O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Enterprise Security: A Data-Centric Approach to Securing the Enterprise

Enterprise Security: A Data-Centric Approach to Securing the Enterprise

by Aaron Woody
Publisher: Packt Publishing
Release Date: February 2013
ISBN: 9781849685962
View table of contents
Start reading

Book Description

A guide to applying data-centric security concepts for securing enterprise data to enable an agile enterprise

  • Learn sample forms and process flows for quick and easy use
  • An easy-to-follow reference for implementing information security in the enterprise
  • Learn enterprise information security challenges and roadmap to success

In Detail

Enterprise security redefined using a data-centric approach and trust models to transform information security into a business enablement process. It is a unique and forward thinking approach for deciding the best method to secure data in the enterprise, the cloud, and in BYOD environments.

"Enterprise Security: A Data-Centric Approach to Securing the Enterprise" will guide you through redefining your security architecture to be more affective and turn information security into a business enablement process rather than a roadblock. This book will provide you with the areas where security must focus to ensure end-to-end security throughout the enterprise-supporting enterprise initiatives such as cloud and BYOD.

"Enterprise Security: A Data-Centric Approach to Securing the Enterprise" will first introduce the reader to a new security architecture model and then explores the must have security methods and new tools that can used to secure the enterprise.

This book will take a data-centric approach to securing the enterprise through the concept of Trust Models and building a layered security implementation focused on data. This is not your traditional security book focused on point solutions and the network aspect of security.

This book combines best practice methods with new methods to approach enterprise security and how to remain agile as the enterprise demands more access to data from traditionally untrusted assets, hosted solutions, and third parties. Applied Information Security - A Data-Centric Approach to Securing the Enterprise will provide the reader an easy-to-follow flow from architecture to implementation, diagrams and recommended steps, and resources for further research and solution evaluation.

This book is a reference and guide for all levels of enterprise security programs that have realized that non-data centric security is no longer practical and new methods must be used to secure the most critical assets in the enterprise.

