Securing Systems Applied Security Architecture and Threat Models

The Lay of Information Security LandThe Structure of the BookReferencesIntroductionBreach! Fix It!Information Security, as Applied to SystemsApplying Security to Any SystemReferencesThe Art of Security AssessmentWhy Art and Not Engineering?Introducing "The Process"Necessary IngredientsThe Threat LandscapeWho Are These Attackers? Why Do They Want to Attack My System?How Much Risk to Tolerate?Getting StartedReferencesSecurity Architecture of SystemsWhy Is Enterprise Architecture Important?The "Security" in "Architecture"Diagramming For Security AnalysisSeeing and Applying PatternsSystem Architecture Diagrams and Protocol Interchange Flows (Data Flow Diagrams)Security Touches AH DomainsComponent ViewsWhat's Important?What Is "Architecturally Interesting"?Understanding the Architecture of a SystemSize Really Does MatterApplying Principles and Patterns to Specific DesignsPrinciples, But Not Solely PrinciplesSummaryReferencesInformation Security RiskRating with Incomplete InformationGut Feeling and Mental ArithmeticReal-World CalculationPersonal Security PostureJust Because It Might Be Bad, Is It?The Components of RiskThreatExposureVulnerabilityImpactBusiness ImpactData Sensitivity ScalesRisk AudiencesThe Risk OwnerDesired Security PostureSummaryReferencesPrepare for AssessmentProcess ReviewCredible Attack VectorsApplying ATASMArchitecture and ArtifactsUnderstand the Logical and Component Architecture of the SystemUnderstand Every Communication Flow and Any Valuable Data Wherever StoredThreat EnumerationList All the Possible Threat Agents for This Type of SystemList the Typical Attack Methods of the Threat AgentsList the System-Level Objectives of Threat Agents Using Their Attack MethodsAttack SurfacesDecompose (factor) the Architecture to a Level That Exposes Every Possible Attack SurfaceFilter Out Threat Agents Who Have No Attack Surfaces Exposed to Their Typical MethodsList All Existing Security Controls for Each Attack SurfaceFilter Out All Attack Surfaces for Which There Is Sufficient Existing ProtectionData SensitivityA Few Additional Thoughts on RiskPossible ControlsApply New Security Controls to the Set of Attack Services for Which There Isn't Sufficient MitigationBuild a Defense-in-DepthSummaryReferencesI SummaryPracticing with Sample AssessmentsStart with ArchitectureA Few Comments about Playing Well with OthersUnderstand the Big Picture and the ContextGetting Back to BasicsReferenceseCommerce WebsiteDecompose the SystemThe Right Level of DecompositionFinding Attack Surfaces to Build the Threat ModelRequirementsEnterprise ArchitectureEnterprise Architecture Pre-work: Digital DiskusDigital Diskus' Threat LandscapeConceptual Security ArchitectureEnterprise Security Architecture Imperatives and RequirementsDigital Diskus' Component ArchitectureEnterprise Architecture RequirementsReferencesBusiness AnalyticsArchitectureThreatsAttack SurfacesAttack Surface EnumerationMitigationsAdministrative ControlsEnterprise Identity Systems (Authentication and Authorization)RequirementsReferencesEndpoint Anti-malwareA Deployment Model LensAnalysisMore on Deployment ModelEndpoint AV Software Security RequirementsReferencesMobile Security Software with Cloud ManagementBasic Mobile Security ArchitectureMobility Often Implies Client/CloudIntroducing CloudsAuthentication Is Not a PanaceaThe Entire Message Stack Is ImportantJust Good Enough SecurityAdditional Security Requirements for a Mobile and Cloud ArchitectureCloud Software as a Service (SaaS)What's So Special about Clouds?Analysis: Peel the OnionFreemium DemographicsProtecting Cloud SecretsThe Application Is a Defense"Globality"Additional Requirements for the SaaS Reputation ServiceReferencesII SummaryPatterns and Governance Deliver Economies of ScaleExpressing Security RequirementsExpressing Security Requirements to EnableFinding the Right Level and GranularityWho Consumes Requirements?The Early Bird Gets to InfluenceGetting Security Requirements ImplementedIt's A PartnershipFully ParticipatingPain Point JujitsuWhy Do Good Requirements Go Bad?Some Thoughts on GovernanceSummaryReferencesBuilding an Assessment Program Building a ProgramSenior Management's JobBottom Up?Use Peer NetworksBuilding a TeamTrainingDocumentation and ArtifactsPeer ReviewWorkloadMistakes and MisstepsNot Everyone Should Become an ArchitectStandards Can't Be Applied RigidlyOne Size Does Not Fit AH, ReduxDon't Issue Edicts Unless Certain of ComplianceMeasuring SuccessInvitations Are Good!Establish BaselinesSummaryReferencesIII Summary and AfterwordSummaryAfterword
Next >