Security in a Web 2.0+ World : A... | Buy

Summary

Information security has matured significantly since it was developed as an ad-hoc solution by large enterprises and the military; from the initial art of security it has become a science with structured standards and more certainty expected from its activities. Security in a Web 2.0 world has become extremely necessary and there's a need for qualified material, since companies (especially driven by the new laws) have a greater need of specialized professionals to implement appropriate information security controls, risk management, business continuity guaranties, transparency, traceability of electronic operations, non repudiation of operations and several other factors. There is limited information available on the importance of a consistent model for security supported by international standards; the business value is usually ignored and the topic tends to be managed as a technical issue instead of an organizational model.Carlos Solari and his team present much needed information and a broader view on why and how to use and deploy standards. They set the stage for a standards-based approach to design in security, driven by various factors that include the complexity in securing complex information-communications systems, the need to drive security less after-market and more in product development, the need to better apply security funds to get a better return on investment... Security for complex systems once deployed is at best patchwork fix. The authors are concerned with what can be done now using the methods at our disposal and the technologies already available to set in place the idea that security can be designed in to the complex networks that will exist in the near future. Web 2.0 is still the next great promise of ICT - we still have a chance to correct our path, or better said to design in a more secure path. Solari et al. propose the security triad of prevent-detect-respond as the context for all security functions as well as a framework that measures security, identifies gaps, designs remedies in with consistency and rigor and with grounding on practical things. ISO 27000 series 1,2,3 will be discussed at a high level with the intent to establish the linkage to the standard that they address in detail - the ITU/T X.805 standard.Times is of the essence - prevent-detect-respond!

Foreword
A seasoned and influential security professional puts the chapters of this book into context by discussing the challenges of cyber security in the Web 2.0+ world
Prologue
The World of Cyber Security in 2019
It is 2019, Web 3.0 has arrived, but it is a destination fraught with the problems of cyber security. With the benefit of hindsight, what went wrong in the development of Web2.0 is obvious,howto fix it is not so - the challenges abound. This chapter explores the road we travel and why uncorrected it will lead directly to the destination of an uncertain Web
The Costs and Impact of Cyber Security
An increasing number of reporting and regulatory requirements are being placed on businesses, which is resulting in rising compliance costs while yielding poor results in the actual protection against cyber threats. This chapter discusses cyber security from an economic (cost) and risk management perspective, the methods of quantifying potential losses, enhancing business process, and reaping value from enhanced security standards
Protecting Web 2.0: What Makes it so Challenging?
Web 2.0 has begun to impact almost every aspect of everyday life, but comprehensive controls to protect assets, wireless, and content in all of its forms, has yet to be implemented. The lack of security standards could be potentially devastating as virtual life and the physical world begin to meld without the recognition that both need to be protected with the same vigilance
Limitations of the Present Models
This chapter names the problem - a practiced model of security that is bolted on - and why the current models of cyber security are ineffective in transitioning to Web 2.0. Patching, over-reliance on detection and response, and the omnipresence of data in the cloud require a model of greater discipline where security is part of the design, not the afterthought
Defining the Solution - ITU-T X.805 Standard Explained
Bell Labs introduced a security framework that became Recommendation ITU- T X.805 in 2003. The efficacy of this model for present and Web 2.0 systems is discussed in terms of its overall framework components. As a model it offers a way to apply a disciplined approach to security designed-in, not bolted on. In a security value life cycle, it forms the links in the trust chain from the point of technology creation through technology implemented in security-integrated operational environments
Building the Security Foundation Using the ITU-T X.805
Standard: The ITU-T X.805 Standard Made Operational By using the ITU-T X.805 standard as a framework, this chapter explores how to implement the X.805 framework as a model for trust concepts in applied computing
The Benefits of a Security Framework Approach
Transparency is the primary benefit and one of the key attributes to transform from the present model of aftermarket security to protecting the evolution of Web 2.0. It allows for the proper implementation of security from the beginning stages of product development to the point of delivery while creating a basis for trust, developing a common language, and reducing costs
Correcting Our Path - What Will it Take?
The challenges of protecting Web 2.0 and the solutions toward a more efficient paradigm have been presented, but who will implement these sorely needed changes in the system? Leadership from business, academia, and government is paramount to reshaping the process of how products and solutions are made secure up front in the development life cycle. It will take more than the logic of why it should be done - it will take an active role in these three domains. It starts with the buyers of technology applying the leverage of purchasing in large numbers to change a behavior already ingrained



Glossary
Index
Table of Contents provided by Publisher. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.