Securing systems : applied security architecture and threat models

Content: Dedication Contents Foreword by John N. Stewart Foreword by Dr. James F. Ransome Preface  Acknowledgments About the Author   Part I Introduction The Lay of Information Security Land The Structure of the Book  References   Introduction  Breach! Fix It!  Information Security, as Applied to Systems  Applying Security to Any System References  The Art of Security Assessment Why Art and Not Engineering?  Introducing "The Process"  Necessary Ingredients The Threat Landscape Who Are These Attackers? Why Do They Want to Attack My System? How Much Risk to Tolerate? Getting Started References  Security Architecture of Systems Why Is Enterprise Architecture Important? The "Security" in "Architecture" Diagramming For Security Analysis  Seeing and Applying Patterns System Architecture Diagrams and Protocol Interchange Flows (Data Flow Diagrams) Security Touches All Domains Component Views What's Important? What Is "Architecturally Interesting"? Understanding the Architecture of a System Size Really Does Matter Applying Principles and Patterns to Specific Designs Principles, But Not Solely Principles Summary References  Information Security Risk Rating with Incomplete Information Gut Feeling and Mental Arithmetic Real-World Calculation Personal Security Posture Just Because It Might Be Bad, Is It? The Components of Risk Threat Exposure Vulnerability  Impact Business Impact  Data Sensitivity Scales  Risk Audiences The Risk Owner Desired Security Posture Summary References   Prepare for Assessment Process Review Credible Attack Vectors Applying ATASM Architecture and Artifacts  Understand the Logical and Component Architecture of the System Understand Every Communication Flow and Any Valuable Data Wherever Stored  Threat Enumeration List All the Possible Threat Agents for This Type of System List the Typical Attack Methods of the Threat Agents  List the System-Level Objectives of Threat Agents Using Their Attack Methods  Attack Surfaces Decompose (factor) the Architecture to a Level That Exposes Every Possible Attack Surface Filter Out Threat Agents Who Have No Attack Surfaces Exposed to Their Typical Methods  List All Existing Security Controls for Each Attack Surface Filter Out All Attack Surfaces for Which There Is Sufficient Existing Protection  Data Sensitivity A Few Additional Thoughts on Risk  Possible Controls Apply New Security Controls to the Set of Attack Services for Which There Isn't Sufficient Mitigation Build a Defense-in-Depth  Summary References  Part I Summary  Part II Introduction Practicing with Sample Assessments Start with Architecture A Few Comments about Playing Well with Others Understand the Big Picture and the Context Getting Back to Basics References  eCommerce Website Decompose the System The Right Level of Decomposition Finding Attack Surfaces to Build the Threat Model  Requirements  Enterprise Architecture  Enterprise Architecture Pre-work: Digital Diskus  Digital Diskus' Threat Landscape Conceptual Security Architecture  Enterprise Security Architecture Imperatives and Requirements  Digital Diskus' Component Architecture Enterprise Architecture Requirements  References  Business Analytics  Architecture Threats Attack Surfaces  Attack Surface Enumeration  Mitigations Administrative Controls  Enterprise Identity Systems (Authentication and Authorization)  Requirements References  Endpoint Anti-malware A Deployment Model Lens Analysis More on Deployment Model Endpoint AV Software Security Requirements References  Mobile Security Software with Cloud Management Basic Mobile Security Architecture Mobility Often Implies Client/Cloud Introducing Clouds Authentication Is Not a Panacea The Entire Message Stack Is Important Just Good Enough Security Additional Security Requirements for a Mobile and Cloud Architecture  Cloud Software as a Service (SaaS) What's So Special about Clouds? Analysis: Peel the Onion Freemium Demographics Protecting Cloud Secrets The Application Is a Defense "Globality" Additional Requirements for the SaaS Reputation Service 319 References   Part II Summary   Part III Introduction   Patterns and Governance Deliver Economies of Scale Expressing Security Requirements Expressing Security Requirements to Enable  Who Consumes Requirements? Getting Security Requirements Implemented Why Do Good Requirements Go Bad? Some Thoughts on Governance Summary References  Building an Assessment Program Building a Program Senior Management's Job Bottom Up? Use Peer Networks Building a Team Training Documentation and Artifacts Peer Review Workload Mistakes and Missteps Not Everyone Should Become an Architect Standards Can't Be Applied Rigidly One Size Does Not Fit All, Redux Don't Issue Edicts Unless Certain of Compliance Measuring Success Invitations Are Good!  Establish Baselines Summary References  Part III Summary and Afterword Summary Afterword  Index