A Business-driven Approach Pdf: Enterprise Security Architecture

Mr. Holst called her into his office. “How did you know where to put the money?”

Nadia Voss was the new CISO of Aether Dynamics , a mid-sized aerospace parts manufacturer. The company was bleeding money. Not from competitors, but from internal chaos. The sales team used unapproved cloud drives; engineering printed classified blueprints on unsecured office printers; and the CEO, Mr. Holst, famously kept his network password on a sticky note under his keyboard.

Nadia slid a worn copy of Enterprise Security Architecture: A Business-Driven Approach across the desk. “I stopped building a fortress around the entire kingdom,” she said. “I built a titanium vault around the crown, and let the village have wooden fences. The attackers went for the village. We didn’t care.” The company was bleeding money

Panic erupted. Mr. Holst turned to Nadia. “How did they get in?”

“Your exfiltration rate: 1.2GB/minute. Pay 50 Bitcoin or we release the turbine blade schematics to your competitor in Beijing.” Holst, famously kept his network password on a

Suddenly, the abstract “Confidentiality” pillar of security became real. Nadia realized her architecture wasn’t broken because of a missing patch. It was broken because it was democratic —it treated the cafeteria menu PDF with the same protection level as the crown jewel algorithm.

Every time Nadia tried to enforce a technical control—blocking a USB port, patching a server—the business screamed that she was slowing down production. She was fighting security while the business fought for speed . She was losing. ” she said.

Nadia scrapped the old checklist. She built a new model based on the Sherwood Applied Business Security Architecture (SABSA) framework.