Review: Open Enterprise Security Architecture (O-ESA)

April 2013 

O-ESA, by the Security Forum of the Open Group, describes a framework for policy-driven security architecture. The context of security here is maintaining the confidentiality, availability and integrity of the electronic form of information. Enterprise security architecture is defined as the component of the overall enterprise architecture to fulfil these objectives.

The book views enterprise security architecture in the larger context as part of an overall enterprise security program with relations to Corporate IT Governance, Risk Management, Physical Security and Enterprise Architecture. A good layout of enterprise security program is given in the introduction section as four concentric rings of responsibility; program management, governance, technology architecture and operations.