Enterprise Security Architecture

1. Chapter 08: The Human Element of Security

1.1. Social Engineering

1.1.1. Electronic Communication Methods

1.1.1.1. SPAM Email

1.1.1.1.1. Key Indicators of SPAM Email

1.1.1.1.2. Mitigating SPAM Email

1.1.1.2. Social Media

1.1.1.2.1. Mitigating Social Media Methods

1.1.2. In-Person Methods

1.1.2.1. Mitigating In-Person Methods

1.1.3. Phone Methods

1.1.3.1. Mitigating Phone Methods

1.1.4. Business Networking Sites

1.1.4.1. Mitigating Business Network Site Attacks

1.1.5. Job Posting Sites

1.1.5.1. Mitigating Job Posting Based Attacks

1.2. Security Awareness Training

1.2.1. Training Materials

1.2.1.1. Computer Based Training

1.2.1.2. Classroom Training

1.2.1.3. Associate Surveys

1.2.2. Common Knowledge

1.2.3. Specialized Material

1.2.4. Affective Training

1.2.5. Continued Education and Checks

1.3. Access Denied

1.4. Administrator Access

1.4.1. System Administrator

1.4.2. Data Administrator

1.4.3. Application Administrator

1.5. Physical Security

1.6. Conclusion

2. Chapter 09: Security Monitoring

2.1. Monitor Strategies

2.1.1. Monitoring Based on Trust Models

2.1.1.1. Data Monitoring

2.1.1.2. Process Monitoring

2.1.1.3. Application Monitoring

2.1.1.4. User Monitoring

2.1.2. Monitoring Based on Network Boundary

2.1.3. Monitoring Based on Network Segment

2.2. SIEM

2.3. Privileged User Access

2.3.1. Privileged Data Access

2.3.2. Privileged System Access

2.3.3. Privileged Application Access

2.4. Systems Monitoring

2.4.1. Operating System Monitoring

2.4.2. Host Intrusion Detection System

2.5. Network Security Monitoring

2.5.1. Next Generation Firewalls

2.5.2. Data Loss Prevention

2.5.3. Malware Detection and Analysis

2.5.4. Intrusion Prevention

2.6. SIEM

2.7. Predictive Behaviorial Analysis

2.8. Conclusion

3. Chapter 10: Security Incidents

3.1. Defining a Security Incident

3.1.1. Security Event Versus Incident

3.2. Developing Supporting Processes

3.2.1. Security Incident Detection and Determination

3.2.1.1. Physical Security Incidents

3.2.1.2. Network Based Security Incidents

3.3. Getting Enterprise Support

3.4. Building the Incident Response Team

3.5. Taking Action

3.5.1. In-house Incident Response

3.5.2. Contracted Incident Response

4. Chapter 11: Selling Security to the C-Suite

4.1. Enterprise Accounting Overview

4.2. Presenting the Case for Security

4.3. Strategies for Securing the Enterprise

5. Security As a Service

5.1. Penetration Testing

5.2. Identity and Access Administration

5.3. Security Event Management

5.4. Security Incident Response

6. Chapter 01: Enterprise Security Overview

6.1. The Idea and Facade of Enterprise Security

6.1.1. The History and Making of the Facade

6.1.2. The Idea of Security

6.1.2.1. What it is

6.1.2.2. What it should be

6.2. Enterprise Security Challenges

6.2.1. Shortcomings of Current Security Architecture

6.2.2. Communicating Information Security

6.2.3. The Cost of Information Security

6.2.4. The Conflicting Message of Information Security

6.3. Proving A Negative

6.4. The Roadmap to Securing the Enterprise

6.4.1. Roadmap Components

6.4.1.1. Defining Users

6.4.1.2. Defining Applications

6.4.1.3. Defining Data

6.4.1.4. Defining Roles

6.4.1.5. Defining Processes

6.4.1.6. Defining Policies and Standards

