• Home
  • Site Aliases
    • www.cloud-native.info
    • oracle.cloud-native.info
    • Phil-Wilkins.uk
  • About
    • Background
    • Presenting Activities
    • Internet Profile
      • LinkedIn
    • About
  • Books & Publications
    • Logging in Action with Fluentd, Kubernetes and More
      • Logging in Action with Fluentd – Book
      • Fluentd Book Resources
      • Log Generator
    • API & API Platform
      • API Useful Resources
    • Oracle Integration
      • Book Website
      • Useful Reading Sources
    • Publication Contributions
  • Resources
    • GitHub
    • Oracle Integration Site
    • Oracle Resources
    • Mindmaps Index
    • Useful Tech Resources
    • Python Setup & related stuff
  • Music
    • Music Reading

Phil (aka MP3Monster)'s Blog

~ from Technology to Music

Phil (aka MP3Monster)'s Blog

Monthly Archives: July 2013

Enterprise Security – A Data Centric Approach

16 Tuesday Jul 2013

Posted by mp3monster in Books, mindmap, Packt, Technology

≈ 6 Comments

Tags

book, mindmap, Security

Enterprise Data SecurityAs I work my way through the Aaron Woody book Enterprise Security: A Data Centric Approach to Securing the Enterprise I’ve been building a mind map of helpful notes -to help serve as a reminder or means to quickly drill back into the book for future reference.

The mind map has been build using freemind – it isn’t the prettiest of documents, but content is king here.

Freemind Mindmap as an image https://www.dropbox.com/s/u1ggk7exi6t0t3o/Enterprise%20Data%20Security.png  as a Freemind file https://www.dropbox.com/s/lf53fs63c4x1v91/Enterprise%20Data%20Security.mm freem,ind can be obtained from freemind.sourceforge.net/‎

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Enterprise Security: A Data-Centric Approach to Securing the Enterprise – book review chapter 2

14 Sunday Jul 2013

Posted by mp3monster in Book Reviews, Books, Packt, Technology

≈ 6 Comments

Tags

book, enterprise, review, Security

Enterprise Security - A Data Centric Approach to Securing the Enterprise

Enterprise Security – A Data Centric Approach to Securing the Enterprise

Continuing with the review of Enterprise Security: A Data Centric Approach to Securing the Enterprise by Aaron Woody having given a bit of history and motivation for an alternate approach Chapter 2 of the book starts describing the data centric approach.

We start out looking at why network boundaries need to revisited – as a result of BYOD, closer integration with business partners, collapsed/simplified software stacks etc.  Then go into defining in more details the data centric views and how t go about building a trust model for identifying what needs to be secured. A trust model looks at the different dimensions that can impact data:

  • Data (what actually are we protecting – is the data your commercial crown jewels such as a customer list, classifying the data to understand its characteristics, where is it located and so on)
  • Processes – what can be done to data
  • Applications – systems interacting with data
  • Users – differentiated from roles – their relationship to the data employees, contractors, third parties etc
  • Roles – the roles people have to perform, system admins, data stewards etc
  • Risk – as you can never guarantee everything, what are the consequences of a breach
  • Policy & Standards – legal requirements e.g. HIPAA, PCI DSS, DPA plus internal corporate policies

With the guidance to help gather the information you can start to build a profile of your data and the need (or not) for security with challenges and risks that need be addressed to achieve this within an organisation.  All of which has to take into account of ‘data at rest’ (i.e. in databases, flat files etc) and ‘in motion’ transfers such as email, HTTP, FTP, SQLNet and so on.

The book then begins to talk about architectures that can reflect the considerations and needs of your data.

In terms of the writing, chapter is pretty direct and to the point which is great as long as you have some basic appreciation of security needs.  It would have been good to enrich the information with some examples (although the Appendix does illustrate a bit further). The ideal would have been to have a use case running through the book (perhaps at the end of each chapter applying some of the ideas to a fictitious scenario).

Useful Links

  • Web site for the book : http://www.datacentricsec.com/
  • Packt site for the book http://bit.ly/126S7Ys
  • Aaron’s Twitter tag @shai_saint

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Enterprise Security: A Data-Centric Approach to Securing the Enterprise – book review

02 Tuesday Jul 2013

Posted by mp3monster in Book Reviews, Books, Packt, Technology

≈ Leave a comment

Tags

book, data, enterprise, Packt, review, Security

I have started to review another book, this time Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody. Based on the interest that my review of Getting Started with Oracle Event Processing 11g I thought I’d follow a similar approach of reviewing one or two chapters at a time, although because of other constraints possibly not as quickly as last time.

