• Home
  • Site Aliases
    • www.cloud-native.info
    • oracle.cloud-native.info
    • Phil-Wilkins.uk
  • About
    • Background
    • Presenting Activities
    • Internet Profile
      • LinkedIn
    • About
  • Books & Publications
    • Logging in Action with Fluentd, Kubernetes and More
      • Logging in Action with Fluentd – Book
      • Fluentd Book Resources
      • Log Generator
    • API & API Platform
      • API Useful Resources
    • Oracle Integration
      • Book Website
      • Useful Reading Sources
    • Publication Contributions
  • Resources
    • GitHub
    • Mindmaps Index
    • Oracle Integration Site
    • Useful Tech Resources …
      • Oracle Tech Resources inc Open Source
      • Useful Tech Resources
      • Python Setup & related stuff
  • Music

Phil (aka MP3Monster)'s Blog

~ from Technology to Music

Phil (aka MP3Monster)'s Blog

Tag Archives: Aaron Woody

Enterprise Security – A Data Centric Approach to Securing the Enterprise – A Slight Return

13 Thursday Mar 2014

Posted by mp3monster in Books, General, mindmap, Technology

≈ Leave a comment

Tags

Aaron Woody, data centric, mindmap, Security, xmind

A while back I reviewed the excellent book Enterprise Security: A Data-Centric Approach to Securing the Enterprise.  I had mentioned that I would in due course make a mindmap available based on my reading of the book as I use mindmaps as a memory jog when I need to go back to referencable material.

Well I have made by first cut of the mind map – which can be found with my shared mindmaps here. I shall be updating it and adding details, so it is worth checking back.

As WordPress prevents embedding iframes – I can only offer an image here – but the mindmap toolsite provides a fully interactive view to the mindmap.

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Enterprise Security – A Data Centric Approach – A brief review

05 Wednesday Feb 2014

Posted by mp3monster in Book Reviews, Books, General, Packt, Technology

≈ Leave a comment

Tags

Aaron Woody, book, data, datasec, enterprise, Packt, review, Security

So I have previously blogged a series of largely chapter by chapter reviews of Aaron Woody’s book Enterprise Security – A Data Centric Approach. This post tries to provide a brief summarised view pulling my thoughts of the book overall together.

As an Enterprise Architect I took an interest in this book as an opportunity to validate my understanding of security and ensure in the design and guidance work that I do I am providing good insights and directions so that the application architects and developers are both ensuring good security practices and also asking the helpful information available to other teams such as IT Security, operational support and so on.

The book has been overall very well written and extremely accessible to even those not versed in the dark arts of IT Security. Anyone in my position, or fulfilling a role as an application designer or product development manager would really benefit from this book. Even those on the business end of IT would probably benefit in terms of garnering an insight into what IT Security should be seeking to achieve and why they often appear to make lives more difficult (I.e. putting restrictions in, perhaps blocking your favourite websites).

So why so helpful, well Aaron has explained the issues and challenges that need to be confronted in terms of Security from the perspective of the organisations key assets – mainly its data (certainly the asset that is likely to cause most visible problems if compromised). Not only that the book presents a framework to help qualify and quantify the risks as a result device a justifiable approach to securing the data and most importantly make defensible cases for budget spend.

I have to admit that the 1st chapter that that introduces the initial step in the strategy was a bit of a struggle as it seemed to adopt and try to define a view of the world that felt a little too simplistic. The truth is that this the 1st step in a journey, and in hindsight important – so stick with it.

Once the basic framework is in place we start looking at tooling strategies and technologies to start facilitating security. The book addresses categories of product rather than specific solutions so the book isn’t going to date too quickly. The solution examination includes the pros and cons of their use (e.g wifi lock down) which is very helpful.

Finally to really help the book comes with a rich set of appendices providing a raft of references to additional material that will help people translate principles into practice.

To conclude, a little effort maybe needed to get you started but ultimately a well written, informative, information rich book on security.

