O'Reilly logo

Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Summary

In this chapter we took a detailed look at security as a process. First, we took a look at analyzing risk by presenting quantitative and qualitative methods including an exercise to understand the approach. We moved on to getting security expectations documented and the power to enforce them by developing policies and standards. Applying these items to use cases provides the data needed to build the enterprise trust models. When policies and standards cannot be met, we have exceptions to track deviations and develop a remediation plan. We noted that if the same exceptions are raised consistently, a review of the policy or standard might be required. Lastly, we covered when to involve the security team in the change management process for ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required