He advises organizations to strive for a security architecture that covers a two- to three-year period, but to keep in mind that the architecture is a living thing that must adapt, for example, to a merger with another organization with different principles or to a change in the regulatory environment. The security tools deployed also drive adaptation, through the feedback they give on real-world conditions.
Henry says Burton's Reference Architecture for Security Technology "doesn't hang its hat on a particular vendor's implementation, but is much more generalized." He explains how your organization can establish its security principles, work out technical positions, and then create graphical templates describing the architecture at all levels, from high level goals down to specific solutions to be deployed.
IT Conversations' publication of this program is underwritten by your donations and:
|
||
|
||
Trent Henry is senior analyst with Burton Group, a research and consulting firm, where he specializes in information protection, compliance and control standards, content security, and cryptography. A Certified Information Systems Security Professional (CISSP) with over fifteen years of experience in information technology, Trent's past work includes PKI industry security management and technology research, internet server and protocol product development, and operations leadership of large-scale network and distributed systems deployments. Professional experience includes Identrus, Digital Signature Trust, Ameritech, and Apple Computer. Trent is a respected speaker and writer. He has participated in X9 and Internet Engineering Task Force (IETF). Trent contributed to the first Common Criteria Protection Profile slated to become an ANSI standard. He received undergraduate degree from Stanford University.
Resources:
This program is from the Burton Group Catalyst 2005 series.
For Team ITC:
This free podcast is from our Burton Group Catalyst series.