Previous blog entries:

  • Chapter 1
  • Chapter 2
  • Chapter 3
  • Chapter 4
  • Chapter 5 & 6
  • Chapter 7 & 8
  • Final Chapter

There is also a supporting website for the book athttp://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Enterprise Security – A Data Centric Approach – the final chapter

05 Wednesday Feb 2014

Posted by mp3monster in Book Reviews, Books, General, Packt, Technology

≈ 1 Comment

Tags

Aaron Woody, book, data, enterprise, Packt, review, Security

so I have reached the final chapter of the book which covers the handling of security events and security incidents (the differentiation of the two being the consequences of the event – a piece of malware being detected on a desktop can an event as the consequences are relatively trivial compared to the defacing of an e’tailer’s website).

I have to admit I glossed through this chapter as my role within an organisation doesn’t demand the operational management of issues. That said, the book provides some clear guidance on how to develop a process to support the handling of a security issue – important as you don’t want be figuring these things out when something happens, you want to get on and focus on execution. s with previous chapters, this well written and doesn’t demand knowledge of security dark arts to get to grips with.

The book finishes with a series of appendices which provides some illustrative information for chapters in the book, plus a series of appendices of really useful additional reference information sites cover a spectrum of information from security education resources to security tools.

This series of blogs on this book will wrapped up with a short review of the whole book. But I would like to congratulate Aaron Woody on a fine book rich with helpful additional information.

Previous blog entries:

  • Chapter 1
  • Chapter 2
  • Chapter 3
  • Chapter 4
  • Chapter 5 & 6
  • Chapter 7 & 8

There is also a supporting website for the book athttp://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Enterprise Security – A Data Centric Approach – Chapters 7 & 8

28 Tuesday Jan 2014

Posted by mp3monster in Book Reviews, Books, General, Packt

≈ 2 Comments

Tags

Aaron Woody, engineering, enterprise, Kevin Mitnick, networks, review, Security, social, social engineering, wireless

Chapters 7 and 8 of the book in many respects are the polar opposites in their nature, with Chapter 7 looking at Wireless networks in the Enterprise and technicalities of different encryption frameworks, authentication and authorization.  Then at the other end is chapter 8 facing into the difficulties of social engineering – the approach of using people’s own nature to divulge sensitive information.  Probably one of the most famous people for this sort of thing is Kevin Mitnick and to acts of social engineering are will illustrated in the influential book  Bruce Stirling’s Hacker Crackdown.

Although Chapter 7 is addressing an area many would view as the dark art of wireless network setup; it is well explained and actually worth reading by anyone who would like to better understand their own home wireless network as lot of the information (not all) is relevant even in that context. For example the benefit of supressing the visibility of the Network ID (SSID) doesn’t make the network invisible – it simply makes it harder to spot as any device such as smart phone will call out yo the network to see if it is present and this information can be picked up just as easily if you know what you’re doing.

Drilling into the social engineering aspect, the book looks at the more obvious and perhaps brute force models such as spam to increasingly subtle takes such using social media communications through the likes of linkedin to send emails loaded with malware and see the end user open them. For example pretending to be an agent with a job offer who has found you via LinkedIn. But beyond that, the amount of information being made available via social sites as it can be a means to establish a organisations’ IT fingerprint and therefore suggest the best routes to attacking IT.  The chapter addresses training, and the pros and cons of different approaches, plus mitigation strategies for the different attack strategies.

Previous blog entries:

  • Chapter 1
  • Chapter 2
  • Chapter 3
  • Chapter 4
  • Chapter 5 & 6

There is also a supporting website for the book athttp://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Enterprise Security – A Data Centric Approach – Chapters 5 & 6

17 Friday Jan 2014

Posted by mp3monster in Book Reviews, Books, General, Packt, Technology

≈ 3 Comments

Tags

Aaron Woody, Enterprise Security, security processes

Continuing with Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody Chapter 5 gest into some of the security processes and technologies to securing you compute platforms covering topics such as:

  • anti-virus (or not),
  • network lock down through the use of local firewalls built into the OS (so people can’t then just access the server by any means they desire SSH, RDP, telnet etc)
  • user permissions
  • auditing (so you can see what is happening/happened and by whom)
  • detection of file change in parts of the system that shouldn’t change except through specific mechanisms e.g. OS files should only change when patching the OS

But more importantly the chapter links these kinds of activities to the analysis of risk and previously developed trust models. So that you can understand how much security is suitable and justifiable.  The ideas along with the pros and cons of each activity are well explained and clearly presented.