6.4.1.7. Defining Network Architecture

7. Chapter 02: Security Architectures

7.1. Redefining the Network Edge

7.1.1. Drivers for Redefinition

7.1.1.1. Feature Rich Web Apps

7.1.1.2. Business Partner Services

7.1.1.3. Misc 3rd Party Services

7.1.1.4. BYOX Management

7.1.1.5. Cloud Initiatives

7.2. Security Architecture Models

7.2.1. Defining Trust Model Building Blocks

7.2.1.1. Defining Data In A Trust Model

7.2.1.1.1. Data Locations

7.2.1.1.2. Data Types

7.2.1.2. Defining Processes In A Trust Model

7.2.1.3. Defining Applications In A Trust Model

7.2.1.4. Defining Roles In A Trust Model

7.2.1.5. Defining Users In A Trust Model

7.2.1.6. Defining Policies and Standards

7.2.2. Enterprise Trust Models

7.2.2.1. Business Roles

7.2.2.2. IT Roles

7.2.2.2.1. Application User (External)

7.2.2.2.2. Application Owner (Business Partner)

7.2.2.2.3. System Owner (Contractor)

7.2.2.2.4. Data Owner (Internal)

7.2.2.2.5. Security Administrator

7.2.2.2.6. Automation

7.2.3. Micro Architectures

7.2.4. Data Risk Centric Architectures

8. Chapter 03: Security As A Process

8.1. Risk Analysis

8.1.1. BYOx Initiatives

8.1.1.1. Bring Your Own Device

8.1.1.2. Bring Your Own PC

8.1.2. What is risk analysis?

8.1.2.1. Assessing Threats

8.1.2.2. Assessing Impact

8.1.2.3. Assessing Probability

8.1.2.4. Assessing Risk

8.1.2.4.1. Qualitative Risk Analysis

8.1.2.4.2. Quantitative Risk Analysis

8.1.3. Applying Risk Analysis To Trust Models

8.1.4. Deciding on A Risk Analysis Methodology

8.1.5. Other Thoughts on Risk and New Enterprise Endeavors

8.2. Policies and Standards

8.2.1. Understanding Proper Security Policy Development

8.2.2. Common Enterprise Security Policies

8.2.2.1. Information Security Policy

8.2.2.2. Acceptable Use Policy

8.2.2.3. Technology Use Policy

8.2.2.4. Remote Access Policy

8.2.2.5. Data Classification Policy

8.2.2.6. Data Handling Policy

8.2.2.7. Data Destruction Policy

8.2.2.8. Data Retention Policy

8.2.3. Policies for Emerging Technologies

8.2.3.1. Policy Considerations

8.2.3.2. Emerging Technology Challenges

8.2.4. Developing Enterprise Security Standards

8.2.4.1. Common IT Security Standards

8.2.4.1.1. Wireless Network Security Standard

8.2.4.1.2. Enterprise Monitoring Standard

8.2.4.1.3. Enterprise Encryption Standard

8.2.4.1.4. System Hardening Standard

8.3. Security Review of Changes

8.3.1. Perimeter Security

8.3.2. Data Access Changes

8.3.3. Network Architectural Changes

8.4. Security Exceptions

8.5. Vulnerability MGT

8.6. SDLC

8.7. Appendix

8.7.1. Resources for Risk Analysis

8.7.2. Resources for Policies and Standards

8.7.3. Resources for System Hardening

9. Chapter 04: Securing the Network

9.1. Overview of Securing the Network

9.2. Next Generation Firewalls

9.2.1. Benefits of the NGFW

9.2.1.1. Application Awareness

9.2.1.2. IPS

9.2.1.3. Advanced Malware Mitigation

9.3. Intrusion Detection and Prevention

9.3.1. Intrusion Detection

9.3.2. Intrusion Prevention

9.3.3. Detection Methods

9.3.3.1. Behavioural Analysis

9.3.3.2. Anomaly Detection

9.3.3.3. Signature-Based

9.4. Advanced Persistent Threat Detection and Mitigation

9.5. Securing Network Services

9.5.1. DNS

9.5.1.1. DNS Resolution

9.5.1.2. DNS Zone Transfer

9.5.1.3. DNS Records

9.5.1.4. DNSSEC

9.5.2. Email

9.5.2.1. SPAM Filtering

9.5.2.1.1. SPAM Filtering in the Cloud

