Brook S. E. Schoenfield
Secrets of a Cyber Security Architect
Brook S. E. Schoenfield
Secrets of a Cyber Security Architect
- Broschiertes Buch
- Merkliste
- Auf die Merkliste
- Bewerten Bewerten
- Teilen
- Produkt teilen
- Produkterinnerung
- Produkterinnerung
This book is filled with techniques, tips, and tricks that secure software architects and developers can apply directly. From assessing the sensitivity of data in a system through actually getting requirements implemented, this book offers readers practical, how-to advice in small, focused and directly applicable gems of insight, knowledge, and
Andere Kunden interessierten sich auch für
- Barak EngelThe Security Hippie32,99 €
- Brook S. E. SchoenfieldSecuring Systems160,99 €
- Peter YaworskiReal-World Bug Hunting25,99 €
- Mark S. MerkowPractical Security for Agile and DevOps55,99 €
- James F. RansomePractical Core Software Security68,99 €
- Jason AndressFoundations of Information Security25,99 €
- Rongrong YuComputational Design78,99 €
-
-
-
This book is filled with techniques, tips, and tricks that secure software architects and developers can apply directly. From assessing the sensitivity of data in a system through actually getting requirements implemented, this book offers readers practical, how-to advice in small, focused and directly applicable gems of insight, knowledge, and
Produktdetails
- Produktdetails
- Verlag: Taylor & Francis Ltd
- Seitenzahl: 250
- Erscheinungstermin: 21. Januar 2023
- Englisch
- Abmessung: 254mm x 178mm x 13mm
- Gewicht: 484g
- ISBN-13: 9781032475028
- ISBN-10: 1032475021
- Artikelnr.: 70254499
- Verlag: Taylor & Francis Ltd
- Seitenzahl: 250
- Erscheinungstermin: 21. Januar 2023
- Englisch
- Abmessung: 254mm x 178mm x 13mm
- Gewicht: 484g
- ISBN-13: 9781032475028
- ISBN-10: 1032475021
- Artikelnr.: 70254499
Brook S. E. Schoenfield is the author of Securing Systems: Applied Security Architecture and Threat Models and Chapter 9: Applying the SDL Framework to the Real World, in Core Software Security: Security at the Source. He has been published by CRC Press, SANS Institute, Cisco, SAFECode, and the IEEE. Occasionally, he even posts to his security architecture blog, brookschoenfield.com. He is the Master Security Architect at a global cyber security consultancy, where he leads the company's secure design services. He has held security architecture leadership positions at high-tech enterprises for nearly 20 years, at which he has trained and coached hundreds of people in their journey to becoming security architects. Several thousand people have taken his participatory threat modeling classes. Brook has presented and taught at conferences such as RSA, BSIMM, OWASP, and SANS What Works Summits on subjects within security architecture, including threat models, DevOps security, information security risk, and other aspects of secure design and software security. Brook lives in Montana's Bitterroot Mountains. When he's not thinking about, practicing, writing about, and speaking on secure design and software security, he can be found telemark skiing, hiking, and fly fishing in his beloved mountains, exploring new cooking techniques, or playing various genres of guitar--from jazz to percussive fingerstyle.
Introduction. What Is This Thing Called "Security Architecture"?. What Is
Security Assessment. Architecture Risk Assessment. Threat Modeling. ATASM.
Background knowledge: The Three S's. Architecture. Threats. Attack
Surfaces. Mitigations. Requirements. Security Architecture Programs.
Secure Development Lifecycle. Tips and Tricks. Relationships Are (Almost)
Everything. Know the Policies and Standards. Start With Context. Work
Holistically. Assessment is Fractal and Recursive . Don't Get Sidetracked
By Presenting Problems. The Early Requirement Gets the Worm. Break the Kill
Chain to Mitigate. Probability Can Be Reduced To Booleans. Becoming Part of
a Team. We Are Not Cops. Playing a Long Game. Conflict Builds Trust. Give
Risks to Decision Makers. Making Friends with Exceptions. Interjections and
Release Scheduling. What to Do When Brought in Late. Transparency!. Post
Threat Models. The Rule of the Most Sensitive. External to Internal? Build
a mini-DMZ. Peer Review Rules. When Policies Make Sense, When They Don't.
Working with Eyeball-to-Eyeball Security. Measuring Success. Measuring
Architect Performance.
Security Assessment. Architecture Risk Assessment. Threat Modeling. ATASM.
Background knowledge: The Three S's. Architecture. Threats. Attack
Surfaces. Mitigations. Requirements. Security Architecture Programs.
Secure Development Lifecycle. Tips and Tricks. Relationships Are (Almost)
Everything. Know the Policies and Standards. Start With Context. Work
Holistically. Assessment is Fractal and Recursive . Don't Get Sidetracked
By Presenting Problems. The Early Requirement Gets the Worm. Break the Kill
Chain to Mitigate. Probability Can Be Reduced To Booleans. Becoming Part of
a Team. We Are Not Cops. Playing a Long Game. Conflict Builds Trust. Give
Risks to Decision Makers. Making Friends with Exceptions. Interjections and
Release Scheduling. What to Do When Brought in Late. Transparency!. Post
Threat Models. The Rule of the Most Sensitive. External to Internal? Build
a mini-DMZ. Peer Review Rules. When Policies Make Sense, When They Don't.
Working with Eyeball-to-Eyeball Security. Measuring Success. Measuring
Architect Performance.
Introduction. What Is This Thing Called "Security Architecture"?. What Is
Security Assessment. Architecture Risk Assessment. Threat Modeling. ATASM.
Background knowledge: The Three S's. Architecture. Threats. Attack
Surfaces. Mitigations. Requirements. Security Architecture Programs.
Secure Development Lifecycle. Tips and Tricks. Relationships Are (Almost)
Everything. Know the Policies and Standards. Start With Context. Work
Holistically. Assessment is Fractal and Recursive . Don't Get Sidetracked
By Presenting Problems. The Early Requirement Gets the Worm. Break the Kill
Chain to Mitigate. Probability Can Be Reduced To Booleans. Becoming Part of
a Team. We Are Not Cops. Playing a Long Game. Conflict Builds Trust. Give
Risks to Decision Makers. Making Friends with Exceptions. Interjections and
Release Scheduling. What to Do When Brought in Late. Transparency!. Post
Threat Models. The Rule of the Most Sensitive. External to Internal? Build
a mini-DMZ. Peer Review Rules. When Policies Make Sense, When They Don't.
Working with Eyeball-to-Eyeball Security. Measuring Success. Measuring
Architect Performance.
Security Assessment. Architecture Risk Assessment. Threat Modeling. ATASM.
Background knowledge: The Three S's. Architecture. Threats. Attack
Surfaces. Mitigations. Requirements. Security Architecture Programs.
Secure Development Lifecycle. Tips and Tricks. Relationships Are (Almost)
Everything. Know the Policies and Standards. Start With Context. Work
Holistically. Assessment is Fractal and Recursive . Don't Get Sidetracked
By Presenting Problems. The Early Requirement Gets the Worm. Break the Kill
Chain to Mitigate. Probability Can Be Reduced To Booleans. Becoming Part of
a Team. We Are Not Cops. Playing a Long Game. Conflict Builds Trust. Give
Risks to Decision Makers. Making Friends with Exceptions. Interjections and
Release Scheduling. What to Do When Brought in Late. Transparency!. Post
Threat Models. The Rule of the Most Sensitive. External to Internal? Build
a mini-DMZ. Peer Review Rules. When Policies Make Sense, When They Don't.
Working with Eyeball-to-Eyeball Security. Measuring Success. Measuring
Architect Performance.