Discover how technology is affecting your business, and why typical security mechanisms are failing to address the issue of risk and trust.
Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems – a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol.
Many companies are currently applying security models following legacy policies or ad-hoc solutions. A series of new security standards (ISO/ITU) allow security professionals to talk a common language. By applying a common standard, security vendors are able to create products and services that meet the challenging security demands of technology further diffused from the central control of the local area network. Companies are able to prove and show the level of maturity of their security solutions based on their proven compliance of the recommendations defined by the standard.
Carlos Solari and his team present much needed information and a broader view on why and how to use and deploy standards. They set the stage for a standards-based approach to design in security, driven by various factors that include securing complex information-communications systems, the need to drive security in product development, the need to better apply security funds to get a better return on investment.
Security applied after complex systems are deployed is at best a patchwork fix. Concerned with what can be done now using the technologies and methods at our disposal, the authors set in place the idea that security can be designed in to the complex networks that exist now and for those in the near future. Web 2.0 is the next great promise of ICT – we still have the chance to design in a more secure path.
Time is of the essence – prevent-detect-respond!
Table of contents
- About the Authors and Contributors...
1. The World of Cyber Security in 2019
- 1.1. Executive Summary
- 1.2. General Review of Security Challenges
- 1.3. Cyber Security as the Friction and Latency of Business and Government
- 1.4. Protecting Web 2.0 Data
- 1.5. The Present Models for Cyber Security are Broken
2. The Costs and Impact of Cyber Security
- 2.1. Executive Summary
- 2.2. The Economics of Security
- 2.3. The Security Value Life Cycle
- 2.4. Security Costs at the Point of Creation
- 2.5. Security Costs at the Point of Purchase – Service Creation
- 2.6. Security Cost at Point of Service
- 2.7. Impact of Security Costs on Security Decisions and Investments: Network Security Risk Management
3. Protecting Web 2.0: What Makes it so Challenging?
- 3.1. Executive Summary
- 3.2. Defining Web 2.0
- 3.3. The Challenges of Web 2.0 Security
- 3.4. Securing the Web 2.0 Network
- 3.5. The Wireless Data Challenge
- 3.6. Securing the Web 2.0 Applications and Content
4. Limitations of the Present Models
- 4.1. Executive Summary
- 4.2. Aftermarket Security – A Broken Model
- 4.3. Standards and Regulations
- 4.4. Regulate Yourself into Good Security?
- 4.5. Silos of Risk
- 4.6. Absence of Metrics to Define Trust
- 4.7. The Current Model is Broken – Now What?
5. Defining the Solution – ITU-T X.805 Standard Explained
- 5.1. Executive Summary
- 5.2. The ITU-T X.805 Standard Explained: Building a foundation for the Security Value Life Cycle
- 5.3. Coupling to the ISO/IEC 27000 Series Standard: Complementary Standards that Enable the Process and Policy Leading to Compliance
- 5.4. Enterprise Risk and IT Management Frameworks
6. Building the Security Foundation Using the ITU-T X.805 Standard: The ITU-T X.805 Standard Made Operational
6.1. Executive Summary
- 6.1.1. The standard made operational
- 6.1.2. Key lesson: Complexity breeds insecurity
- 6.1.3. Key lesson: The cloud has entered the building
- 6.1.4. Key lesson: Address common vulnerabilities
- 6.1.5. Key lesson: Not all vulnerabilities are created equal
- 6.1.6. Key lesson: What is reportable and when is it reportable?
- 6.1.7. Key lesson: Security mitigation is also a business risk management decision
- 6.1.8. Key lesson: Performing the assessment with confidence in the results
- 6.1.9. Key lesson: Convince the product unit
- 6.1.10. Closing thoughts on the key lessons
- 6.1. Executive Summary
- 7. The Benefits of a Security Framework Approach
- 8. Correcting Our Path – What Will it Take?
A. Building Secure Products and Solutions
- A.1. Introduction
- A.2. Product Lifecycle Overview
- A.3. Integrating Security Into the Product Lifecycle
- A.4. Building in Security
- A.5. Bell Labs Security Framework Overview
- A.6. The Proposed Approach
- A.7. Integrating Security in Requirements and Design Phase
- A.8. Integrating Security in the Implementation Phase
- A.9. Integrating Security in Testing Phase
- A.10. Integrating Security in the Product Management
- A.11. Conclusion
B. Using the Bell Labs Security Framework to Enhance the ISO 17799/27001 Information Security Management System
- B.1. Introduction
- B.2. Augmenting ISO/IEC 27001 with the Bell Labs Security Framework
- B.3. Implementation Guidance Using the Bell Labs Security Framework
- B.4. Methodology for Applying the Bell Labs Security Framework to ISO/IEC 27001
- B.5. Examples of Applying the Bell Labs Security Framework to ISO/IEC 27001 Controls
- B.6. Case Study: Using the Bell Labs Security Framework to Establish, Implement, and Operate an ISMS
- B.7. Using the Bell Labs Security Framework to Implement an ISMS for Government Networks
- B.8. Conclusion
- B.9. Further Reading
C. Appendix C
- C.1. Ch 2, Ref 1
- C.2. Valuing an Entire Network
- C.3. The Sum Value of All Networks
- Title: Security in a Web 2.0+ World: A Standards-Based Approach
- Release date: May 2009
- Publisher(s): Wiley
- ISBN: 9780470745755
You might also like
Fluent Python, 2nd Edition
Python’s simplicity lets you become productive quickly, but often this means you aren’t using everything it …
NIST Cybersecurity Framework - A pocket guide
The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on …
Anomaly Detection for Monitoring
Monitoring, the practice of observing systems and determining if they're healthy, is hard--and getting harder. In …
High Performance Python, 2nd Edition
Your Python code may run correctly, but you need it to run faster. Updated for Python …