Book Review - Security Patterns: Integrating Security and Systems Engineering
Category Book Reviews
Sometimes the subject of IT security can be a bit overwhelming with too many (or too few) options. But if you can break it down to specific items or patterns, it starts to become much easier to work with. I am impressed with the book Security Patterns: Integrating Security and Systems Engineering by Markus Schumacher, Eduardo Fernandez-Buglioni, Duane Hybertson, Frank Buschmann, and Peter Sommerlad. They have produced a nice reference volume that does just that.
Contents: The Pattern Approach; Security Foundations; Security Patterns; Patterns Scope and Enterprise Security; The Security Pattern Landscape; Enterprise Security and Risk Management; Identification and Authentication (I&A); Access Control Models; System Access Control Architecture; Operating System Access Control; Accounting; Firewall Architectures; Secure Internet Applications; Case Study - IP Telephony; Supplementary Concepts; Closing Remarks; References; Index
Following a common format, the authors outline 46 different security patterns that apply to systems and architectures. The format includes the Name (name of the pattern), Also Known As (alternative names in common use), Example (a real world example of the pattern's use), Context (when it may apply), Problem (what problem the pattern addresses), Solution (the solution principle), Structure (a detailed examination of the pattern), Dynamics (typical run-time behavior), Implementation (how the pattern is commonly implemented), Example Resolved (aspects not touched in prior sections), Variants (any customizations of the pattern), Known Uses (examples from real implementations), Consequences (benefits and liabilities), and See Also (references to other patterns that may apply). This consistent structure of each pattern makes it very easy to find the information you need in order to determine whether you should be considering the pattern for your own use. They also do a good job in laying the groundwork for why security is important, as well as what various factors come into play when building systems in today's internet-based environment.
While this isn't a book you'd sit down and read from cover to cover, it is one that should stay close at hand. After reading the first five chapters, you'll have the foundation you need in order to start focusing on specific chapters that address your particular needs. But even an occasional browse through less-visited chapters could spur ideas that may address new problems that weren't present when you first read the material. Definitely a solid book with ample opportunities for benefits on the job...
Sometimes the subject of IT security can be a bit overwhelming with too many (or too few) options. But if you can break it down to specific items or patterns, it starts to become much easier to work with. I am impressed with the book Security Patterns: Integrating Security and Systems Engineering by Markus Schumacher, Eduardo Fernandez-Buglioni, Duane Hybertson, Frank Buschmann, and Peter Sommerlad. They have produced a nice reference volume that does just that.
Contents: The Pattern Approach; Security Foundations; Security Patterns; Patterns Scope and Enterprise Security; The Security Pattern Landscape; Enterprise Security and Risk Management; Identification and Authentication (I&A); Access Control Models; System Access Control Architecture; Operating System Access Control; Accounting; Firewall Architectures; Secure Internet Applications; Case Study - IP Telephony; Supplementary Concepts; Closing Remarks; References; Index
Following a common format, the authors outline 46 different security patterns that apply to systems and architectures. The format includes the Name (name of the pattern), Also Known As (alternative names in common use), Example (a real world example of the pattern's use), Context (when it may apply), Problem (what problem the pattern addresses), Solution (the solution principle), Structure (a detailed examination of the pattern), Dynamics (typical run-time behavior), Implementation (how the pattern is commonly implemented), Example Resolved (aspects not touched in prior sections), Variants (any customizations of the pattern), Known Uses (examples from real implementations), Consequences (benefits and liabilities), and See Also (references to other patterns that may apply). This consistent structure of each pattern makes it very easy to find the information you need in order to determine whether you should be considering the pattern for your own use. They also do a good job in laying the groundwork for why security is important, as well as what various factors come into play when building systems in today's internet-based environment.
While this isn't a book you'd sit down and read from cover to cover, it is one that should stay close at hand. After reading the first five chapters, you'll have the foundation you need in order to start focusing on specific chapters that address your particular needs. But even an occasional browse through less-visited chapters could spur ideas that may address new problems that weren't present when you first read the material. Definitely a solid book with ample opportunities for benefits on the job...
| Permalink |
