Librería Portfolio

Internet attack on computer systems is pervasive. It can take from less than a minute to as much as eight hours for an unprotected machine connected to the Internet to be completely compromised. It is the information security architect's job to prevent attacks by securing computer systems. This book describes both the process and the practice of assessing a computer system's existing information security posture. Detailing the time-tested practices of experienced security architects, it explains how to deliver the right security at the right time in the implementation lifecycle.

Securing Systems: Applied Security Architecture and Threat Models covers all types of systems, from the simplest applications to complex, enterprise-grade, hybrid cloud architectures. It describes the many factors and prerequisite information that can influence an assessment. The book covers the following key aspects of security analysis:

When should the security architect begin the analysis?
At what points can a security architect add the most value?
What are the activities the architect must execute?
How are these activities delivered?
What is the set of knowledge domains applied to the analysis?
What are the outputs?
What are the tips and tricks that make security architecture risk assessment easier?
To help you build skill in assessing architectures for security, the book presents six sample assessments. Each assessment examines a different type of system architecture and introduces at least one new pattern for security analysis. The goal is that after you've seen a sufficient diversity of architectures, you'll be able to understand varied architectures and can better see the attack surfaces and prescribe security solutions.



Table of Contents
Dedication
Contents
Foreword by John N. Stewart
Foreword by Dr. James F. Ransome
Preface
Acknowledgments
About the Author

Part I Introduction
The Lay of Information Security Land
The Structure of the Book
References

Introduction
Breach! Fix It!
Information Security, as Applied to Systems
Applying Security to Any System
References

The Art of Security Assessment
Why Art and Not Engineering?
Introducing ´The Process´
Necessary Ingredients
The Threat Landscape
Who Are These Attackers? Why Do They Want to Attack My System?
How Much Risk to Tolerate?
Getting Started
References

Security Architecture of Systems
Why Is Enterprise Architecture Important?
The ´Security´ in ´Architecture´
Diagramming For Security Analysis
Seeing and Applying Patterns
System Architecture Diagrams and Protocol Interchange Flows (Data Flow Diagrams)
Security Touches All Domains
Component Views
What's Important?
What Is ´Architecturally Interesting´?
Understanding the Architecture of a System
Size Really Does Matter
Applying Principles and Patterns to Specific Designs
Principles, But Not Solely Principles
Summary
References

Information Security Risk
Rating with Incomplete Information
Gut Feeling and Mental Arithmetic
Real-World Calculation
Personal Security Posture
Just Because It Might Be Bad, Is It?
The Components of Risk
Threat
Exposure
Vulnerability
Impact
Business Impact
Data Sensitivity Scales
Risk Audiences
The Risk Owner
Desired Security Posture
Summary
References

Prepare for Assessment
Process Review
Credible Attack Vectors
Applying ATASM
Architecture and Artifacts
Understand the Logical and Component Architecture of the System
Understand Every Communication Flow and Any Valuable Data Wherever Stored
Threat Enumeration
List All the Possible Threat Agents for This Type of System
List the Typical Attack Methods of the Threat Agents
List the System-Level Objectives of Threat Agents Using Their Attack Methods
Attack Surfaces
Decompose (factor) the Architecture to a Level That Exposes Every Possible Attack Surface
Filter Out Threat Agents Who Have No Attack Surfaces Exposed to Their Typical Methods
List All Existing Security Controls for Each Attack Surface
Filter Out All Attack Surfaces for Which There Is Sufficient Existing Protection
Data Sensitivity
A Few Additional Thoughts on Risk
Possible Controls
Apply New Security Controls to the Set of Attack Services for Which There Isn't Sufficient Mitigation
Build a Defense-in-Depth
Summary
References

Part I Summary

Part II Introduction
Practicing with Sample Assessments
Start with Architecture
A Few Comments about Playing Well with Others
Understand the Big Picture and the Context
Getting Back to Basics
References

eCommerce Website
Decompose the System
The Right Level of Decomposition
Finding Attack Surfaces to Build the Threat Model
Requirements

Enterprise Architecture
Enterprise Architecture Pre-work: Digital Diskus
Digital Diskus' Threat Landscape
Conceptual Security Architecture
Enterprise Security Architecture Imperatives and Requirements
Digital Diskus' Component Architecture
Enterprise Architecture Requirements
References

Business Analytics
Architecture
Threats
Attack Surfaces
Attack Surface Enumeration
Mitigations
Administrative Controls
Enterprise Identity Systems (Authentication and Authorization)
Requirements
References

Endpoint Anti-malware
A Deployment Model Lens
Analysis
More on Deployment Model
Endpoint AV Software Security Requirements
References

Mobile Security Software with Cloud Management
Basic Mobile Security Architecture
Mobility Often Implies Client/Cloud
Introducing Clouds
Authentication Is Not a Panacea
The Entire Message Stack Is Important
Just Good Enough Security
Additional Security Requirements for a Mobile and Cloud Architecture

Cloud Software as a Service (SaaS)
What's So Special about Clouds?
Analysis: Peel the Onion
Freemium Demographics
Protecting Cloud Secrets
The Application Is a Defense
´Globality´
Additional Requirements for the SaaS Reputation Service 319
References

Part II Summary

Part III Introduction

Patterns and Governance Deliver Economies of Scale
Expressing Security Requirements
Expressing Security Requirements to Enable
Who Consumes Requirements?
Getting Security Requirements Implemented
Why Do Good Requirements Go Bad?
Some Thoughts on Governance
Summary
References

Building an Assessment Program
Building a Program
Senior Management's Job
Bottom Up?
Use Peer Networks
Building a Team
Training
Documentation and Artifacts
Peer Review
Workload
Mistakes and Missteps
Not Everyone Should Become an Architect
Standards Can't Be Applied Rigidly
One Size Does Not Fit All, Redux
Don't Issue Edicts Unless Certain of Compliance
Measuring Success
Invitations Are Good!
Establish Baselines
Summary
References

Part III Summary and Afterword
Summary
Afterword

Index