Next week I am talking on "Building a Security Architecture Blueprint - A Strategic Approach to Enterprise Security" at the Secure 360 conference in the great state of Minnesota.
Overview
Information is a strategic asset, yet the practice of information security in firms is a patchwork of one off tactical solutions that lack a cohesive, rational framework. The purpose of the security architecture blueprint is to bring focus to the key areas of concern for the enterprise, highlighting decision criteria and context for each domain. Since security is a system property it can be difficult for Enterprise Security groups to separate the disparate concerns that exist at different system layers and to understand their role in the system as a whole. This blueprint provides a framework for understanding disparate design and process considerations; to organize architecture and actions toward improving enterprise security.
The talk will survey Security Architecture Blueprint I published last year. We will do an overview of the strategic framework and then drill down to how we practically apply the framework. We will look at how to apply the framework in some of the most interesting domains in information security - static analysis, Web services security, and federated identity. We will use these examples to illustrate how the framework helps ensure a comprehensive approach to make decisions and tradeoffs for building security into your systems.
Comments