Chapter 6 takes us back to central theme of the book – data.  With our policies and models identified we need to locate the data – this is harder than it may sound, not everything is in a database (the amount of business operation that runs on spreadsheets on people’s desktops, is endlessly amazing and then compounded by how we make the data collaborative – emailing, moving with personal USB storage, cloud services and on and on). To help find, track and potentially constrain it  (prevent undue leakage) the book walks through the ideas of classification and ownership/accountability and then really starts to tie together the earlier chapters, as well as introduce some additional technology concepts such as the encryption of data when in transit and at rest. Like chapter 5, you don’t need a PhD to understand where to apply security and why – the doing maybe a different kettle of fish of course.

Previous blog entries:

  • Chapter 1
  • Chapter 2
  • Chapter 3

There is also a supporting website for the book athttp://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Enterprise Security – A Data Centric Approach – Chapter 4

01 Wednesday Jan 2014

Posted by mp3monster in Books, General, Technology

≈ 3 Comments

Tags

Aaron Woody, book, data, Data-Centric Approach, enterprise, Enterprise Security, network security, Security

Continuing into a chapter 4 of
Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody we start to look at some technical aspects of security and technology covering things like the capabilities of new generation of firewalls, DNS security and so on. The information is presented in a very readable manner.

As an Enterprise Technology Architect, and having security specialist friends I thought I was reasonably well informed in this aspect of IT, but the book still taught me me things. Interestingly, perhaps not intended but the chapter left me with a number of things that could be incorporated into development governance that would make the work of network security a lot easier.

The chapter continues with lots of really helpful references many, maybe all are incorporated into a series of appendices that are full of helpful information references and links. If these are made available on the book’s website (see below) it would likely become a must go to site for security resources.

It does leave me asking one question how does this all fit in when using a PaaS solution such as those offered by the likes of Amazon and Rackspace?

Previous blog entries:

  • Chapter 1
  • Chapter 2
  • Chapter 3

The book has been published by Packt (who at the time of writing are running a promotion – more here)

There is also a supporting website for the book at http://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Enterprise Security – A Data Centric Approach — Chapter 3

29 Sunday Dec 2013

Posted by mp3monster in Books, General, Technology

≈ 5 Comments

Tags

Aaron Woody, book, Data-Centric Approach, review, risk, Security

So I’m back to reading Enterprise Security: A Data-Centric Approach to Securing the Enterprise by Aaron Woody. I’ve not finished reading the book yet but as I’m reviewing one or two chapters at a time, I thought I’d blog about Chapter 3 – particularly given its value (previous blog entry here and here).

Chapter 3 goes by the name of Security As A Process, which addresses the processes to determining security risk, the analysis of cost benefit of implementing security features to address those risks. The chapter then goes on to provide guidance on defining good policies and standards.

In hindsight the process for determining and analyzing the security risks and classifying them is fairly obvious – it took the reading to to draw the points and the mechanisms into focus. But the fact it makes sense in hindsight suggests that the approach the workability and the chance for the business to understand the risks and challenges being taken on.

The chapter also provides some really good information sources for people to use to support the adotion of the processes described. Some I’ve known about such as the SANS Institute others I hadn’t.

I have to say that based on the strength of this chapter alone I’d recommend the book to any architect who is seeking to develop practical appreciation of addressing security considerations or understand what they should be looking for what to ask for in a new organisation. Those trying to drive up the quality of processes or get across the need for a more proactive security strategy that is also pragmatic – reading this chapter alone should help provide some serious points to get a handle on things.