Table of Contents

  1. Enterprise Security: A Data-Centric Approach to Securing the Enterprise
    1. Table of Contents
    2. Enterprise Security: A Data-Centric Approach to Securing the Enterprise
    3. Credits
    4. About the Author
    5. About the Reviewers
    6. www.packtpub.com
      1. Support files, e-books, discount offers, and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
        3. Instant Updates on New Packt Books
    7. Preface
      1. What this book covers
      2. Who this book is for
      3. Conventions
      4. Reader feedback
      5. Customer support
        1. Errata
        2. Piracy
        3. Questions
    8. 1. Enterprise Security Overview
      1. The façade of enterprise security
        1. The history and making of the façade
        2. Our current approach to security
          1. Security architecture 101
          2. A new approach to security
      2. Enterprise security pitfalls
        1. Shortcomings of the current security architecture
        2. Communicating information security
        3. The cost of information security
        4. The conflicting message of enterprise security
        5. Proving a negative
      3. The road map to securing the enterprise
        1. Road map components
          1. Defining users
          2. Defining applications
          3. Defining data
          4. Defining roles
          5. Defining processes
          6. Defining policies and standards
          7. Defining network infrastructure
          8. Defining application security architecture
      4. Summary
    9. 2. Security Architectures
      1. Redefining the network edge
        1. Drivers for redefinition
          1. Feature-rich web applications
          2. Business partner access
          3. Miscellaneous third-party services
          4. Cloud initiatives
      2. Security architecture models
        1. Defining the building blocks of trust models
          1. Defining data in a trust model
            1. Data locations
            2. Data types
          2. Defining processes in a trust model
          3. Defining applications in a trust model
          4. Defining users in a trust model
          5. Defining roles in a trust model
          6. Defining policies and standards
        2. Enterprise trust models
          1. Application user (external)
          2. Application owner (business partner)
          3. System owner (contractor)
          4. Data owner (internal)
          5. Automation
        3. Micro architectures
        4. Data risk-centric architectures
        5. BYOD initiatives
          1. Bring your own mobile device
          2. Bring your own PC
      3. Summary
    10. 3. Security As a Process
      1. Risk analysis
        1. What is risk analysis?
          1. Assessing threats
          2. Assessing impact
          3. Assessing probability
          4. Assessing risk
            1. Qualitative risk analysis
              1. Qualitative risk analysis exercise
            2. Quantitative risk analysis
              1. Quantitative risk analysis exercise
        2. Applying risk analysis to trust models
        3. Deciding on a risk analysis methodology
        4. Other thoughts on risk and new enterprise endeavors
      2. Security policies and standards
        1. Policy versus standard
          1. A quick note on wording
        2. Understanding security policy development
        3. Common IT security policies
          1. Information security policy
          2. Acceptable use policy
          3. Technology use policy
          4. Remote access policy
          5. Data classification policy
          6. Data handling policy
          7. Data retention policy
          8. Data destruction policy
        4. Policies for emerging technologies
          1. Policy considerations
          2. Emerging technology challenges
        5. Developing enterprise security standards
          1. Common IT security standards
            1. Wireless network security standard
              1. Trust model building block for wireless network security standard
              2. Applying trust models to develop standards
            2. Enterprise monitoring standard
            3. Enterprise encryption standard
            4. System hardening standard
      3. Security exceptions
      4. Security review of changes
        1. Perimeter security changes
        2. Data access changes
        3. Network architectural changes
      5. Summary
    11. 4. Securing the Network
      1. Overview
      2. Next generation firewalls
        1. Benefits of NGFW technology
          1. Application awareness
          2. Intrusion prevention
          3. Advanced malware mitigation
      3. Intrusion detection and prevention
        1. Intrusion detection
        2. Intrusion prevention
        3. Detection methods
          1. Behavioral analysis
          2. Anomaly detection
          3. Signature-based detection
      4. Advanced persistent threat detection and mitigation
      5. Securing network services
        1. DNS
          1. DNS resolution
          2. DNS zone transfer
          3. DNS records
          4. DNSSEC
        2. E-mail
          1. SPAM filtering
            1. SPAM filtering in the cloud
            2. Local SPAM filtering
          2. SPAM relaying
        3. File transfer
          1. Implementation considerations
            1. Secure file transfer protocols
            2. User authentication
        4. User Internet access
        5. Websites
          1. Secure coding
          2. Next generation firewalls
          3. IPS
          4. Web application firewall
      6. Network segmentation
        1. Network segmentation strategy
          1. Asset identification
          2. Security mechanisms
      7. Applying security architecture to the network
        1. Security architecture in the DMZ
        2. Security architecture in the internal network
        3. Security architecture and internal segmentation
      8. Summary
    12. 5. Securing Systems
      1. System classification
        1. Implementation considerations
        2. System management
          1. Asset inventory labels
          2. System patching
      2. File integrity monitoring
        1. Implementation considerations
        2. Implementing FIM
          1. Real-time FIM
          2. Manual mode FIM
      3. Application whitelisting
        1. Implementation considerations
      4. Host-based intrusion prevention system
        1. Implementation considerations
      5. Host firewall
        1. Implementation considerations
