: Hardcover Verified Purchase
First off, I have read this book cover to cover. I have been practicing information security architecture and implementation for 10 years. I really liked the in-depth coverage of information security in general. The mapping of the Zachman Framework cells to the so-called SABSA framework is also impressive, but is simple enough to not warrant a whole chapter to be honest. But what is evident to me might not be so to the novice so I take nothing away from the author here.

However, I am very disappointed with this book from an application of methods standpoint. I was expecting so much more.
At the very least I expected some 'real-world' scenarios to be covered in some detail so the practitioner can use material, techniques presented in the book on the job. In several places, this book comes close to revealing the application of methodology being propounded under the trade name of SABSA but then fails to do so. Time and again, I turned over to the next page in anticipation but was left disappointed and exasperated! The author simply refers the reader to contact him for further details- well that's the point of reading the book isn't it? I bought this book for the details but left with an imitation of the Zachman Framework, which by the way is still more directly applicable to information security than SABSA in my most humble opinion. If I am wrong in having said that, it is because I did not learn how or why based on my reading of this book.

I still give it 4 because I like to round up from 3.5- there is too much good information here for the novice for me to rate it 3.
20 of 25 people found the following review helpful
Really helpful for enterprise securty. Not a techie cookbook. 21 Feb. 2006
By R. Whitehead - Published on Amazon.com
Format: Hardcover
This is a particularly interesting book in that it proposes an approach to developing security architectures that are aligned with Business Needs. Most of the other literature that I have seen in this field seems to throw itself into technical detail and try to be a "cookbook" for techies.

The book is in two distinct parts - this first outlines the philosophy and approach of SABSA (Sherwood Applied Security Architecture) and the second draws on the authors' considerable experience in using SABSA in real-life scenarios, giving a set of "standard" services and mechanisms that should be considered when building an Enterprise Security Architecture.

If you are looking just to do techie "black box" security engineering with routers and servers then this book is not really for you. This is a book for those with a responsibility for enterprises where security can be seen as enabling the business rather than fighting it.

Like others with whom I have spoken, I liked the "quick notes" in the left hand column of every page that let's you speed read each chapter. They made it really easy to set a good insight into the subject quickly and focus on the areas that I really wanted to know more about.

One hidden gem in this book is the approach to Measuring Return on investment in security - it opened my eyes to using security as a business enabler.
7 of 8 people found the following review helpful
Step by step professional 15 Jan. 2007
By Biljana Cerin - Published on Amazon.com
Format: Hardcover
It is amazing how different books can be. I read dozens of information security management related books, but this one is only I can use in my everyday job. If you are consultant or professional CISO, this book offers tips of how to do things right and how to be efficient. It is information security management bible. Buy hardcover version because you will use it every day.
5 of 6 people found the following review helpful
A Book That Should Be On Every Security Architect's Desk 26 May 2011
By prophet - Published on Amazon.com
Format: Hardcover
This book (and the Sherwod/Clark/Lynas philosophy) was developed in parallel to the Zachman Framework (unbeknownst to either groups). If you a familar with Zachman, you will note several consistancies here. Though some may clain this is only a conceptual read, there are many oppurtunities to take pieces of the book and apply it in daily architecture. For example, on page 88, it gives several examples of "Business Attributes" in identifying types of business drivers ranging from user, management, operational, risk management, legal/regulatory, technical strategies and business strategies attributes. Thinking these through (and identifying which key ones are important) early in the stages of security architecture help direct the design in the right way. Also, the book provides several real world examples to help illustrate the "whys".

I had the oppurtunity to attend training given by David Lynas on Enterprise Security Architecture. I would also recommend attending, as David walks through several exercises in how to apply this methodology.

In the end, if you are responsible for any security architecture, using the principles/concepts/methodologies in this book will assist in making more concious, sound, security decison making.
A must buy for the aspiring or established security architect 11 Jun. 2014
By Zaphod - Published on Amazon.com
Format: Hardcover Verified Purchase
The definitive guide to SABSA. If you are looking for a practical and actionable security architecture then look no further. More attainable than ITIL, SABSA provides the framework for solving security practioners vision, governance, policy and procedure concerns. It is a heavy but worthwhile read. For the aspiring CISM or CGEIT I'd say this should absolutely be on your bookshelf.
Were these reviews helpful? Let us know