The book has been published by Packt (who at the time of writing are running a promotion – more here)

There is also a supporting website for the book at http://www.datacentricsec.com/
Enterprise Security - A Data Centric Approach

Share this:

  • Twitter
  • Facebook
  • LinkedIn
  • Print
  • Pocket
  • Email
  • Tumblr
  • Reddit
  • Pinterest
  • WhatsApp
  • Skype

Like this:

Like Loading...

Aliases

  • phil-wilkins.uk
  • cloud-native.info
  • oracle.cloud-native.info

I work for Oracle, all opinions here are my own & do not necessarily reflect the views of Oracle

Oracle Ace Director Alumni

TOGAF 9

Logging in Action

Oracle Cloud Integration Book

API Platform Book


Oracle Dev Meetup London

Categories

  • App Ideas
  • Books
    • Book Reviews
    • manning
    • Oracle Press
    • Packt
  • Enterprise architecture
  • General
    • economy
    • LinkedIn
    • Website
  • Music
    • Music Resources
    • Music Reviews
  • Photography
  • Podcasts
  • Technology
    • APIs & microservices
    • chatbots
    • Cloud
    • Cloud Native
    • Dev Meetup
    • development
      • languages
        • node.js
    • drone
    • Fluentd
    • logsimulator
    • mindmap
    • OMESA
    • Oracle
      • API Platform CS
        • tools
      • Helidon
      • ITSO & OEAF
      • Java Cloud
      • NodeJS Cloud
      • OIC – ICS
      • Oracle Cloud Native
      • OUG
    • railroad diagrams
    • TOGAF
  • xxRetired

My Other Web Content & Contributions

  • Amazon Author entry
  • API Platform
  • Dev Meetup (co-managed)
  • Fluentd Book
  • ICS Book Website
  • OMESA
  • Ora World
  • Oracle Community Directory
  • Packt Author Bio
  • Phil on Blogs.Oracle.com
  • Sessionize Profile

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 2,541 other subscribers

RSS

RSS Feed RSS - Posts

RSS Feed RSS - Comments

February 2023
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728  
« Jan    

Twitter

  • File system replication is now available as a fully managed solution for your enterprise workloads with #OCI File S… twitter.com/i/web/status/1…Next Tweet: 3 days ago
  • Find out how NIBIO's Smart Forest research center utilizes @OracleCloud to store, process, and apply #AI to data to… twitter.com/i/web/status/1…Next Tweet: 3 days ago
  • .@TechArena's latest ebook "Seven Strategies for Maximizing Organizational Return” highlights #OCI. Bev Crair discu… twitter.com/i/web/status/1…Next Tweet: 4 days ago
  • Clever use of SSH tunnelling, Applies to multiple Linux flavours and Windows .... blogs.oracle.com/developers/pos…Next Tweet: 4 days ago
  • 25% done with Let's Do It, by Bob Stanley goodreads.com/user_status/sh…Next Tweet: 4 days ago
Follow @mp3monster

History

Speaker Recognition

Open Source Summit Speaker

Flickr Pics

Pembroke CastleSeven Bridge Crossing
More Photos

    Social

    • View @mp3monster’s profile on Twitter
    • View philwilkins’s profile on LinkedIn
    • View mp3monster’s profile on GitHub
    • View mp3monster’s profile on Flickr
    • View philmp3monster’s profile on Twitch
    Follow Phil (aka MP3Monster)'s Blog on WordPress.com

    Blog at WordPress.com.

    • Follow Following
      • Phil (aka MP3Monster)'s Blog
      • Join 217 other followers
      • Already have a WordPress.com account? Log in now.
      • Phil (aka MP3Monster)'s Blog
      • Customize
      • Follow Following
      • Sign up
      • Log in
      • Report this content
      • View site in Reader
      • Manage subscriptions
      • Collapse this bar
    Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
    To find out more, including how to control cookies, see here: Our Cookie Policy
    %d bloggers like this: