book

Security in a Web 2.0+ World: A Standards-Based Approach

Name: Security in a Web 2.0+ World: A Standards-Based Approach
Author: Carlos Curtis Solari
ISBN: 9780470745755

by Carlos Curtis Solari

May 2009

Intermediate to advanced

268 pages

6h 16m

English

Wiley

Read now

Unlock full access

Copyright
About the Authors and Contributors...
Foreword
Prologue
1. The World of Cyber Security in 2019
1.1. Executive Summary1.2. General Review of Security Challenges1.2.1. Content is king1.2.2. Broadband wireless security1.3. Cyber Security as the Friction and Latency of Business and Government1.4. Protecting Web 2.0 Data1.5. The Present Models for Cyber Security are Broken1.5.1. A systemic problem
2. The Costs and Impact of Cyber Security
2.1. Executive Summary2.2. The Economics of Security2.3. The Security Value Life Cycle2.4. Security Costs at the Point of Creation2.5. Security Costs at the Point of Purchase – Service Creation2.5.1. Incident costs2.5.2. The costs of compliance2.5.3. The costs of security infrastructure2.6. Security Cost at Point of Service2.7. Impact of Security Costs on Security Decisions and Investments: Network Security Risk Management
3. Protecting Web 2.0: What Makes it so Challenging?
3.1. Executive Summary3.2. Defining Web 2.03.2.1. Its the network3.2.2. Applications and content in the cloud3.3. The Challenges of Web 2.0 Security3.3.1. Motive, Capability and Opportunity3.4. Securing the Web 2.0 Network3.4.1. The devil is in the details – starting with the protocols3.4.2. Security required end to end3.4.3. Securing the interfaces and why they need to be secured3.4.4. Virtualization is not necessarily a security net gain3.5. The Wireless Data Challenge3.5.1. Stated simply3.6. Securing the Web 2.0 Applications and Content3.6.1. Securing the data exchanges – and why they need to be secured3.6.2. Protecting privacy3.6.3. Integrity checking3.6.4. Other considerations
4. Limitations of the Present Models
4.1. Executive Summary4.2. Aftermarket Security – A Broken Model4.3. Standards and Regulations4.4. Regulate Yourself into Good Security?4.5. Silos of Risk4.6. Absence of Metrics to Define Trust4.6.1. Design4.6.2. Acquisition4.6.3. Integration4.6.4. Operation and maintenance4.7. The Current Model is Broken – Now What?
5. Defining the Solution – ITU-T X.805 Standard Explained
5.1. Executive Summary5.2. The ITU-T X.805 Standard Explained: Building a foundation for the Security Value Life Cycle5.2.1. A bit of the history5.3. Coupling to the ISO/IEC 27000 Series Standard: Complementary Standards that Enable the Process and Policy Leading to Compliance5.4. Enterprise Risk and IT Management Frameworks
6. Building the Security Foundation Using the ITU-T X.805 Standard: The ITU-T X.805 Standard Made Operational
6.1. Executive Summary6.1.1. The standard made operational6.1.2. Key lesson: Complexity breeds insecurity6.1.3. Key lesson: The cloud has entered the building6.1.4. Key lesson: Address common vulnerabilities6.1.5. Key lesson: Not all vulnerabilities are created equal6.1.6. Key lesson: What is reportable and when is it reportable?6.1.7. Key lesson: Security mitigation is also a business risk management decision6.1.8. Key lesson: Performing the assessment with confidence in the results6.1.9. Key lesson: Convince the product unit6.1.10. Closing thoughts on the key lessons

