Information Security Architecture: An Integrated Approach to Security in the Organization, Second Edition Hardcover – Dec 28 2005
|New from||Used from|
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
Most Helpful Customer Reviews on Amazon.com (beta)
Nothing could be further from the truth. In Information Security Architecture, author Jan Killmeyer Tudor shows that an effective and comprehensive information security infrastructure is best developed within the framework of an information security architecture (ISA), given today's distributed nature of client/server computing. In the past, when systems were closed and proprietary, security wasn't as compelling a need as it is in today's open systems.
The book covers important ISA issues such as the nature of the organization, policies and standards, baselines and risk assessment, awareness and training, compliance, and more. An underlying message is that these components must work in concert to form a cohesive ISA. Hardware and software are ineffective if they are not integrated into the ISA.
A dominant theme throughout is that implementing security technologies requires an understanding not only of the technologies' return on investment to the organization but also of the risks and vulnerabilities related to these technologies. This ISA methodology gives security professionals an excellent method for achieving just that.
Given how important policy is to an ISA, the book has several appendices that include policies, procedures, and work plans. These provide a fine foundation upon which to build a security architecture.
Tried to identify target audience and failed.
Executive summary does not help: 'The first section of this book
-- "Information Security Architecture" -- is designed to give the reader
an understanding of the necessity for and requirements of an integrated plan.'
Deducing: architecture is "an integrated plan".
Major concern is rather pompous title, while, in fact, book is about IS governance.
"Architecture" claim, IMO, is groundless;
"WHY AN ARCHITECTURE" section does not provide convincing explanation.
It might have been OK to do that back at times of 1st edition, ~2K,
when everything architecture was immature. Things have changed since.
Hence, rating: sans claiming architecture overarching scale,
it might turn out as decent governance guide.
[BTW, Reasonably good book on governance: KRAG BROTBY (ISBN 0470131187),
if you are looking for one.]
More and more often good texts are spoiled by poor editorial work.
This book is no exception: terms are used before they are defined
(ex.: component owner;
there is a reference to the 1st edition: are we suppose to read that one first?).
Did someone proofread this: "individual responsible for the firewall product
should have been identified in the security organization and infrastructure"?
- if it sounds OK, then you might not be right person for editing;
- maybe, indeed, in the military personnel is infrastructure.
This is, of course, my very subjective opinion of architect, ISSP.
Inside - Information and Communication Technologies in Healthcare
Incorrect Compilation of Hardcover and Content Pages
Look for similar items by category
- Books > Business & Investing > Industries & Professions > E-commerce
- Books > Business & Investing > Industries & Professions > MIS
- Books > Business & Investing > Reference > Shopping & Commerce
- Books > Computers & Technology > Certification Central > Exams > Security+
- Books > Computers & Technology > Computer Science > Software Engineering > Information Systems
- Books > Computers & Technology > Hardware > Design & Architecture
- Books > Computers & Technology > History & Culture > Manager's Guides to Computing
- Books > Computers & Technology > Networking & Cloud Computing > Network Administration
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Professional & Technical > Business Management > Management & Leadership > Information Management
- Books > Textbooks > Business & Finance
- Books > Textbooks > Computer Science & Information Systems