The lowest-priced, brand-new, unused, unopened, undamaged item in its original packaging (where packaging is applicable).Packaging should be the same as what is found in a retail store, unless the item is handmade or was packaged by the manufacturer in non-retail packaging, such as an unprinted box or plastic bag.See details for additional description.
50 black & white illustrations, 11 black & white tables
Table Of Contents
Dedication Contents Foreword by John N. Stewart Foreword by Dr. James F. Ransome Preface Acknowledgments About the Author Part I Introduction The Lay of Information Security Land The Structure of the Book References Introduction Breach! Fix It! Information Security, as Applied to Systems Applying Security to Any System References The Art of Security Assessment Why Art and Not Engineering? Introducing The Process Necessary Ingredients The Threat Landscape Who Are These Attackers? Why Do They Want to Attack My System? How Much Risk to Tolerate? Getting Started References Security Architecture of Systems Why Is Enterprise Architecture Important? The Security in Architecture Diagramming For Security Analysis Seeing and Applying Patterns System Architecture Diagrams and Protocol Interchange Flows (Data Flow Diagrams) Security Touches All Domains Component Views What's Important? What Is Architecturally Interesting ? Understanding the Architecture of a System Size Really Does Matter Applying Principles and Patterns to Specific Designs Principles, But Not Solely Principles Summary References Information Security Risk Rating with Incomplete Information Gut Feeling and Mental Arithmetic Real-World Calculation Personal Security Posture Just Because It Might Be Bad, Is It? The Components of Risk Threat Exposure Vulnerability Impact Business Impact Data Sensitivity Scales Risk Audiences The Risk Owner Desired Security Posture Summary References Prepare for Assessment Process Review Credible Attack Vectors Applying ATASM Architecture and Artifacts Understand the Logical and Component Architecture of the System Understand Every Communication Flow and Any Valuable Data Wherever Stored Threat Enumeration List All the Possible Threat Agents for This Type of System List the Typical Attack Methods of the Threat Agents List the System-Level Objectives of Threat Agents Using Their Attack Methods Attack Surfaces Decompose (factor) the Architecture to a Level That Exposes Every Possible Attack Surface Filter Out Threat Agents Who Have No Attack Surfaces Exposed to Their Typical Methods List All Existing Security Controls for Each Attack Surface Filter Out All Attack Surfaces for Which There Is Sufficient Existing Protection Data Sensitivity A Few Additional Thoughts on Risk Possible Controls Apply New Security Controls to the Set of Attack Services for Which There Isn't Sufficient Mitigation Build a Defense-in-Depth Summary References Part I Summary Part II Introduction Practicing with Sample Assessments Start with Architecture A Few Comments about Playing Well with Others Understand the Big Picture and the Context Getting Back to Basics References eCommerce Website Decompose the System The Right Level of Decomposition Finding Attack Surfaces to Build the Threat Model Requirements Enterprise Architecture Enterprise Architecture Pre-work: Digital Diskus Digital Diskus' Threat Landscape Conceptual Security Architecture Enterprise Security Architecture Imperatives and Requirements Digital Diskus' Component Architecture Enterprise Architecture Requirements References Business Analytics Architecture Threats Attack Surfaces Attack Surface Enumeration Mitigations Administrative Controls Enterprise Identity Systems (Authentication and Authorization) Requirements References Endpoint Anti-malware A Deployment Model Lens Analysis More on Deployment Model Endpoint AV Software Security Requirements References Mobile Security Software with Cloud Management Basic Mobile Security Architecture Mobility Often Implies Client/Cloud Introducing Clouds Authentication Is Not a Panacea The Entire Message Stack Is Important Just Good Enough Security Additional Security Requirements for a Mobile and Cloud Architecture Cloud Software as a Service (SaaS) What's So Special about Clouds? Analysis: Peel the Onion Freemium Demographics Protecting Cloud Secrets The Application Is a Defense Globality Additional Requirements for
Brook S.E. Schoenfield is Director of Product Security Architecture at Intel Security Group. He is the senior technical leader for software security across the division's broad product portfolio. He has held leadership security architecture positions at high-tech companies for many years. Brook has presented at conferences such as RSA, BSIMM, and SANS What Works Summits on subjects within security architecture, including architecture risk assessment and threat models, information security risk, SaaS/Cloud security, and Agile security. He has been published by CRC Press, SANS, Cisco, and the IEEE.