Information security in the enterprise is challenging and has been considered a roadblock to enterprise innovation and use of new services such as cloud and bring your own device (BYOD). One of the primary reasons for this is the paradigm from which information security is being approached in today's ever evolving and agile businesses. Strict security requirements as an overlay to a perimeter-focused network architecture does not adequately secure enterprise data, failing the agile enterprise.
This book covers the current state of enterprise security and a new model for implementing security in the enterprise. Data-centric security architecture is introduced in the context of a layered security approach for end-to-end security. By looking at each component of the data-centric architecture, the realization of applying these concepts to information security creates a new paradigm to operate from where information security is agile and becomes a business enablement process supporting the latest trends in business such as cloud and BYOD.
The book is a guide to leveraging existing investment in traditional network- and host-based security tools. It introduces the data aspect of security and how to provide complete coverage of enterprise security. With several diagrams to illustrate concepts, and resources for further development in the areas of enterprise information security, this book serves as a go-to reference for IT professionals responsible for securing enterprise networks and data.
Chapter 1, Enterprise Security Overview, introduces readers to the concepts of information security by providing an overview of information security, where we went wrong, and the road map to securing the enterprise.
Chapter 2, Security Architectures, covers the drivers of redefining security architecture from a network-based concept to a data-centric focus as today's ever-changing business landscape has invalidated the traditional security architecture. The chapter introduces trust models and how they can be applied to existing data and infrastructure.
Chapter 3, Security As a Process, covers the importance of security as a process through policies, standards, risk analysis, and security review of changes. For security to be effective in the enterprise, it must be an integral component of everyday business processes.
Chapter 4, Securing the Network, is the first of several chapters diving into the layers of the data-centric security architecture. Methods to secure the enterprise at the network layer leveraging the latest technologies to mitigate threats at the network edge and segmented portions of the network are presented. The reader will also be given guidance on how to secure common network services.
Chapter 5, Securing Systems, presents methods to secure the systems that store, transmit, and process enterprise data. A look at effective approaches to securing systems when traditional methods fail is covered in detail. A list of tools is provided in Appendix C, Security Tools List.
Chapter 6, Securing Enterprise Data, presents readers with methods to secure data in the various states within the enterprise. Encryption, hashing, data loss prevention, and data classification are covered in detail to provide readers with several approaches to secure enterprise data.
Chapter 7, Wireless Network Security, provides coverage of securely implementing wireless networking in the enterprise. Methods to mitigate the most common and dangerous attacks against wireless are discussed. Lastly, the chapter covers proper segmentation of wireless infrastructure from critical segments and assets within the enterprise network.
Chapter 8, The Human Element of Security, takes a look at the weakest link in the enterprise security program: humans. The chapter examines social engineering and security awareness program development. Once a program is developed, consistent testing of the effectiveness of training is presented with several resources to get this portion of the program up and running.
Chapter 9, Security Monitoring, covers the many times overlooked, yet very important aspect of security monitoring. First, the chapter covers monitoring at the various layers of the new security architecture, then dives into leveraging SIEM solutions and providing monitoring for privileged users, systems, and the network.
Chapter 10, Managing Security Incidents, covers security incidents and management. Making the determination on what a security incident is and how to develop the response is the focus of this chapter. Guidelines for developing an incident response capability, along with supporting processes, are also provided to the reader.
Appendix A, Applying Trust Models to Develop a Security Architectuture, walks the reader through applying the presented security architecture and trust models to a real-world scenario. This exercise will strengthen the new concepts presented in Chapter 2, Security Architectures.
Appendix B, Risk Analysis, Policy and Standard, and System Hardening Resources, provides a list of available resources to help the reader develop the necessary enterprise security processes: risk analysis, vulnerability and patch management, and policies and standards.
Appendix C, Security Tools List, covers a list of security tools that can be used to provide security at the network, system, and data layers of the data-centric architecture. In addition to tools for securing the enterprise, the reader is provided tools for testing security, vulnerability identification, and security monitoring. It also provides a list of available resources to help the reader develop the necessary enterprise security processes: risk analysis, vulnerability and patch management, and policies and standards.
Appendix D, Security Awareness Resources, provides the reader a jumping board for building a security awareness program in the enterprise. Resources to learn presentation and teaching skills are provided along with tools to facilitate social engineering testing. Lastly, the reader is provided links to security awareness training materials and safe computing resources.
Appendix E, Security Incident Response Resources, provides a sample incident response process flow along with sample incident response forms and resources for incident response.