Security Architecture Modeling: A Comprehensive Approach to Enterprise Risk Management

This book takes a pragmatic view of the field, with emphasis on enterprise security. It begins with an overview of what is an architecture and why one needs an architecture-based approach to the issue of security (Chapter 1). This is followed by a description of the typical corporate networking and computing environments; Unsecured Zones, Semi-Secure Zones, Secure Zones are examined (Chapter 2.) Existing Security Architecture Models are surveyed, leading the author to synthesize a model that is used throughout the rest of the book (Chapter 3).

The remainder of the book looks at architectural constructs for various aspects of the IT environment that may be subject to security infractions. Chapter 4 looks at the physical/electromagnetic radiation control function. Chapter 5 looks at perimeters defenses, specifically credential/access verification functions. Chapter 6 examines administrative internally-connected function & privilege levels. This is follows by a discussion of the application defenses Function (Chapter 7); OS defenses functions are covered in Chapter 8. Finally Chapter 9 looks at data and data-at-rest Functions.

This text book is intended for security professionals at all levels in medium-to-large size companies. It is expected to also be useful to Enterprise Architects, vendors, auditors, and students in the IT field.