Securing Systems: Applied Security Architecture and Threat Models (Hardcover)

Brook S. E. Schoenfield

  • 出版商: CRC
  • 出版日期: 2015-05-20
  • 售價: $2,310
  • 貴賓價: 9.5$2,195
  • 語言: 英文
  • 頁數: 440
  • 裝訂: Hardcover
  • ISBN: 1482233975
  • ISBN-13: 9781482233971
  • 相關分類: 資訊安全
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Internet attack on computer systems is pervasive. It can take from less than a minute to as much as eight hours for an unprotected machine connected to the Internet to be completely compromised. It is the information security architect’s job to prevent attacks by securing computer systems. This book describes both the process and the practice of assessing a computer system’s existing information security posture. Detailing the time-tested practices of experienced security architects, it explains how to deliver the right security at the right time in the implementation lifecycle.

Securing Systems: Applied Security Architecture and Threat Models covers all types of systems, from the simplest applications to complex, enterprise-grade, hybrid cloud architectures. It describes the many factors and prerequisite information that can influence an assessment. The book covers the following key aspects of security analysis:

  • When should the security architect begin the analysis?
  • At what points can a security architect add the most value?
  • What are the activities the architect must execute?
  • How are these activities delivered?
  • What is the set of knowledge domains applied to the analysis?
  • What are the outputs?
  • What are the tips and tricks that make security architecture risk assessment easier?

To help you build skill in assessing architectures for security, the book presents six sample assessments. Each assessment examines a different type of system architecture and introduces at least one new pattern for security analysis. The goal is that after you’ve seen a sufficient diversity of architectures, you’ll be able to understand varied architectures and can better see the attack surfaces and prescribe security solutions.

商品描述(中文翻譯)

網絡對計算機系統的攻擊是普遍存在的。一個連接到互聯網的未受保護的機器完全被入侵可能需要不到一分鐘,也可能需要長達八小時的時間。信息安全架構師的工作是通過保護計算機系統來防止攻擊。本書描述了評估計算機系統現有信息安全狀態的過程和實踐。通過詳細介紹經驗豐富的安全架構師的時間考驗過的實踐,本書解釋了如何在實施生命周期的適當時間提供正確的安全性。

《保護系統:應用安全架構和威脅模型》涵蓋了從最簡單的應用程序到複雜的企業級混合雲架構的所有類型的系統。它描述了可能影響評估的許多因素和先決信息。本書涵蓋了安全分析的以下關鍵方面:
- 安全架構師應該在何時開始分析?
- 安全架構師在哪些時候能夠提供最大價值?
- 架構師必須執行哪些活動?
- 這些活動如何交付?
- 應用於分析的知識領域有哪些?
- 輸出結果是什麼?
- 使安全架構風險評估更容易的技巧有哪些?

為了幫助您在安全性評估方面建立技能,本書提供了六個樣本評估。每個評估都檢查不同類型的系統架構,並介紹至少一種新的安全分析模式。目標是在您看到足夠多樣化的架構後,您能夠理解各種架構,並更好地看到攻擊面和提供安全解決方案。