      6. Anti-virus
        1. Signature-based anti-virus
        2. Heuristic anti-virus
        3. Implementation considerations
      7. User account management
        1. User roles and permissions
        2. User account auditing
      8. Policy enforcement
      9. Summary
    13. 6. Securing Enterprise Data
      1. Data classification
        1. Identifying enterprise data
          1. Data types
          2. Data locations
          3. Automating discovery
          4. Assign data owners
        2. Assign data classification
      2. Data Loss Prevention
        1. Data in storage
        2. Data in use
        3. Data in transit
        4. DLP implementation
          1. DLP Network
          2. DLP E-mail and Web
          3. DLP Discover
          4. DLP Endpoint
      3. Encryption and hashing
        1. Encryption and hashing explained
          1. Encryption
          2. Encrypting data at rest
            1. Database encryption
            2. The need for database encryption
            3. Methods of database encryption
              1. Application encryption
              2. Selective database encryption
              3. Complete database encryption
              4. Tokenization
            4. File share encryption
          3. Encrypting data in use
          4. Encrypting data in transit
      4. Tokenization
      5. Data masking
      6. Authorization
      7. Developing supporting processes
      8. Summary
    14. 7. Wireless Network Security
      1. Security and wireless networks
      2. Securing wireless networks
        1. A quick note on SSID cloaking and MAC filtering
        2. Wireless authentication
          1. Using shared key
            1. Caveats of shared key implementation
          2. Using IEEE 802.1X
            1. Caveats of 802.1X implementation
        3. Wireless encryption
          1. WEP
          2. WPA
          3. WPA2
      3. Wireless network implementation
        1. Wireless signal considerations
        2. End system configuration
        3. Wireless encryption and authentication recommendations
          1. Encryption
          2. Authentication
          3. Client-side certificates
          4. EAP-TLS
          5. Unique system check
      4. Wireless segmentation
        1. Wireless network integration
      5. Wireless network intrusion prevention
      6. Summary
    15. 8. The Human Element of Security
      1. Social engineering
        1. Electronic communication methods
          1. Spam e-mail
            1. Key indicators of a spam e-mail
            2. Mitigating spam and e-mail threats
          2. Social media
            1. Mitigating social media threats
        2. In-person methods
          1. Mitigating in-person social engineering
        3. Phone methods
          1. Mitigating phone methods
        4. Business networking sites
          1. Mitigating business networking site attacks
        5. Job posting sites
          1. Mitigating job posting-based attacks
      2. Security awareness training
        1. Training materials
          1. Computer-based training
          2. Classroom training
          3. Associate surveys
        2. Common knowledge
        3. Specialized material
        4. Effective training
        5. Continued education and checks
      3. Access denied – enforcing least privilege
        1. Administrator access
          1. System administrator
          2. Data administrator
          3. Application administrator
      4. Physical security
      5. Summary
    16. 9. Security Monitoring
      1. Monitoring strategies
        1. Monitoring based on trust models
          1. Data monitoring
          2. Process monitoring
          3. Application monitoring
          4. User monitoring
        2. Monitoring based on network boundary
        3. Monitoring based on network segment
      2. Privileged user access
        1. Privileged data access
        2. Privileged system access
        3. Privileged application access
      3. Systems monitoring
        1. Operating system monitoring
        2. Host-based intrusion detection system
      4. Network security monitoring
        1. Next-generation firewalls
        2. Data loss prevention
        3. Malware detection and analysis
        4. Intrusion prevention
      5. Security Information and Event Management
      6. Predictive behavioral analysis
      7. Summary
    17. 10. Managing Security Incidents
      1. Defining a security incident
        1. Security event versus security incident
      2. Developing supporting processes
        1. Security incident detection and determination
          1. Physical security incidents
          2. Network-based security incidents
        2. Incident management
      3. Getting enterprise support
      4. Building the incident response team
        1. Roles
          1. Desktop support
          2. Systems support
          3. Applications support
          4. Database support
          5. Network support
          6. Information security
        2. HR, legal, and public relations
        3. Responsibilities
        4. Expected response times
        5. Incident response contacts
        6. Supporting procedures
          1. A quick note on forensics
      5. Developing the incident response plan
      6. Taking action
        1. Incident reporting
        2. Incident response
        3. In-house incident response
        4. Contracted incident response
      7. Summary
    18. A. Applying Trust Models to Develop a Security Architectuture
      1. Encrypted file transfer (external)
        1. External user
        2. Internal user
        3. Data owner
        4. Automation
    19. B. Risk Analysis, Policy and Standard, and System Hardening Resources
      1. Risk analysis resources
      2. Policy and standard resources
      3. System hardening resources
    20. C. Security Tools List
      1. Tools for securing the network
      2. Tools for securing systems
      3. Tools for securing data
      4. Tools for security monitoring
      5. Tools for testing security
      6. Tools for vulnerability scanning
    21. D. Security Awareness Resources
      1. General presentation and training
      2. Social engineering
      3. Security awareness materials
      4. Safe and secure computing resources
    22. E. Security Incident Response Resources
      1. Building a CSIRT team
      2. Incident response process
      3. An example of incident response process flow
      4. A sample incident response report form
      5. A sample incident response form
    23. Index