book

Enterprise Security: A Data-Centric Approach to Securing the Enterprise

Name: Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Author: Aaron Woody
ISBN: 9781849685962

by Aaron Woody

February 2013

Beginner to intermediate

324 pages

9h 10m

English

Packt Publishing

Read now

Unlock full access

Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Table of Contents
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Credits
About the Author
About the Reviewers
www.packtpub.com
Support files, e-books, discount offers, and moreWhy Subscribe?Free Access for Packt account holdersInstant Updates on New Packt Books
Preface
What this book covers
Who this book is for
Conventions

Reader feedback
Customer support
ErrataPiracyQuestions
1. Enterprise Security Overview
The façade of enterprise securityThe history and making of the façadeOur current approach to securitySecurity architecture 101A new approach to security
Enterprise security pitfalls
Shortcomings of the current security architectureCommunicating information securityThe cost of information securityThe conflicting message of enterprise securityProving a negative
The road map to securing the enterprise
Road map componentsDefining usersDefining applicationsDefining dataDefining rolesDefining processesDefining policies and standardsDefining network infrastructureDefining application security architecture
Summary
2. Security Architectures
Redefining the network edgeDrivers for redefinitionFeature-rich web applicationsBusiness partner accessMiscellaneous third-party servicesCloud initiatives
Security architecture models
Defining the building blocks of trust modelsDefining data in a trust modelData locationsData typesDefining processes in a trust modelDefining applications in a trust modelDefining users in a trust modelDefining roles in a trust modelDefining policies and standardsEnterprise trust modelsApplication user (external)Application owner (business partner)System owner (contractor)Data owner (internal)AutomationMicro architecturesData risk-centric architecturesBYOD initiativesBring your own mobile deviceBring your own PC
Summary
3. Security As a Process
Risk analysisWhat is risk analysis?Assessing threatsAssessing impactAssessing probabilityAssessing riskQualitative risk analysisQualitative risk analysis exerciseQuantitative risk analysisQuantitative risk analysis exerciseApplying risk analysis to trust modelsDeciding on a risk analysis methodologyOther thoughts on risk and new enterprise endeavors
Security policies and standards
Policy versus standardA quick note on wordingUnderstanding security policy developmentCommon IT security policiesInformation security policyAcceptable use policyTechnology use policyRemote access policyData classification policyData handling policyData retention policyData destruction policyPolicies for emerging technologiesPolicy considerationsEmerging technology challengesDeveloping enterprise security standardsCommon IT security standardsWireless network security standardTrust model building block for wireless network security standardApplying trust models to develop standardsEnterprise monitoring standardEnterprise encryption standardSystem hardening standard
Security exceptions
Security review of changes
Perimeter security changesData access changesNetwork architectural changes
Summary
4. Securing the Network
Overview
Next generation firewalls
Benefits of NGFW technologyApplication awarenessIntrusion preventionAdvanced malware mitigation
Intrusion detection and prevention
Intrusion detectionIntrusion preventionDetection methodsBehavioral analysisAnomaly detectionSignature-based detection
Advanced persistent threat detection and mitigation
Securing network services
DNSDNS resolutionDNS zone transferDNS recordsDNSSECE-mailSPAM filteringSPAM filtering in the cloudLocal SPAM filteringSPAM relayingFile transferImplementation considerationsSecure file transfer protocolsUser authenticationUser Internet accessWebsitesSecure codingNext generation firewallsIPSWeb application firewall
Network segmentation
Network segmentation strategyAsset identificationSecurity mechanisms
Applying security architecture to the network
Security architecture in the DMZSecurity architecture in the internal networkSecurity architecture and internal segmentation
Summary
5. Securing Systems
System classificationImplementation considerationsSystem managementAsset inventory labelsSystem patching
File integrity monitoring
Implementation considerationsImplementing FIMReal-time FIMManual mode FIM
Application whitelisting
Implementation considerations
Host-based intrusion prevention system
Implementation considerations
Host firewall
Implementation considerations
Anti-virus
Signature-based anti-virusHeuristic anti-virusImplementation considerations
User account management
User roles and permissionsUser account auditing
Policy enforcement
Summary
6. Securing Enterprise Data
Data classificationIdentifying enterprise dataData typesData locationsAutomating discoveryAssign data ownersAssign data classification
Data Loss Prevention
Data in storageData in useData in transitDLP implementationDLP NetworkDLP E-mail and WebDLP DiscoverDLP Endpoint
Encryption and hashing
