Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 13. A Blueprint for Security > Security Architecture - Pg. 263

Security Architecture 263 SECURITY ARCHITECTURE Traditional information security practices have always been primarily concerned with perimeter control. The assumption was that the outside world was un-trusted and the inside was trusted. As environments have grown more complex, however, it has become necessary to separate different portions of the internal environment based on sensitivity to the risk that is imposed by or upon other parts of the environment. The increasing recognition of the number of security breaches initiated by malicious insiders and the rising transitive risk imposed by one line of business on another through differing security decisions have forced organizations to define a defense in depth strategy that can help to mitigate those risks. Early attempts of many organizations to address these issues without a common security framework have lead to the implementation of point solutions and ad hoc implementations that have not been consistent across the enterprise and, in some cases, have not been the best solution to meet the organization's business goals. Goal of Security Architecture