Book description
Discover how technology is affecting your business, and why typical security mechanisms are failing to address the issue of risk and trust.
Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems – a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol.
Many companies are currently applying security models following legacy policies or ad-hoc solutions. A series of new security standards (ISO/ITU) allow security professionals to talk a common language. By applying a common standard, security vendors are able to create products and services that meet the challenging security demands of technology further diffused from the central control of the local area network. Companies are able to prove and show the level of maturity of their security solutions based on their proven compliance of the recommendations defined by the standard.
Carlos Solari and his team present much needed information and a broader view on why and how to use and deploy standards. They set the stage for a standards-based approach to design in security, driven by various factors that include securing complex information-communications systems, the need to drive security in product development, the need to better apply security funds to get a better return on investment.
Security applied after complex systems are deployed is at best a patchwork fix. Concerned with what can be done now using the technologies and methods at our disposal, the authors set in place the idea that security can be designed in to the complex networks that exist now and for those in the near future. Web 2.0 is the next great promise of ICT – we still have the chance to design in a more secure path.
Time is of the essence – prevent-detect-respond!
Table of contents
- Copyright
- About the Authors and Contributors...
- Foreword
- Prologue
- 1. The World of Cyber Security in 2019
-
2. The Costs and Impact of Cyber Security
- 2.1. Executive Summary
- 2.2. The Economics of Security
- 2.3. The Security Value Life Cycle
- 2.4. Security Costs at the Point of Creation
- 2.5. Security Costs at the Point of Purchase – Service Creation
- 2.6. Security Cost at Point of Service
- 2.7. Impact of Security Costs on Security Decisions and Investments: Network Security Risk Management
- 3. Protecting Web 2.0: What Makes it so Challenging?
- 4. Limitations of the Present Models
-
5. Defining the Solution – ITU-T X.805 Standard Explained
- 5.1. Executive Summary
- 5.2. The ITU-T X.805 Standard Explained: Building a foundation for the Security Value Life Cycle
- 5.3. Coupling to the ISO/IEC 27000 Series Standard: Complementary Standards that Enable the Process and Policy Leading to Compliance
- 5.4. Enterprise Risk and IT Management Frameworks
-
6. Building the Security Foundation Using the ITU-T X.805 Standard: The ITU-T X.805 Standard Made Operational
-
6.1. Executive Summary
- 6.1.1. The standard made operational
- 6.1.2. Key lesson: Complexity breeds insecurity
- 6.1.3. Key lesson: The cloud has entered the building
- 6.1.4. Key lesson: Address common vulnerabilities
- 6.1.5. Key lesson: Not all vulnerabilities are created equal
- 6.1.6. Key lesson: What is reportable and when is it reportable?
- 6.1.7. Key lesson: Security mitigation is also a business risk management decision
- 6.1.8. Key lesson: Performing the assessment with confidence in the results
- 6.1.9. Key lesson: Convince the product unit
- 6.1.10. Closing thoughts on the key lessons
-
6.1. Executive Summary
- 7. The Benefits of a Security Framework Approach
- 8. Correcting Our Path – What Will it Take?
-
A. Building Secure Products and Solutions
- A.1. Introduction
- A.2. Product Lifecycle Overview
- A.3. Integrating Security Into the Product Lifecycle
- A.4. Building in Security
- A.5. Bell Labs Security Framework Overview
- A.6. The Proposed Approach
- A.7. Integrating Security in Requirements and Design Phase
- A.8. Integrating Security in the Implementation Phase
- A.9. Integrating Security in Testing Phase
- A.10. Integrating Security in the Product Management
- A.11. Conclusion
-
B. Using the Bell Labs Security Framework to Enhance the ISO 17799/27001 Information Security Management System
- B.1. Introduction
- B.2. Augmenting ISO/IEC 27001 with the Bell Labs Security Framework
- B.3. Implementation Guidance Using the Bell Labs Security Framework
- B.4. Methodology for Applying the Bell Labs Security Framework to ISO/IEC 27001
- B.5. Examples of Applying the Bell Labs Security Framework to ISO/IEC 27001 Controls
- B.6. Case Study: Using the Bell Labs Security Framework to Establish, Implement, and Operate an ISMS
- B.7. Using the Bell Labs Security Framework to Implement an ISMS for Government Networks
- B.8. Conclusion
- B.9. Further Reading
- C. Appendix C
- Glossary
Product information
- Title: Security in a Web 2.0+ World: A Standards-Based Approach
- Author(s):
- Release date: May 2009
- Publisher(s): Wiley
- ISBN: 9780470745755
You might also like
book
Security for Web Developers
As a web developer, you may not want to spend time making your web app secure, …
book
Seven Deadliest Web Application Attacks
Seven Deadliest Web Application Attacks highlights the vagaries of web security by discussing the seven deadliest …
book
Securing the Virtual Environment: How to Defend the Enterprise Against Attack, Included DVD
A step-by-step guide to identifying and defending against attacks on the virtual environment As more and …
book
Secure XML: The New Syntax for Signatures and Encryption
Extensible Markup Language (XML) is the environment of choice for creating many of today's technologically sophisticated …