Call for Papers

Below is the call for papers for the upcoming Cutter IT Journal issue Enterprise Security Architecture: Trends and Best Practices, guest edited by Michael Rosen.

Enterprise Security Architecture: Trends and Best Practices

Hardly a day goes by without some security issue, information or identity theft event making the news. Although still a concern, teenage boys hacking your system are the least of your worries these days. Organized cyber crime is establishing a stronghold with determined and concerted efforts to move into the 21st century. Even governments are getting into the act. Whereas from an enterprise perspective we often say 'information is an enterprise asset', from a security perspective we say 'lost information is a liability'. Concepts like de-perimeterisation tell us that we can't secure the enterprise by building a wall around it, and the cloud and mobile devices just make it that much harder. So what is an enterprise to do in the age of increased threat and reduced budget?

One Chief Information Security Officer I was speaking with put it in terms four questions:

  1. What are your important assets? Certainly, your data and transactions will fall into this category. What else? What is less important? How do you characterize and quantify them objectively?
  2. How do you adequately protect the most important assets? This is where you apply an enterprise-wide, defense-in-depth strategy, in proportion to the value of the assets and the consequences of a loss.
  3. Do you know when someone is messing with you? You must not only protect the assets, but continually monitor them for inappropriate or anomalous access and be able to prove how they were used and by whom.
  4. How agile are you at dealing with it? When you detect an attack, how quickly can you address it and how effectively can you determine what, if anything, has been compromised?

The April 2012 issue of Cutter IT Journal will examine enterprise security architecture from a practice-based perspective. In this Call for Papers, we invite article submissions offering insightful analysis, best practices, and new research. Topics of interest include, but are not limited to the following key issues:

Enterprise Approach to Security Architecture

An enterprise approach to security takes two different vectors. One is the dimension of scope, encompassing the entire enterprise and covering the extended enterprise, multiple lines of business, and many locations. Another dimension is domain, where a different tactic is applied at each of the traditional EA domains of Business, Information, Application, and Technology architectures.

Topics of interest include but are not limited to the following:

  • What are the approaches to security at each architectural domain?
  • How are those approaches tied together in an organized and optimized defense-in-depth strategy?
  • How are enterprise assets characterized and quantified to allow for an objective evaluation of risk and impact to allow for prioritization and cost/benefit analysis?
  • How do we trade off security versus cost versus inconvenience?
  • How do you measure the performance and effectiveness of your security architecture?
  • How is your security architecture related to enterprise risk management activities?
  • How do we explain the risk, benefits, and approach of security architecture to business and management?

Security in the Enterprise 3.0 World: SOA, Cloud, Mobile Devices and Social Networks

It is undeniable that the landscape for enterprises has changed dramatically. Ubiquitous Internet access, new business models and networks, SOA, integrated supply chains and other environmental factors have only expanded the scope of our security domain, and the complexity of the problem. Whether we like it or not, users are demanding access to consumer devices and capabilities like social networks. And then of course, there is the over hyped Cloud and the challenge of allowing someone else to control our precious assets. Some enterprises are taking advantage of these new technologies to provide innovative solutions, increase capacity, cut costs, and improve competitiveness. But, are they prepared for the risks involved, and if so, how?

Topics of interest include:

  • What are the new security challenges in the Enterprise 3.0 World?
  • How are they addressed from an enterprise perspective? (i.e. The same questions above apply here)
  • What are some specific approaches to addressing the challenges?
  • How does SOA change the security approach to applications?
  • What new technologies help address these challenges? How?

Do you have a different perspective, interesting topic, or idea about enterprise security architecture? We'd love to hear it too.

TO SUBMIT AN ARTICLE IDEA

Please respond to the Guest Editor, Mike Rosen at mrosen[at]cutter[dot]com with a copy to itjournal[at]cutter[dot]com by 8 February 2012. Please include an extended abstract and short outline showing the major discussion points.

ARTICLE DEADLINE

Accepted articles are due by 9 March 2012.

EDITORIAL GUIDELINES

Most Cutter IT Journal articles are approximately 2,500-3,500 words long, plus whatever graphics are appropriate. If you have any other questions, please do not hesitate to contact CITJ's Group Publisher, Christine Generali at cgenerali[at]cutter[dot]com or the Guest Editor, Mike Rosen at mrosen[at]cutter[dot]com. Editorial guidelines are available online.

Important Note: When you submit an article to Cutter Consortium, you warrant that you (or your employer) are the sole owner of the article and that you have full power and authority to copyright it and publish it. Also, the article you submit to Cutter must be an original; not previously published elsewhere.

AUDIENCE

Typical readers of Cutter IT Journal range from CIOs and vice presidents of software organizations to IT managers, directors, project leaders, business analysts/managers and very senior technical staff. Most work in fairly large organizations: Fortune 500 IT shops, large computer vendors (IBM, HP, etc.), and government agencies. 48% of our readership is outside of the US (15% from Canada, 14% Europe, 5% Australia/NZ, 14% elsewhere). Please avoid introductory-level, tutorial coverage of a topic. Assume you're writing for someone who has been in the industry for 10 to 20 years, is very busy, and very impatient. Assume he or she will be asking, "What's the point? What do I do with this information?" Apply the "So what?" test to everything you write.

PROMOTIONAL OPPORTUNITIES

We are pleased to offer Journal authors a year's complimentary subscription and five copies of the issue in which they are published. In addition, we occasionally pull excerpts, along with the author's bio, to include in our weekly Cutter Edge e-mail bulletin, which reaches another 8,000 readers. We'd also be pleased to quote you, or passages from your article, in Cutter press releases. If you plan to be speaking at industry conferences, we can arrange to make copies of your article or the entire issue available for attendees of those speaking engagements -- furthering your own promotional efforts.

ABOUT CUTTER IT JOURNAL

No other journal brings together so many cutting-edge thinkers, and lets them speak so bluntly and frankly. We strive to maintain the Journal's reputation as the "Harvard Business Review of IT." Our goal is to present well-grounded opinion (based on real, accountable experiences), research, and animated debate about each topic the Journal explores.

PLEASE FORWARD THIS CALL FOR PAPERS TO ANYONE WHO MIGHT HAVE AN APPROPRIATE SUBMISSION.

Cutter IT Journal Call for Papers: Enterprise Security Architecture: Trends and Best Practices