Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Title Page Copyright and Credits
Hands-On Cybersecurity for Architects
Dedication Packt Upsell
Why subscribe? PacktPub.com
Contributors
About the authors About the reviewer Packt is searching for authors like you
Preface
Who this book is for What this book covers To get the most out of this book
Conventions used
Get in touch
Reviews
Security Architecture History and Overview
The history of architecture
The history of security architecture
Security in network architecture Security in infrastructure architecture Security in application architecture Security in virtual architectures
Security in the cloud Security architecture Architecture layers in an organization The different security architecture roles The importance of templatization Security architecture principles
Summary Questions Further Reading
Security Governance
Security principles
Developing principles Sample security architecture principles
Security architecture policies and standards
Policy development process
Interview individual stakeholders Agree upon areas for policy development Discuss policy options Review draft policy documents Final sign-off of policy document
The policy document Language of policies Security policy and standard areas
Security Architecture Guidance (SAG) document
Security architecture guidance for projects
Information-based security Authentication/authorization controls Access controls Data in flight security Data at rest security Audit logging Summary of requirements in an SAG
Summary Questions
Reference Security Architecture
Reference security technology architecture
Border protection Detection services Content control services Configuration management Auditing services Physical security technologies Identity and Access Management Cryptographic services Application security
Reference security process architecture
Personnel processes Data control management Architecture Infrastructure processes Core SOC processes Intelligence Access management Business continuity/disaster recovery  Security toolset Compliance Business engagement Process improvement
Reference Security People Architecture
Security oversight IT risk Security engineering Security operations Identity and Access Management
Summary Questions
Cybersecurity Architecture Strategy
Cybersecurity architecture strategy
 Leveraging the Reference Security Architecture  Requirement gathering for strategies Current state assessment Environmental variables Future wants and needs
Strengths, Weaknesses, Opportunities, and Threats (SWOT)
Initiatives (both direct and indirect) Roadmaps Annual review Metrics
Summary Questions
Program and Strategy Level Work Artifacts
Reference security architecture
Key decision documents Risk register
Understanding risk Monitoring risk The risk impact assessment and the risk register Final measurement of risk
Whitepapers Evaluation of the current state
Summary Questions
Security Architecture in Waterfall Projects
Overview of waterfall project delivery The difference between the Solution Architect and Supporting Architect
Initiation phase Requirement gathering phase Design phase Build phase Testing phase Production Turnover phase
Comments on the Agile methodology Summary Questions
Security Architecture Project Delivery Artifacts
Requirements Gathering Documentation
Requirement-gathering process Requirements-gathering spreadsheet Requirements document Requirements Traceability Matrix (RTM)
Vendor selection Security-design assessments
SDA project plan SDA checklist SDA workbook SDA executive summary
Test plans
Types of testing
Build documentation
Installation table Database table Administrator table Username tables URL tables Additional information
Summary Questions
Architecture Design Document
Approaches to the ADD Header sections
Purpose, summary, and usage Executive summary Scope Compliance References to requirements
Target architecture
Business architecture Data and information architecture
A special note on tokenization
Application architecture Infrastructure architecture
Concluding sections
Gap analysis Recommendations
Summary Questions
Security Architecture and Operations
Strategy feedback loop
Security operations strategies Improvement in capabilities Inputs into security architecture strategy
Monitoring for architectural risk Supporting operational strategies Summary Questions
Practical Security Architecture Designs
Endpoint security
Ransomware
Mitigation
Spyware and adware
Mitigation
Trojan horses
Mitigation
Viruses
Mitigations
Summary
Mail security
The need for email security Email security best practices
Email security policies Use of secured exchange servers User education on security threats Host-based security tools Encryption Securing webmail applications Email scanners Email backup
End user security practices
Avoid opening suspicious emails, attachments, or links Changing passwords Not sharing passwords Using spam filters Avoid logging into emails on public Wi-Fi connections Avoid sending sensitive information via mail
Email security resources
Microsoft Exchange Server Sophos PureMessage for Microsoft Exchange Symantec mail security Websense email security
Summary
Network security
DDOS attacks
Mitigation
Eavesdropping
Mitigation
Data breaches
Mitigation
Summary
Cloud security
Data breaches
Mitigation
Compromised credentials
Mitigation
Denial of Service
Mitigation
Summary
Bring Your Own Device
Data loss 
Mitigation
Insecure usage
Mitigation
Remote access by malicious parties
Mitigation
Malicious applications
Mitigation
Insider threats
Mitigation
Summary
Internet of Things
Weak authentication/authorization
Mitigation
Insecure interfaces
Mitigation
Lack of encryption
Mitigation
Insufficient configurability
Mitigation
Summary
Summary Questions Further reading
Trends in Security Architecture Technology
Border protection
Cloud security Tokenization Disaster recovery VPN
Detection services
Artificial Intelligence Incident response
Content control services
Spam as a new phishing technique
Identity and Access Management
Increasing use of two factor authentication
Auditing services
Privacy/GDPR
Configuration management
Internet of Things End point security New technologies — new breaches
Cryptographic services
Bitcoin and blockchain security
Application security
Applications serving their nation states
Summary Questions
The Future of Security Architecture
Environmental variables
Political variables Economic variables Technical variables Social variables Competitive variables
General future associated with security architects
Market consolidations Breaches and reactions Secure by design? Managed Security Service Providers and outsourcers The evolution of the security tower The merging of cybersecurity and physical security
Summary Questions
Assessment
Chapter 1, Security Architecture History and Overview Chapter 2, Security Governance Chapter 3, Reference Security Architecture Chapter 4, Cybersecurity Architecture Strategy Chapter 5, Program–and Strategy–Level Work Artifacts Chapter 6, Security Architecture in Waterfall Projects Chapter 7, Security Architecture Project Delivery Artifacts Chapter 8, Architecture Design Document Chapter 9, Security Architecture and Operations Chapter 10, Practical Security Architecture Designs Chapter 11, Trends in Security Architecture Technology Chapter 12, The Future of Security Architecture
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion