Enterprise level security : securing information systems in an uncertain world /: securing information systems in an uncertain world. (2016)
- Record Type:
- Book
- Title:
- Enterprise level security : securing information systems in an uncertain world /: securing information systems in an uncertain world. (2016)
- Main Title:
- Enterprise level security : securing information systems in an uncertain world
- Further Information:
- Note: Author, William R. Simpson.
- Authors:
- Simpson, William Randolph, 1946-
- Contents:
- Introduction ; Problem Description; What Is Enterprise Level Security?; Distributed versus Centralized Security; Crafting a Security Model; Entities and Claims; Robust Assured Information Sharing; Key Concepts; Two Steps Forward and One Step Back; The Approximate Time-Based Crafting; Summary; ; BASICS AND PHILOSOPHY; ; Identity; Who Are You?; Naming; Identity and Naming: Case Study; Implications for Information Security; Personas; Identity Summary; ; Attributes; Facts and Descriptors; An Attribute Ecosystem; Data Sanitization; Temporal Data; Credential Data; Distributed Stores; ; Access and Privilege; Access Control; Authorization and Access in General; Access Control List; Complex Access Control Schemas; Privilege; Concept of Least Privilege; ; Cryptography; Introduction; Cryptographic Keys and Key Management; Symmetric Keys; Store Keys; Delete Keys; Encryption; Symmetric versus Asymmetric Encryption Algorithms; Decryption; Hash Function; Signatures; A Note on Cryptographic Key Lengths; Internet Protocol Security; Other Cryptographic Services; The Java Cryptography Extension; Data at Rest; Data in Motion; ; The Cloud; The Promise of Cloud Computing; Benefits of the Cloud; Drawbacks of Cloud Usage; Challenges for the Cloud and High Assurance; Cloud Accountability, Monitoring, and Forensics; Standard Requirements for Cloud Forensics; ; The Network; The Network Entities; ; TECHNICAL DETAILS; ; Claims-Based Authentication; Authentication and Identity; Credentials in theIntroduction ; Problem Description; What Is Enterprise Level Security?; Distributed versus Centralized Security; Crafting a Security Model; Entities and Claims; Robust Assured Information Sharing; Key Concepts; Two Steps Forward and One Step Back; The Approximate Time-Based Crafting; Summary; ; BASICS AND PHILOSOPHY; ; Identity; Who Are You?; Naming; Identity and Naming: Case Study; Implications for Information Security; Personas; Identity Summary; ; Attributes; Facts and Descriptors; An Attribute Ecosystem; Data Sanitization; Temporal Data; Credential Data; Distributed Stores; ; Access and Privilege; Access Control; Authorization and Access in General; Access Control List; Complex Access Control Schemas; Privilege; Concept of Least Privilege; ; Cryptography; Introduction; Cryptographic Keys and Key Management; Symmetric Keys; Store Keys; Delete Keys; Encryption; Symmetric versus Asymmetric Encryption Algorithms; Decryption; Hash Function; Signatures; A Note on Cryptographic Key Lengths; Internet Protocol Security; Other Cryptographic Services; The Java Cryptography Extension; Data at Rest; Data in Motion; ; The Cloud; The Promise of Cloud Computing; Benefits of the Cloud; Drawbacks of Cloud Usage; Challenges for the Cloud and High Assurance; Cloud Accountability, Monitoring, and Forensics; Standard Requirements for Cloud Forensics; ; The Network; The Network Entities; ; TECHNICAL DETAILS; ; Claims-Based Authentication; Authentication and Identity; Credentials in the Enterprise; Authentication in the Enterprise; Infrastructure Security Component Interactions; Compliance Testing; Federated Authentication; ; Credentials for Access Claims; Security Assertion Markup Language; Access Control Implemented in the Web Service; Establishing Least Privilege; Default Values; Creating an SAML Token; Scaling of the STS for High Assurance Architectures; Rules for Maintaining High Assurance during Scale-Up; ; Claims Creation; Access Control Requirements at the Services; Access Control Requirement; Enterprise Service Registry; Claims Engine; Computed Claims Record; ; Invoking an Application; Active Entities; Claims-Based Access Control; Establishing Least Privilege; Authorizing the User to the Web Application; Authorizing a Web Service to a Web Service; Interaction between Security Components; ; Cascading Authorization; Basic Use Case1; Standard Communication; Pruning Attributes, Groups, and Roles; Required Escalation of Privilege; Data Requirements for the Pruning of Elements; Saving of the SAML Assertion; SAML Token Modifications for Further Calls; An Annotated Notional Example; Additional Requirements; Service Use Case Summary; ; Federation; Federation; Elements of Federated Communication; Example Federation Agreement; Access from Outside the Enterprise; Trusted STS Store; Trusted STS Governance; ; Content Access Control; Authoritative and Nonauthoritative Content; Content Delivery Digital Rights Management; Mandatory Access Control; Access Control Content Management System; Enforcing Access Control; Labeling of Content and Information Assets; Conveying Restrictions to the Requester; Enforcing/Obtaining Acknowledgment of Restrictions; Metadata; Content Management Function; Components of a Stored Information Asset; Additional Elements for Stored Information Assets; Key Management Simplification; Import or Export of Information Assets; ; Delegation; Delegation Service; Service Description for Delegation; Form of Extended Claims Record; Special Delegation Service; ; The Enterprise Attribute Ecosystem; User and Data Owner Convenience Functions; Attribute Ecosystems Use Cases; Attribute Ecosystem Services; ; Database Access; Database Models; Database Interfaces and Protocols; Overall Database Considerations; Enterprise Resource Planning Business Software; ERP as a Legacy System; Hardening of ERP Database Systems; ; Building Enterprise Software; Services Types; Functionality of All Services; Service Model; Enterprise Services Checklist; Enterprise Service Registry; Service Discovery: Manual and Automated; Additional Considerations; Orchestration; ELS Interface; Access Control List; ; Vulnerability Analyses; Vulnerability Causes; Related Work; Vulnerability Analysis; Flaw Remediation; Summary; ; An Enterprise Support Desk; Monitoring; Data Repository System; Information for Service Monitoring; Centralized Repository; Services by Type; Data Keeping Requirements; Naming Schema; Monitor Activities; Help Desk Breakdown; Customer Support and Help Desk; Levels of Service; Using the Knowledge Repository; ESD Summary; ; Network Defense; Expected Behavior; Introduction; Current Protection Approaches; An Alternative to Private Key Passing; A Distributed Protection System; Next Steps for Appliances; Appliances That Change Content; Appliances: A Work in Progress; ; Concluding Remarks; Where We Have Been and Where We Are Going; Understanding the Approach; About Those Takeaways; ; Appendix; ; Bibliography … (more)
- Edition:
- 1st
- Publisher Details:
- Boca Raton : Auerbach
- Publication Date:
- 2016
- Extent:
- 1 online resource, illustrations (black and white)
- Subjects:
- 005.8
Computer networks -- Security measures
Industries -- Security measures - Languages:
- English
- ISBNs:
- 9781498764476
- Related ISBNs:
- 9781498764452
- Notes:
- Note: Includes bibliographical references and index.
Note: Description based on CIP data; item not viewed. - Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.138361
- Ingest File:
- 02_140.xml