The SABSA method has been under development and in practical use for ten-fifteen years, mostly based on progressive conference presentations by the authors. The impression brought home from listening to the presentations was that this was something really great, breaking new ground and vastly more comprehensive than other enterprise security methods developed by the large consulting companies and a range of mostly American authors. If only it were possible to find all of it documented in one single place so that it could be understood holistically.
This book does exactly that, and it does not disappoint. It is worth the ten-fifteen years wait and without any doubt the best work so far written about corporate security architectures. If government departments and their sub-contractors had followed this development process and implemented it rigorously we would not have seen the past few years' data loss scandals.
The SABSA method should be used as the primary planning tool by all large organisations, not least governments. It makes it possible to introduce top level security without losing usability and flexibility - and without getting into the situation where a single rogue element in an organisation can cause huge havoc. It allows data to be valued correctly so that organisations avoid spending money on unnecessary security measures while providing appropriate information security throughout. The scope of the SABSA method, while primarily intended to provide an information security architecture, actually extends further and will help set up corporate management structures that can be used for other purposes as well.
The book is written by three of the best experts of information security, globally. It should be studied by anybody involved with information security and corporate governance.