tag:blogger.com,1999:blog-2397196717839865841.post3170151667670808470..comments2010-05-22T23:25:30.782+10:00Matthew Hacklinghttp://www.blogger.com/profile/12211732838162218259noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-2397196717839865841.post-21938803451675525432010-05-22T23:25:30.775+10:002010-05-22T23:25:30.775+10:00I&#39;m reading the &#39;Enterprise Security Architecture&#39; book by John Sherwood, Andrew Clark and David Lynas atm. If this is something you&#39;re working on, then this is mandatory reading if you haven&#39;t done so. I think his book will resonate quite strongly with you as well.Jarrodhttp://www.blogger.com/profile/09705073585945953338noreply@blogger.comtag:blogger.com,1999:blog-2397196717839865841.post-39866455670328907812010-04-30T09:30:51.706+10:002010-04-30T09:30:51.706+10:00Good post, Matthew.<br /><br />I&#39;ve found that there are two other benefits of an ESA:<br /><br />1. Willingness (or otherwise) of an organisation to commit to an ESA is one indication of how serious they are about security (qualifier: the ESA is necessary but not sufficient proof).<br /><br />2. Taking an organisation through the journey of discovery in filling in the details for an ESA is enlightening for all concerned.<br /><br />Dave ShawDavidhttp://www.blogger.com/profile/14715188476087419206noreply@blogger.com