Additional Information
Book Details
Abstract
Security architects are responsible for maintaining the security of an organisation's computer systems as well as designing, developing and reviewing security architectures that fit business requirements, mitigate risk and conform to security policies. This book gives practical career guidance to those interested in the security architect role. It covers areas such as required skills, responsibilities, dependencies and career progression as well as relevant tools, standards and frameworks.
This book is a serious attempt to define a rapidly evolving role in an ever-changing sector and makes sure to include even those technologies still only on the fringes of adoption. Required reading, not just for security architects or those entering the role but also and perhaps more importantly for those responsible for hiring them.
Rik Ferguson
This book provides a very useful foundation and the real-world insight that an aspiring security architect needs in preparation for the long, often complex and challenging climb up the mountain that is IT security architecture delivery.
Dan Webster
Security architects are responsible for maintaining the security of an organisation's computer systems as well as designing, developing and reviewing security architectures that fit business requirements, mitigate risk and conform to security policies. They ensure that each unique set of security needs is addressed, that systems are protected and beneficial security change is implemented. The book provides practical, effective guidance for anyone looking to become a security architect or wanting to know more about what the role entails. It covers areas such as required skills, responsibilities, dependencies and career progression as well as relevant tools, standards and frameworks.
Very well written and a concise reference to the role of a security architect. It's handy enough to slip into the inside pocket of your jacket and even though it's only 134 pages it still manages to pack in all the essential information about the role. [...] If you truly believe that you merit the title of architect, then read this book - you may decide to reconsider such a lofty title when you don't match the role. Highly recommended.
Peter Daly
In his varied career, Jon Collins has acted as IT manager and software consultant, project manager, training manager, IT security expert and industry analyst. With over 25 years’ experience, he has developed a deep understanding of technology infrastructure and architecture, security and governance models, as well as hands-on experience of delivery in a variety of sectors.
Table of Contents
Section Title | Page | Action | Price |
---|---|---|---|
Cover | i | ||
Advert Page | ii | ||
Copyright | vi | ||
CONTENTS | ix | ||
LIST OF FIGURES | xi | ||
AUTHOR’S NOTE | xii | ||
ACKNOWLEDGEMENTS | xiii | ||
ABBREVIATIONS | xiv | ||
GLOSSARY | xvi | ||
PREFACE | xx | ||
1 INTRODUCTION | 1 | ||
THE ESSENCE OF SECURITY ARCHITECTURE | 2 | ||
THE AIM OF THIS BOOK | 4 | ||
CAVEATS | 5 | ||
2 INFORMATION SECURITY ARCHITECTURE FUNDAMENTALS | 7 | ||
INFORMATION SECURITY IN A CHANGING WORLD | 7 | ||
OVERVIEW OF INFORMATION SECURITY CONCEPTS | 11 | ||
THE ROLE OF IT AND ENTERPRISE ARCHITECTURE IN INFORMATION SECURITY | 19 | ||
INTRODUCING INFORMATION SECURITY ARCHITECTURE | 23 | ||
THE ROLE OF THE BUSINESS IN THE SECURITY ARCHITECTURE | 27 | ||
3 INFORMATION SECURITY ARCHITECTURE ACTIVITIES | 30 | ||
COLLATION | 32 | ||
SCOPING | 34 | ||
THREAT AND VULNERABILITY ASSESSMENT | 40 | ||
ASSESSMENT OF EXISTING CONTROLS | 43 | ||
DOMAIN DEFINITION | 45 | ||
SPECIFICATION OF CONTROLS | 50 | ||
EVALUATION OF OPTIONS | 56 | ||
BUSINESS CASE | 58 | ||
IMPLEMENTATION | 60 | ||
MONITORING AND REVIEW | 63 | ||
4 THE SECURITY ARCHITECT’S ROLE AND SKILL SET | 64 | ||
SECURITY SKILLS | 67 | ||
TECHNICAL SKILLS | 83 | ||
BUSINESS SKILLS | 96 | ||
5 STANDARDS, TOOLS AND TECHNIQUES | 99 | ||
STANDARDS, GUIDELINES AND REGULATIONS | 99 | ||
SECURITY TESTING TOOLS AND TECHNIQUES | 104 | ||
SECURITY ARCHITECTURE OPERATIONS | 109 | ||
6 CAREER PROGRESSION AND RELATED ROLES | 115 | ||
CERTIFICATION AND CONTINUOUS PROFESSIONAL DEVELOPMENT | 116 | ||
INTERFACE AND DEPENDENCIES | 117 | ||
7 A DAY IN THE LIFE OF A SECURITY ARCHITECT | 121 | ||
8 CONCLUSION | 123 | ||
APPENDIX SECURITY ARCHITECTURE DOCUMENT REVIEW CHECKLIST | 125 | ||
REFERENCES | 127 | ||
FURTHER READING | 129 | ||
INDEX | 132 | ||
Advert Page | 137 | ||
Back Cover | 138 |