05 Wednesday Feb 2014
Tags
applications, books, extensibility, fusion, handbook, Oracle, Vladimir Ajvaz
The next book up for review is going to be Oracle Fusion Applications Development and Extensibility Handbook (Oracle Press)
I have to declare a slight interest in my reviewing as I have had the good fortune to work with one of the authors- Vladimir Ajvaz; and extremely knowledgeable and talented Application Architect.
Oracle Fusion Applications
05 Wednesday Feb 2014
Posted in Book Reviews, Books, General, Packt, Technology
Tags
Aaron Woody, book, data, datasec, enterprise, Packt, review, Security
So I have previously blogged a series of largely chapter by chapter reviews of Aaron Woody’s book Enterprise Security – A Data Centric Approach. This post tries to provide a brief summarised view pulling my thoughts of the book overall together.
As an Enterprise Architect I took an interest in this book as an opportunity to validate my understanding of security and ensure in the design and guidance work that I do I am providing good insights and directions so that the application architects and developers are both ensuring good security practices and also asking the helpful information available to other teams such as IT Security, operational support and so on.
The book has been overall very well written and extremely accessible to even those not versed in the dark arts of IT Security. Anyone in my position, or fulfilling a role as an application designer or product development manager would really benefit from this book. Even those on the business end of IT would probably benefit in terms of garnering an insight into what IT Security should be seeking to achieve and why they often appear to make lives more difficult (I.e. putting restrictions in, perhaps blocking your favourite websites).
So why so helpful, well Aaron has explained the issues and challenges that need to be confronted in terms of Security from the perspective of the organisations key assets – mainly its data (certainly the asset that is likely to cause most visible problems if compromised). Not only that the book presents a framework to help qualify and quantify the risks as a result device a justifiable approach to securing the data and most importantly make defensible cases for budget spend.
I have to admit that the 1st chapter that that introduces the initial step in the strategy was a bit of a struggle as it seemed to adopt and try to define a view of the world that felt a little too simplistic. The truth is that this the 1st step in a journey, and in hindsight important – so stick with it.
Once the basic framework is in place we start looking at tooling strategies and technologies to start facilitating security. The book addresses categories of product rather than specific solutions so the book isn’t going to date too quickly. The solution examination includes the pros and cons of their use (e.g wifi lock down) which is very helpful.
Finally to really help the book comes with a rich set of appendices providing a raft of references to additional material that will help people translate principles into practice.
To conclude, a little effort maybe needed to get you started but ultimately a well written, informative, information rich book on security.
Previous blog entries:
There is also a supporting website for the book athttp://www.datacentricsec.com/
05 Wednesday Feb 2014
Posted in Book Reviews, Books, General, Packt, Technology
Tags
Aaron Woody, book, data, enterprise, Packt, review, Security
so I have reached the final chapter of the book which covers the handling of security events and security incidents (the differentiation of the two being the consequences of the event – a piece of malware being detected on a desktop can an event as the consequences are relatively trivial compared to the defacing of an e’tailer’s website).
I have to admit I glossed through this chapter as my role within an organisation doesn’t demand the operational management of issues. That said, the book provides some clear guidance on how to develop a process to support the handling of a security issue – important as you don’t want be figuring these things out when something happens, you want to get on and focus on execution. s with previous chapters, this well written and doesn’t demand knowledge of security dark arts to get to grips with.
The book finishes with a series of appendices which provides some illustrative information for chapters in the book, plus a series of appendices of really useful additional reference information sites cover a spectrum of information from security education resources to security tools.
This series of blogs on this book will wrapped up with a short review of the whole book. But I would like to congratulate Aaron Woody on a fine book rich with helpful additional information.
Previous blog entries:
There is also a supporting website for the book athttp://www.datacentricsec.com/
