Open Enterprise Security Architecture O-ESA

Name: Open Enterprise Security Architecture O-ESA
Brand: Van Haren Publishing BV
Price: 47.99 EUR
Availability: OnlineOnly

Gunnar Petersen Stefan Wahe(Author)

Van Haren Publishing BV

Published on 11. June 2020

161 pages

E-Book

PDF with Adobe-DRM

System requirements

978-90-8753-673-2 (ISBN)

€47.99incl. 7% vat

System requirements

for PDF with Adobe-DRM

E-Book Single Licence

Available for download

Description

More details

Other editions

Content

Intro
Preface
Trademarks
Acknowledgements
Referenced documents
Chapter 1 Executive overview
Chapter 2 Introduction
2.1 General description of an enterprise security program
2.2 Enterprise security program framework
2.3 Enterprise security architecture
2.3.1 The house design model
2.3.2 The enterprise security system design model
2.3.3 Community standards versus corporate standards
2.3.4 Building codes and engineering practices versus governance
2.3.5 House architecture versus security technology architecture
2.3.6 Bill of materials versus security services
2.3.7 Maintenance versus operations
2.3.8 The remodeling
Chapter 3 Security governance
3.1 Governance components and processes
3.2 Governance process overview
3.3 Governance process roles
3.4 Governance model policy framework
3.5 Governance principles
3.5.1 Security by design
3.5.2 Managed risk
3.5.3 Usability and manageability
3.5.4 Defense in depth
3.5.5 Simplicity
3.5.6 Resilience
3.5.7 Integrity
3.5.8 Enforced policy
3.5.9 Design for malice
3.5.10 Mobility
3.6 Policies
3.6.1 Policy development
3.6.2 Policy template - ISO/IEC 27002
3.6.3 Security policy language - XACML
3.7 Standards, guidelines, and procedures
3.8 Enforcement
3.9 Ongoing assessment
3.10 Governance example
3.10.1 Authentication policy example
3.10.2 Password quality enforcement standard example
3.10.3 Example comments
Chapter 4 Security technology architecture
4.1 Components and processes
4.2 Conceptual framework for policy-driven security
4.3 Conceptual architecture for policy-driven security
4.3.1 PDP/PEP detail
4.4 Identity management architecture
4.4.1 Identity management conceptual architecture
4.4.2 Identity management logical architecture
4.4.3 Identity management security services template
4.4.4 Identity management physical architecture
4.5 Border protection architecture
4.5.1 Border protection conceptual architecture
4.5.2 Border protection logical architecture
4.5.3 Border protection security services template
4.6 Other security services template
4.6.1 Access management services
4.6.2 Configuration management services
4.6.3 Access control services
4.6.4 Authentication services
4.6.5 Authorization services
4.6.6 Detection services
4.6.7 Virtualization
4.6.8 Content control services
4.6.9 Auditing services
4.6.10 Cryptographic services
4.7 Design and development
4.7.1 Design principles
4.7.2 Design requirements
4.7.3 Design best practices
4.7.4 Re-usable tools, libraries, and templates
4.7.5 Coding best practices
4.7.6 Testing best practices
Chapter 5 Security operations
5.1 Asset management
5.2 Security event management
5.3 Security administration
5.4 Security compliance
5.5 Vulnerability management
5.5.1 Reactive process for responding to vulnerability notifications
5.5.2 Proactive process for vulnerability identification and response
5.6 Event management
5.7 Incident management
5.8 Testing security architecture
5.9 Security metrics
5.9.1 Operational and business-aligned metrics
5.9.2 Objectives
5.9.3 What is a security metric?
5.9.4 Types of metrics
5.9.5 Applying security metrics
5.9.6 Types of metrics
5.9.7 Security metrics process
Chapter 6 Toward policy-driven securityarchitecture
6.1 Policy layers and relationships
6.2 Policy automation vision
6.3 Policy automation model
6.3.1 Policy automation model - HIPAA example
6.4 Policy automation roadmap
Chapter 7 Conclusions and recommendations
7.1 Conclusions
7.2 Recommendations
7.2.1 Recommendations to user organizations
7.2.1 Recommendations to vendors and standards organizations
Appendix AGlossary of resources
A.1 Security governance resources and tools
A.2 NIST references for O-ESA implementation
Appendix BSecurity Architecture Checklist
Glossary
Index

Content (PDF)

System requirements

Save as PDF Copy link into clipboard

Schweitzer Fachinformationen

Open Enterprise Security Architecture O-ESA

Description

More details

Other editions

Additional editions

Content

System requirements