Encryption and hashing explainedEncryptionEncrypting data at restDatabase encryptionThe need for database encryptionMethods of database encryptionApplication encryptionSelective database encryptionComplete database encryptionTokenizationFile share encryptionEncrypting data in useEncrypting data in transit
Tokenization
Data masking
Authorization
Developing supporting processes
Summary
7. Wireless Network Security
Security and wireless networks
Securing wireless networks
A quick note on SSID cloaking and MAC filteringWireless authenticationUsing shared keyCaveats of shared key implementationUsing IEEE 802.1XCaveats of 802.1X implementationWireless encryptionWEPWPAWPA2
Wireless network implementation
Wireless signal considerationsEnd system configurationWireless encryption and authentication recommendationsEncryptionAuthenticationClient-side certificatesEAP-TLSUnique system check
Wireless segmentation
Wireless network integration
Wireless network intrusion prevention
Summary
8. The Human Element of Security
Social engineeringElectronic communication methodsSpam e-mailKey indicators of a spam e-mailMitigating spam and e-mail threatsSocial mediaMitigating social media threatsIn-person methodsMitigating in-person social engineeringPhone methodsMitigating phone methodsBusiness networking sitesMitigating business networking site attacksJob posting sitesMitigating job posting-based attacks
Security awareness training
Training materialsComputer-based trainingClassroom trainingAssociate surveysCommon knowledgeSpecialized materialEffective trainingContinued education and checks
Access denied – enforcing least privilege
Administrator accessSystem administratorData administratorApplication administrator
Physical security
Summary
9. Security Monitoring
Monitoring strategiesMonitoring based on trust modelsData monitoringProcess monitoringApplication monitoringUser monitoringMonitoring based on network boundaryMonitoring based on network segment
Privileged user access
Privileged data accessPrivileged system accessPrivileged application access
Systems monitoring
Operating system monitoringHost-based intrusion detection system
Network security monitoring
Next-generation firewallsData loss preventionMalware detection and analysisIntrusion prevention
Security Information and Event Management
Predictive behavioral analysis
Summary
10. Managing Security Incidents
Defining a security incidentSecurity event versus security incident
Developing supporting processes
Security incident detection and determinationPhysical security incidentsNetwork-based security incidentsIncident management
Getting enterprise support
Building the incident response team
RolesDesktop supportSystems supportApplications supportDatabase supportNetwork supportInformation securityHR, legal, and public relationsResponsibilitiesExpected response timesIncident response contactsSupporting proceduresA quick note on forensics
Developing the incident response plan
Taking action
Incident reportingIncident responseIn-house incident responseContracted incident response
Summary
A. Applying Trust Models to Develop a Security Architectuture
Encrypted file transfer (external)External userInternal userData ownerAutomation
B. Risk Analysis, Policy and Standard, and System Hardening Resources
Risk analysis resources
Policy and standard resources
System hardening resources
C. Security Tools List
Tools for securing the network
Tools for securing systems
Tools for securing data
Tools for security monitoring
Tools for testing security
Tools for vulnerability scanning
D. Security Awareness Resources
General presentation and training
Social engineering
Security awareness materials
Safe and secure computing resources
E. Security Incident Response Resources
Building a CSIRT team
Incident response process
An example of incident response process flow
A sample incident response report form
A sample incident response form
Index

Content preview from Enterprise Security: A Data-Centric Approach to Securing the Enterprise

Security Information and Event Management

SIEM or Security Information and Event Management has been mentioned a few times in the earlier sections and is gaining tremendous traction in security monitoring as the central intelligence of security operations. The primary benefit of SIEM is the ability to assimilate security and log data from disparate systems, analyze it all, and provide correlated output to security analysts.

Up to this point, disparate systems and their unique monitoring capabilities have been discussed, but those are all single intelligence, incomplete views of the complete flow of traffic as it traverses a network. A firewall, for instance, only inspects what is coming and going at the edge of the network, but has no cognizance ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Rational Cybersecurity for Business: The Security Leaders' Guide to Business Alignment

Publisher Resources

ISBN: 9781849685962Other

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Enterprise Security: A Data-Centric Approach to Securing the Enterprise

by Aaron Woody

Security Information and Event Management

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.