Description: |
This Enterprise Security Architecture (ESA) Guide is a reference book providing a framework and template for policy-driven security. Appreciating that the driver for information security is management of risk (see also Risk Management page at http://www.opengroup.org/projects/security/fair/ ), policy is statements capturing business management decisions on how that business intends to "manage" their exposures to risk.
Background: In November 2007, the Network Applications Consortium (NAC) Board – recognizing the synergy between its objectives and those of The Open Group Security Forum – recommended its members should transition to the Security Forum to continue pursuing their objectives. As part of this transition, the NAC transferred its past publications (including this document) and other assets to the Security Forum.
|