Security architects are responsible for maintaining the security of an organisation's computer systems as well as designing, developing and reviewing security architectures that fit business requirements, mitigate risk and conform to security policies. This book gives practical career guidance to those interested in the security architect role. It covers areas such as required skills, responsibilities, dependencies and career progression as well as relevant tools, standards and frameworks.
Recenzijos
This book provides a very useful foundation and the real-world insight that an aspiring security architect needs in preparation for the long, often complex and challenging climb up the mountain that is IT security architecture delivery. -- Dan Webster * The National Trust * This book is a serious attempt to define a rapidly evolving role in an ever-changing sector and makes sure to include even those technologies still only on the fringes of adoption. Required reading, not just for security architects or those entering the role but also and perhaps more importantly for those responsible for hiring them. -- Rik Ferguson * Trend Micro * Very well written and a concise reference to the role of a security architect. It's handy enough to slip into the inside pocket of your jacket and even though it's only 134 pages it still manages to pack in all the essential information about the role. [ ...] If you truly believe that you merit the title of architect, then read this book - you may decide to reconsider such a lofty title when you don't match the role. Highly recommended. -- Peter Daly
|
|
|
xi | |
| Author's note |
|
xii | |
| Acknowledgements |
|
xiii | |
| Abbreviations |
|
xiv | |
| Glossary |
|
xvi | |
| Preface |
|
xx | |
|
|
|
1 | (6) |
|
The essence of security architecture |
|
|
2 | (2) |
|
|
|
4 | (1) |
|
|
|
5 | (2) |
|
2 Information Security Architecture Fundamentals |
|
|
7 | (23) |
|
Information security in a changing world |
|
|
7 | (4) |
|
Overview of information security concepts |
|
|
11 | (8) |
|
The role of IT and enterprise architecture in information security |
|
|
19 | (4) |
|
Introducing information security architecture |
|
|
23 | (4) |
|
The role of the business in the security architecture |
|
|
27 | (3) |
|
3 Information Security Architecture Activities |
|
|
30 | (34) |
|
|
|
32 | (2) |
|
|
|
34 | (6) |
|
Threat and vulnerability assessment |
|
|
40 | (3) |
|
Assessment of existing controls |
|
|
43 | (2) |
|
|
|
45 | (5) |
|
Specification of controls |
|
|
50 | (6) |
|
|
|
56 | (2) |
|
|
|
58 | (2) |
|
|
|
60 | (3) |
|
|
|
63 | (1) |
|
4 The Security Architect's Role And Skill Set |
|
|
64 | (35) |
|
|
|
67 | (16) |
|
|
|
83 | (13) |
|
|
|
96 | (3) |
|
5 Standards, Tools And Techniques |
|
|
99 | (16) |
|
Standards, guidelines and regulations |
|
|
99 | (5) |
|
Security testing tools and techniques |
|
|
104 | (5) |
|
Security architecture operations |
|
|
109 | (6) |
|
6 Career Progression And Related Roles |
|
|
115 | (6) |
|
Certification and continuous professional development |
|
|
116 | (1) |
|
Interface and dependencies |
|
|
117 | (4) |
|
7 A Day In The Life Of A Security Architect |
|
|
121 | (4) |
|
|
|
123 | (2) |
| Appendix: Security architecture document review checklist |
|
125 | (2) |
| References |
|
127 | (2) |
| Further reading |
|
129 | (3) |
| Index |
|
132 | |
In his varied career, Jon Collins has acted as IT manager and software consultant, project manager, training manager, IT security expert and industry analyst. With over 25 years experience, he has developed a deep understanding of technology infrastructure and architecture, security and governance models, as well as hands-on experience of delivery in a variety of sectors.
