Securing Systems: Applied Security Architecture and Threat Models
- Length: 440 pages
- Edition: 1
- Language: English
- Publisher: CRC Press
- Publication Date: 2015-05-28
- ISBN-10: 1482233975
- ISBN-13: 9781482233971
- Sales Rank: #915001 (See Top 100 Books)
Internet attack on computer systems is pervasive. It can take from less than a minute to as much as eight hours for an unprotected machine connected to the Internet to be completely compromised. It is the information security architect’s job to prevent attacks by securing computer systems. This book describes both the process and the practice of assessing a computer system’s existing information security posture. Detailing the time-tested practices of experienced security architects, it explains how to deliver the right security at the right time in the implementation lifecycle.
Securing Systems: Applied Security Architecture and Threat Models
covers all types of systems, from the simplest applications to complex, enterprise-grade, hybrid cloud architectures. It describes the many factors and prerequisite information that can influence an assessment. The book covers the following key aspects of security analysis:
- When should the security architect begin the analysis?
- At what points can a security architect add the most value?
- What are the activities the architect must execute?
- How are these activities delivered?
- What is the set of knowledge domains applied to the analysis?
- What are the outputs?
- What are the tips and tricks that make security architecture risk assessment easier?
To help you build skill in assessing architectures for security, the book presents six sample assessments. Each assessment examines a different type of system architecture and introduces at least one new pattern for security analysis. The goal is that after you’ve seen a sufficient diversity of architectures, you’ll be able to understand varied architectures and can better see the attack surfaces and prescribe security solutions.
Table of Contents
Part I: Introduction
Chapter 1: Introduction
Chapter 2: The Art of Security Assessment
Chapter 3: Security Architecture of Systems
Chapter 4: Information Security Risk
Chapter 5: Prepare for Assessment
Part II: Introduction
Chapter 6: eCommerce Website
Chapter 7: Enterprise Architecture
Chapter 8: Business Analytics
Chapter 9: Endpoint Anti-malware
Chapter 10: Mobile Security Software with Cloud Management
Chapter 11: Cloud Software as a Service (SaaS)
Part III: Introduction
Chapter 12: Patterns and Governance Deliver Economies of Scale
Chapter 13: Building an Assessment Program