Book Image

Enterprise Security: A Data-Centric Approach to Securing the Enterprise

By : Aaron Woody
Book Image

Enterprise Security: A Data-Centric Approach to Securing the Enterprise

By: Aaron Woody

Overview of this book

Enterprise security redefined using a data-centric approach and trust models to transform information security into a business enablement process. It is a unique and forward thinking approach for deciding the best method to secure data in the enterprise, the cloud, and in BYOD environments."Enterprise Security: A Data-Centric Approach to Securing the Enterprise" will guide you through redefining your security architecture to be more affective and turn information security into a business enablement process rather than a roadblock. This book will provide you with the areas where security must focus to ensure end-to-end security throughout the enterprise-supporting enterprise initiatives such as cloud and BYOD. "Enterprise Security: A Data-Centric Approach to Securing the Enterprise" will first introduce the reader to a new security architecture model and then explores the must have security methods and new tools that can used to secure the enterprise.This book will take a data-centric approach to securing the enterprise through the concept of Trust Models and building a layered security implementation focused on data. This is not your traditional security book focused on point solutions and the network aspect of security. This book combines best practice methods with new methods to approach enterprise security and how to remain agile as the enterprise demands more access to data from traditionally untrusted assets, hosted solutions, and third parties. Applied Information Security - A Data-Centric Approach to Securing the Enterprise will provide the reader an easy-to-follow flow from architecture to implementation, diagrams and recommended steps, and resources for further research and solution evaluation.This book is a reference and guide for all levels of enterprise security programs that have realized that non-data centric security is no longer practical and new methods must be used to secure the most critical assets in the enterprise.

Related Content you might be interested in

Current Title:

Small book image
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Aaron Woody
Feb, 2013 | 324 pages
No titles found
Table of Contents (22 chapters)
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Enterprise Security: A Data-Centric Approach to Securing the Enterprise
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.packtpub.com
www.packtpub.com
Preface
Preface
Free Chapter
1
Enterprise Security Overview
Enterprise Security Overview
The façade of enterprise security
Enterprise security pitfalls
The road map to securing the enterprise
Summary
2
Security Architectures
Security Architectures
Redefining the network edge
Security architecture models
Summary
3
Security As a Process
Security As a Process
Risk analysis
Security policies and standards
Security exceptions
Security review of changes
Summary
4
Securing the Network
Securing the Network
Overview
Next generation firewalls
Intrusion detection and prevention
Advanced persistent threat detection and mitigation
Securing network services
Network segmentation
Applying security architecture to the network
Summary
5
Securing Systems
Securing Systems
System classification
File integrity monitoring
Application whitelisting
Host-based intrusion prevention system
Host firewall
Anti-virus
User account management
Policy enforcement
Summary
6
Securing Enterprise Data
Securing Enterprise Data
Data classification
Data Loss Prevention
Encryption and hashing
Tokenization
Data masking
Authorization
Developing supporting processes
Summary
7
Wireless Network Security
Wireless Network Security
Security and wireless networks
Securing wireless networks
Wireless network implementation
Wireless segmentation
Wireless network intrusion prevention
Summary
8
The Human Element of Security
The Human Element of Security
Social engineering
Security awareness training
Access denied – enforcing least privilege
Physical security
Summary
9
Security Monitoring
Security Monitoring
Monitoring strategies
Privileged user access
Systems monitoring
Network security monitoring
Security Information and Event Management
Predictive behavioral analysis
Summary
10
Managing Security Incidents
Managing Security Incidents
Defining a security incident
Developing supporting processes
Getting enterprise support
Building the incident response team
Developing the incident response plan
Taking action
Summary
Applying Trust Models to Develop a Security Architectuture
Applying Trust Models to Develop a Security Architectuture
Encrypted file transfer (external)
Risk Analysis, Policy and Standard, and System Hardening Resources
Risk Analysis, Policy and Standard, and System Hardening Resources
Risk analysis resources
Policy and standard resources
System hardening resources
Security Tools List
Security Tools List
Tools for securing the network
Tools for securing systems
Tools for securing data
Tools for security monitoring
Tools for testing security
Tools for vulnerability scanning
Security Awareness Resources
Security Awareness Resources
General presentation and training
Social engineering
Security awareness materials
Safe and secure computing resources
Security Incident Response Resources
Security Incident Response Resources
Building a CSIRT team
Incident response process
An example of incident response process flow
A sample incident response report form
A sample incident response form
Index
Index

About the Reviewers

Lee Allen is currently the Vulnerability Management Program Lead for one of the Fortune 500 companies. He is also the owner of MiDGames.com that is dedicated to bridging the gap between learning and fun, by providing 3D video games that reinforce and teach complex subjects such as Linux command line and penetration testing skills.

Lee is the author of Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide, Packt Publishing.

I would like to thank my wife Kellie and our children for allowing me the time needed to review this book. I would also like to thank Aaron Woody for allowing me to be a part of this work. This is an excellent book that contains information that every security professional should know. Aaron does an excellent job of making the knowledge available in an easy to understand and comprehensive manner. I would also like to thank George and Helen Slocum; without your encouragement and support throughout the years, 
I would never have chased my dreams.

Shon Robinson has been working in IT for 17 years, with 15 of these spent dealing with various aspects of the security field. Over the years, he has worked for a large financial services company in a number of roles including securing the online banking platform and performing application vulnerability assessments across all lines of business applications. Currently, he is a Principal Consultant for a business security company. He has also been a reviewer for Hakin9 since its first issues.

In addition to an MBA and Master of Theological Studies, Shon currently holds a number of active certifications including CISSP, ISSAP, ISSMP, CISA, CISM, CRISC, CEH, and a number of others on security, application, and operating systems.

In his copious free time, Shon tries to help teach the Central Ohio ISSA CISSP prep class.

I would like to thank Aaron for recommending me as a reviewer. I have, even after all these years, been able to learn more about security architecture from the experience. I would especially like to thank my wife, Tammy, who has been a supportive partner and inspiration in life even when I make her life difficult; and my son, Jesse, who is my joy and reminds me daily to be thankful for and enjoy every second.

Previous Section
Next Chapter