7. The Benefits of a Security Framework Approach
7.1. Executive Summary7.2. Convincing the CFO7.2.1. Point of creation7.2.2. Point of purchase and service creation7.2.3. Point of service delivery or end use
8. Correcting Our Path – What Will it Take?
8.1. Executive Summary8.2. The Power of the Customer to Transform an Industry8.2.1. Government8.2.2. Business8.2.3. Academia8.3. Summary and Conclusions
A. Building Secure Products and Solutions
A.1. IntroductionA.2. Product Lifecycle OverviewA.3. Integrating Security Into the Product LifecycleA.4. Building in SecurityA.5. Bell Labs Security Framework OverviewA.5.1. Security layersA.5.2. Security planesA.5.3. Security dimensionsA.5.4. Modular methodologyA.6. The Proposed ApproachA.7. Integrating Security in Requirements and Design PhaseA.7.1. Security specificationsA.7.2. Asset identificationA.7.3. Threats identificationA.7.4. Vulnerabilities identificationA.7.5. Impact analysisA.7.6. Control analysisA.8. Integrating Security in the Implementation PhaseA.9. Integrating Security in Testing PhaseA.10. Integrating Security in the Product ManagementA.10.1. Policy for secure product developmentA.10.2. Management oversightA.10.3. Risk assessment and managementA.10.4. Measurement and feedbackA.10.5. Resources and trainingA.10.6. Project planning and trackingA.10.7. Relationship to other standardsA.11. ConclusionA.11.1. AcknowledgmentsA.11.2. *TrademarksA.11.3. References
B. Using the Bell Labs Security Framework to Enhance the ISO 17799/27001 Information Security Management System
B.1. IntroductionB.2. Augmenting ISO/IEC 27001 with the Bell Labs Security FrameworkB.3. Implementation Guidance Using the Bell Labs Security FrameworkB.4. Methodology for Applying the Bell Labs Security Framework to ISO/IEC 27001B.5. Examples of Applying the Bell Labs Security Framework to ISO/IEC 27001 ControlsB.6. Case Study: Using the Bell Labs Security Framework to Establish, Implement, and Operate an ISMSB.7. Using the Bell Labs Security Framework to Implement an ISMS for Government NetworksB.8. ConclusionB.9. Further ReadingB.9.1. *TrademarksB.9.2. References
C. Appendix C
C.1. Ch 2, Ref 1C.1.1. Ch 2, Ref 1C.1.2. Calculating the financial impact of cyber riskC.1.3. Ch 2, Ref 2: A Transaction Based Network Valuation ModelC.2. Valuing an Entire NetworkC.3. The Sum Value of All NetworksC.3.1. Ch 3, Ref 1C.3.2. Ch 3, Ref 2C.3.3. Ch3, Ref 3: Protecting the domain name service (DNS)C.3.4. Ch3, Ref 4C.3.5. Ch 3, Ref 5C.3.6. Ch 3, Ref 6C.3.7. Ch 3, Ref 7C.3.8. Ch 3, Ref 8C.3.9. Ch 3, Ref 9
Glossary

Content preview from Security in a Web 2.0+ World: A Standards-Based Approach

Chapter 5. Defining the Solution – ITU-T X.805 Standard Explained

	"The nice thing about standards is that there are so many of them to choose from."
	--Andrew S. Tanenbaum

Executive Summary

There are no shortcuts. As explained in Chapter 4, aftermarket security means the end- user is resigned to perimeter-based security, dependent upon detection capabilities that cannot overcome the zero-day threat. The only remedy is a seemingly endless patching process. This model simply doesn't protect e-commerce environments of the present nor of future Web 2.0 in which data control is further diffused.

Applying security appropriately starts when the product is designed and engineered. This is the foundation for secure technology solutions and services and continues through the Security Value Life Cycle as defined earlier. The need for security metrics is paramount, and it is time to engage in the how part of this discussion.

Security design starts by applying the eight security dimensions of the ITU-T X.805 ("X.805") standard model and building products as component parts in an overall network solution with a direct relationship to the process and policy of certifications and compliance. Chapter 5 starts with a brief examination of the landscape of standards, certifications and regulatory compliance frameworks, postulating that the combination of X.805 and the ISO/ IEC 27000 series standards is the right approach.

The X.805 standard starts to answer one of the primary concerns: a framework to guide ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Securing the Virtual Environment: How to Defend the Enterprise Against Attack, Included DVD

Publisher Resources

ISBN: 9780470745755Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Security in a Web 2.0+ World: A Standards-Based Approach

by Carlos Curtis Solari

Chapter 5. Defining the Solution – ITU-T X.805 Standard Explained

Executive Summary

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.