Open Enterprise Security Architecture (O-ESA): A Framework and Template for Policy-Driven Security

This Open Enterprise Security Architecture (O-ESA) Guide provides a valuable reference resource for practicing security architects and designers. It gives a comprehensive overview of the key security issues, principles, components, and concepts underlying architectural decisions that are involved when designing effective enterprise security architectures. It does not define a specific enterprise security architecture, and neither is it a "how to" guide to design one, although in places it does indicate some of the "how". This Guide updates the NAC 2004 ESA Guide to bring it up-to-date in those areas which have evolved since its 2004 publication date. In particular, it replaces the quoted extract licensed from the British Standards Institute Code of Practice for Information Security Management, by referencing rather than licensing reproduction of quoted extracts from the latest ISO/IEC 27001/2 standard.