9.5.2.1.2. Local SPAM Filtering

9.5.2.2. SPAM Relaying

9.5.3. File Transfer

9.5.3.1. Implementation Considerations

9.5.3.1.1. Secure File Transfer Protocols

9.5.3.1.2. User Authentication

9.5.4. User Internet Access

9.5.5. Websites

9.5.5.1. Secure Coding

9.5.5.2. NGFW

9.5.5.3. IPS

9.5.5.4. Web App Firewall

9.5.5.5. Database Encryption

9.5.5.5.1. The Need for Database Encryption

9.5.5.5.2. Methods of Database Encryption

9.6. Network Segmentation

9.6.1. Network Segmentation Strategy

9.6.1.1. Asset Identification

9.6.1.2. Security Mechanisms

9.7. Applying Security Architecture to the Network

9.7.1. Security Architecture in the DMZ

9.7.2. Security Architecture in the Internal Network

9.7.3. Security Architecture and Network Segmentation

10. Chapter 05: Securing Systems

10.1. System Classification

10.1.1. Implementation Considerations

10.1.2. System Management

10.1.2.1. Asset Inventory Labels

10.1.2.2. System Patching

10.2. File Integrity Monitoring

10.2.1. FIM Implementation Challenges

10.2.2. Implementing File Integrity Monitoring

10.2.2.1. Real-time File Integrity Monitoring

10.2.2.2. Manual Mode File Integrity Monitoring

10.3. Application Whitelisting

10.3.1. Application Whitelisting Implementation Challenges

10.4. Host Intrusion Detection

10.4.1. Challenges to HIPS Implementation

10.5. Host Firewall

10.5.1. Challenges to Host Firewall Implementation

10.6. Anti-virus

10.6.1. Signature Based Anti-virus

10.6.2. Heuristic Anti-virus

10.6.3. Challenges of Anti-virus

10.7. User Account Management

10.7.1. User Roles and Permissions

10.7.2. User Account Auditing

10.8. Policy Enforcement

10.9. Summary

11. Chapter 06: Securing Data

11.1. Data Classification

11.1.1. Identifying Enterprise Data

11.1.1.1. Data Types

11.1.1.2. Data Locations

11.1.1.3. Automating Discovery

11.1.1.4. Assign Data Owners

11.1.2. Assign Data Classification

11.2. Data Loss Prevention

11.2.1. Data In Storage

11.2.2. Data In Use

11.2.3. Data In Transit

11.2.4. DLP Implementation

11.2.4.1. DLP Network

11.2.4.2. DLP Email and Web

11.2.4.3. DLP Discover

11.2.4.4. DLP Endpoint

11.3. Encryption and Hashing

11.3.1. Format Preserving Encryption

11.3.2. Key Management

11.3.3. Salting

11.3.4. Hashing

11.3.5. Encryption and Hashing Explained

11.3.5.1. Encryption

11.3.5.1.1. Encrypting Data At Rest

11.3.5.1.2. Encryption Data At Rest

11.3.5.1.3. Encryption Data In Transit

11.4. Tokenization

11.5. Data Masking

11.6. Authorization

11.7. Developing Supporting Processes

11.8. Summary

12. Chapter 07: Wireless Network Security

12.1. Security and Wireless Networks

12.2. Securing Wireless Networks

12.2.1. Unique SSID

12.2.2. Wireless Authentication

12.2.2.1. Shared Key

12.2.2.1.1. Caveats of Shared Key Implementation

12.2.2.2. 802.1x

12.2.2.2.1. Caveats of 802.1x Implementation

12.2.3. Wireless Encryption

12.2.3.1. WEP

12.2.3.2. WPA

12.2.3.3. WPA2

12.3. Wireless Network Implementation

12.3.1. Wireless Network Range

12.3.2. End System Configuration

12.3.3. Wireless Encryption and Authentication Recommendations

12.3.3.1. Client-Side Certificates

12.3.3.2. EAP-TLS

12.3.3.3. Unique System Check

12.4. Wireless Segmentation

12.4.1. Wireless Network Integration

12.5. Wireless Network Intrusion Prevention

12.6. Summary