Published on Security Management (http://www.securitymanagement.com)
Information Security Architecture: An Integrated Approach to Security in the Organization, Second Edition
By Ben Rothke



    
Print Edition Only: 
No
Beyond Print?: 
No
Weight: 
0
Teaser: 
The book covers important ISA issues such as the nature of the organization, policies and standards, baselines and risk assessment, awareness and training, compliance, and more.


*****Information Security Architecture: An Integrated Approach to Security in the Organization, Second Edition. By Jan Killmeyer Tudor; published by Auerbach Publications, www.crcpress.com [1] (Web); 424 pages; $79.95.


Architecture is the art and science of designing buildings and other structures. Using some creative license, it also encompasses the design of any entity, including information systems and their security components. But while no one would build a building without an architect, IT departments routinely design computer systems without considering the security architecture, instead believing that firewalls and other devices are quick and durable fixes.


Nothing could be further from the truth. In Information Security Architecture, author Jan Killmeyer Tudor shows that an effective and comprehensive information security infrastructure is best developed within the framework of an information security architecture (ISA), given today’s distributed nature of client/server computing. In the past, when systems were closed and proprietary, security wasn’t as compelling a need as it is in today’s open systems.


The book covers important ISA issues such as the nature of the organization, policies and standards, baselines and risk assessment, awareness and training, compliance, and more. An underlying message is that these components must work in concert to form a cohesive ISA. Hardware and software are ineffective if they are not integrated into the ISA.


A dominant theme throughout is that implementing security technologies requires an understanding not only of the technologies’ return on investment to the organization but also of the risks and vulnerabilities related to these technologies. This ISA methodology gives security professionals an excellent method for achieving just that.


Given how important policy is to an ISA, the book has several appendices that include policies, procedures, and work plans. These provide a fine foundation upon which to build a security architecture.


Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a New York City-based security consultant with INS, Inc. He is a member of ASIS International.


Author: 
Ben Rothke
Related Resources: 
Detail Image: 
killmeyer0207.gif
Comments


    

    




  
Security Management is the award-winning publication of ASIS International, the preeminent international

organization for security professionals, with more than 38,000 members worldwide.


ASIS International, Inc. Worldwide Headquarters, 1625 Prince Street, Alexandria, Virginia 22314-2818 U.S.A.

703.519.6200 | fax 703.519.6299 | www.asisonline.org


ASIS


© 2013 Security Management

This site is protected by copyright and trade mark laws under U.S. and International law.

No part of this work may be reproduced without the written permission of Security Management.








    

    
Source URL: http://www.securitymanagement.com/article/information-security-architecture-integrated-approach-security-organization-second-edition

    
Links:
[1] http://www.crcpress.com/