In this chapter we took a detailed look at security as a process. First, we took a look at analyzing risk by presenting quantitative and qualitative methods including an exercise to understand the approach. We moved on to getting security expectations documented and the power to enforce them by developing policies and standards. Applying these items to use cases provides the data needed to build the enterprise trust models. When policies and standards cannot be met, we have exceptions to track deviations and develop a remediation plan. We noted that if the same exceptions are raised consistently, a review of the policy or standard might be required. Lastly, we covered when to involve the security team in the change management process for review and approval of change requests and properly documenting the review. The overall goal of security is to be integrated into business processes, so it is truly a part of the business and not an expensive afterthought simply there to patch a...
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
By :
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
By:
Overview of this book
Enterprise security redefined using a data-centric approach and trust models to transform information security into a business enablement process. It is a unique and forward thinking approach for deciding the best method to secure data in the enterprise, the cloud, and in BYOD environments."Enterprise Security: A Data-Centric Approach to Securing the Enterprise" will guide you through redefining your security architecture to be more affective and turn information security into a business enablement process rather than a roadblock. This book will provide you with the areas where security must focus to ensure end-to-end security throughout the enterprise-supporting enterprise initiatives such as cloud and BYOD. "Enterprise Security: A Data-Centric Approach to Securing the Enterprise" will first introduce the reader to a new security architecture model and then explores the must have security methods and new tools that can used to secure the enterprise.This book will take a data-centric approach to securing the enterprise through the concept of Trust Models and building a layered security implementation focused on data. This is not your traditional security book focused on point solutions and the network aspect of security. This book combines best practice methods with new methods to approach enterprise security and how to remain agile as the enterprise demands more access to data from traditionally untrusted assets, hosted solutions, and third parties. Applied Information Security - A Data-Centric Approach to Securing the Enterprise will provide the reader an easy-to-follow flow from architecture to implementation, diagrams and recommended steps, and resources for further research and solution evaluation.This book is a reference and guide for all levels of enterprise security programs that have realized that non-data centric security is no longer practical and new methods must be used to secure the most critical assets in the enterprise.
Related Content you might be interested in
Current Title:
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
No titles found
Table of Contents (22 chapters)
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Credits
About the Author
About the Reviewers
www.packtpub.com
Preface
Free Chapter
Enterprise Security Overview
Security Architectures
Security As a Process
Securing the Network
Securing Systems
Securing Enterprise Data
Wireless Network Security
The Human Element of Security
Security Monitoring
Managing Security Incidents
Applying Trust Models to Develop a Security Architectuture
Risk Analysis, Policy and Standard, and System Hardening Resources
Security Tools List
Security Awareness Resources
Security Incident Response Resources
Index
Customer Reviews