As an enterprise architect, and having worked within some more sensitive environments which means security typically has a lock the world down, particularly at the perimeter. But with an increasingly less practical as we become ever more connected. Not to mention the tighter the old approaches are applied, the more the business will by pass IT (e.g. Go acquire SaaS solutions without IT support), the net result being a home goal in undermining the very thing you’re trying to achieve. So the killer question is, can the book show another way that works matching the challenges ranging from SaaS (software as a service) to BYOD (bring your own device – i.e. connecting your own smart phone to systems and work with them on the move etc) against the backdrop of increasing data legislation and commercial fallout (customer loss etc) as a result of security breaches becoming public knowledge.

Chapter 1 is very much a good scene setter, providing some of the background as to how security approaches have evolved over the last 30 or so years. It sets out some clear perspectives on the challenges of applying security such as

  • making cases for investment
  • Applying security as an overlay on a solution rather than being an integral part of a design and the impacts this can cause
  • The challenges of stakeholders involved
  • The mentality of just locking the perimeter (when statistics regularly show that increasing data leakages are a result of accident or malicious actions by those inside the organisation

The book also challenges the mentality of security is the network, which a grave mistake as security impacts processes and roles just as much as it does the software and physical infrastructures.

This sets up for the journey for defining an alternate approach starting with defining the boundaries that should be considered.

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Aliases

  • phil-wilkins.uk
  • cloud-native.info
  • oracle.cloud-native.info

I work for Oracle, all opinions here are my own & do not necessarily reflect the views of Oracle

Oracle Ace Director Alumni

TOGAF 9

Logging in Action

Oracle Cloud Integration Book

API Platform Book


Oracle Dev Meetup London

Categories

  • App Ideas
  • Books
    • Book Reviews
    • manning
    • Oracle Press
    • Packt
  • Enterprise architecture
  • General
    • economy
    • LinkedIn
    • Website
  • Music
    • Music Resources
    • Music Reviews
  • Photography
  • Podcasts
  • Technology
    • APIs & microservices
    • chatbots
    • Cloud
    • Cloud Native
    • Dev Meetup
    • development
      • languages
        • node.js
    • drone
    • Fluentd
    • logsimulator
    • mindmap
    • OMESA
    • Oracle
      • API Platform CS
        • tools
      • Helidon
      • ITSO & OEAF
      • Java Cloud
      • NodeJS Cloud
      • OIC – ICS
      • Oracle Cloud Native
      • OUG
    • railroad diagrams
    • TOGAF
  • xxRetired

My Other Web Content & Contributions

  • Amazon Author entry
  • API Platform
  • Dev Meetup (co-managed)
  • Fluentd Book
  • ICS Book Website
  • OMESA
  • Ora World
  • Oracle Community Directory
  • Packt Author Bio
  • Phil on Blogs.Oracle.com
  • Sessionize Profile

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,574 other subscribers

RSS

RSS Feed RSS - Posts

RSS Feed RSS - Comments

July 2013
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
293031  
« Jun   Aug »

Twitter

  • Get all the details about the new enhancements to @Oracle Container Engine for Kubernetes, including Serverless… twitter.com/i/web/status/1…Next Tweet: 6 hours ago
  • RT @TechWeekRO: With over 25 years of experience in the software industry, Phil Wilkins, Cloud Developer Evangelist at @Oracle, is coming t…Next Tweet: 8 hours ago
  • SSH Key File Permissions blog.mp3monster.org/2023/03/28/ssh…Next Tweet: 23 hours ago
  • Oracle's Assurance Service gives customers the proactive guidance they need to move their organization forward whil… twitter.com/i/web/status/1…Next Tweet: 1 day ago
  • Fraud affects many businesses and can be costly. But there’s a way to fight it. Scalable Machine Learning algorithm… twitter.com/i/web/status/1…Next Tweet: 1 day ago
Follow @mp3monster

History

Speaker Recognition

Open Source Summit Speaker

Flickr Pics

Pembroke CastleSeven Bridge Crossing
More Photos

    Social

    • View @mp3monster’s profile on Twitter
    • View philwilkins’s profile on LinkedIn
    • View mp3monster’s profile on GitHub
    • View mp3monster’s profile on Flickr
    • View philmp3monster’s profile on Twitch
    Follow Phil (aka MP3Monster)'s Blog on WordPress.com

    Blog at WordPress.com.

    • Follow Following
      • Phil (aka MP3Monster)'s Blog
      • Join 218 other followers
      • Already have a WordPress.com account? Log in now.
      • Phil (aka MP3Monster)'s Blog
      • Customize
      • Follow Following
      • Sign up
      • Log in
      • Report this content
      • View site in Reader
      • Manage subscriptions
      • Collapse this bar
     

    Loading Comments...
     

    You must be logged in to post a comment.

      Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
      To find out more, including how to control cookies, see here: Our Cookie Policy
      %d bloggers like this: