Information security in the enterprise is challenging and has been considered a roadblock to enterprise innovation and use of new services such as cloud and bring your own device (BYOD). One of the primary reasons for this is the paradigm from which information security is being approached in today's ever evolving and agile businesses. Strict security requirements as an overlay to a perimeter-focused network architecture does not adequately secure enterprise data, failing the agile enterprise.
This book covers the current state of enterprise security and a new model for implementing security in the enterprise. Data-centric security architecture is introduced in the context of a layered security approach for end-to-end security. By looking at each component of the data-centric architecture, the realization of applying these concepts to information security creates a new paradigm to operate from where information security is agile and becomes a business enablement process supporting the latest trends in business such as cloud and BYOD.
The book is a guide to leveraging existing investment in traditional network- and host-based security tools. It introduces the data aspect of security and how to provide complete coverage of enterprise security. With several diagrams to illustrate concepts, and resources for further development in the areas of enterprise information security, this book serves as a go-to reference for IT professionals responsible for securing enterprise networks and data.
Chapter 1, Enterprise Security Overview, introduces readers to the concepts of information security by providing an overview of information security, where we went wrong, and the road map to securing the enterprise.
Chapter 2, Security Architectures, covers the drivers of redefining security architecture from a network-based concept to a data-centric focus as today's ever-changing business landscape has invalidated the traditional security architecture. The chapter introduces trust models and how they can be applied to existing data and infrastructure.
Chapter 3, Security As a Process, covers the importance of security as a process through policies, standards, risk analysis, and security review of changes. For security to be effective in the enterprise, it must be an integral component of everyday business processes.
Chapter 4, Securing the Network, is the first of several chapters diving into the layers of the data-centric security architecture. Methods to secure the enterprise at the network layer leveraging the latest technologies to mitigate threats at the network edge and segmented portions of the network are presented. The reader will also be given guidance on how to secure common network services.
Chapter 5, Securing Systems, presents methods to secure the systems that store, transmit, and process enterprise data. A look at effective approaches to securing systems when traditional methods fail is covered in detail. A list of tools is provided in Appendix C, Security Tools List.
Chapter 6, Securing Enterprise Data, presents readers with methods to secure data in the various states within the enterprise. Encryption, hashing, data loss prevention, and data classification are covered in detail to provide readers with several approaches to secure enterprise data.
Chapter 7, Wireless Network Security, provides coverage of securely implementing wireless networking in the enterprise. Methods to mitigate the most common and dangerous attacks against wireless are discussed. Lastly, the chapter covers proper segmentation of wireless infrastructure from critical segments and assets within the enterprise network.
Chapter 8, The Human Element of Security, takes a look at the weakest link in the enterprise security program: humans. The chapter examines social engineering and security awareness program development. Once a program is developed, consistent testing of the effectiveness of training is presented with several resources to get this portion of the program up and running.
Chapter 9, Security Monitoring, covers the many times overlooked, yet very important aspect of security monitoring. First, the chapter covers monitoring at the various layers of the new security architecture, then dives into leveraging SIEM solutions and providing monitoring for privileged users, systems, and the network.
Chapter 10, Managing Security Incidents, covers security incidents and management. Making the determination on what a security incident is and how to develop the response is the focus of this chapter. Guidelines for developing an incident response capability, along with supporting processes, are also provided to the reader.
Appendix A, Applying Trust Models to Develop a Security Architectuture, walks the reader through applying the presented security architecture and trust models to a real-world scenario. This exercise will strengthen the new concepts presented in Chapter 2, Security Architectures.
Appendix B, Risk Analysis, Policy and Standard, and System Hardening Resources, provides a list of available resources to help the reader develop the necessary enterprise security processes: risk analysis, vulnerability and patch management, and policies and standards.
Appendix C, Security Tools List, covers a list of security tools that can be used to provide security at the network, system, and data layers of the data-centric architecture. In addition to tools for securing the enterprise, the reader is provided tools for testing security, vulnerability identification, and security monitoring. It also provides a list of available resources to help the reader develop the necessary enterprise security processes: risk analysis, vulnerability and patch management, and policies and standards.
Appendix D, Security Awareness Resources, provides the reader a jumping board for building a security awareness program in the enterprise. Resources to learn presentation and teaching skills are provided along with tools to facilitate social engineering testing. Lastly, the reader is provided links to security awareness training materials and safe computing resources.
Appendix E, Security Incident Response Resources, provides a sample incident response process flow along with sample incident response forms and resources for incident response.
This book is for the IT professional in security or responsible for any component of the enterprise that is affected by information security policies, standards, and processes. This book can also be a valuable resource for a reader wanting to learn about and implement information security in the enterprise leveraging sound architectural principles. IT staff tasked with securing enterprise data while supporting new business initiatives such as cloud and BYOD will find this book a valuable reference on how to make information security a business enabler by implementing security in an agile manner built on data-centric trust models.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "...a MD5 hash is calculated for secretfile using the md5 command..."
Any command-line input or output is written as follows:
Macbook-pro$ md5 secretfile MD5 (secretfile) = 273cf6c54c2bdba56416942fbb5ec224
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "...a secret file (secretfile) has been created with the text This is a secret file. inserted..."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.