Features
- Cover Type: Paperback with 416 pages
- Published by: Wiley
- Edition: 1st Edition March 1, 2002
- Written in: English
- ISBN 10 Number: 0471206024
- ISBN 13 Number: 978-0471206026
-
Book Dimensions:
8.9 x 7.8 x 1.1 inches
- Weighs: 1.8 pounds
Product Description
The first guide to tackle security architecture at the
software engineering level
Computer security has become a critical business concern, and, as such, the responsibility of all IT professionals. In this groundbreaking book, a security expert with AT&T Business's renowned Network Services organization explores system security architecture from a
software engineering perspective. He explains why strong security must be a guiding principle of the development process and identifies a common set of features found in most security products, explaining how they can and should impact the development cycle. The book also offers in-depth discussions of security technologies, cryptography, database security, application and operating system security, and more.
Book Info
Author explains why strong security must be a guiding principle of the development process and describes how to weave security into a system's architecture. An essential reference for
software architects and engineers integrating security products into their applications to satisfy corporate security requirements. Softcover.
Reader ReviewsThis is one of the most pragmatic, thorough books on security architectures I've read. The approach the author takes represents best practices in a number of disciplines, including architecture, software engineering, and infrastructure management. This holistic view of security architecture is not provided in total in any of the hundreds of security books I've read. Among the reasons I like and recommend this book are: the approach starts with architectural principles and a survey of approaches based on well known models, as well as development life cycles in the real world. The chapter on security assessments shows how to determine a security posture, establish a baseline and deal with gaps. In addition, the chapters on Security Architecture Basics and Architecture Patterns will provide the foundation of a viable approach to designing a strong security architecture. I also like the way each architectural building block is systematically covered in subsequent chapters, beginning in Part II with low-level architecture components and technical details that span code review techniques, cryptography fundamentals and related topics. Part III covers the mid-level components in detail, including middleware, web, database, application and OS security. Part IV tackles high-level security, culminating in an enterprise security architecture based on low- and mid-level components, and the process-oriented approach provided in the previous parts of the book. This book goes deep into technical details of every facet of the components, showing how they work, interrelationships, standards, and advice for how to deal with challenges and vulnerabilities. Making the business case for security, the topic of Part V, is as thorough and detailed as the preceding technical chapters. Case studies, issues and factors, costs and underlying financial formulae are tied together to help you to craft a viable and realistic business case for proceeding with the design and implementation of a security architecture. This book is focused, covers the entire landscape of security architecture, design and implementation, and leaves no gaps. I strongly recommend it as the workgroup reference in the standards & architecture, software engineering, project, and infrastructure domains.
Search for books at
