This Enterprise Security Architecture (ESA) Guide is a reference book providing a framework and template for policy-driven security. Appreciating that the driver for information security is management of risk (see also Risk Management page at http://www.opengroup.org/projects/security/fair/ ), policy is statements capturing business management decisions on how that business intends to "manage" their exposures to risk.
Background: In November 2007, the Network Applications Consortium (NAC) Board – recognizing the synergy between its objectives and those of The Open Group Security Forum – recommended its members should transition to the Security Forum to continue pursuing their objectives. As part of this transition, the NAC transferred its past publications (including this document) and other assets to the Security Forum.
Boundaryless
Information Flow, Dependability Through Assuredness, FACE and The Open
Group Certification Mark are trademarks and ArchiMate, DirecNet, Jericho
Forum, Making Standards Work, OpenPegasus, The Open Group, TOGAF, and UNIX
are registered trademarks of The Open Group.