Text
Securing cloud and mobility: a practitioner's guide
Table of contents:
pt. I Rethinking IT and Security
ch. 1 Tectonic Shifts
1.1.Disruptive Forces
1.2.Deconstructing Cloud Computing
1.2.1.NIST Definition
1.2.2.The Three Service Models
1.2.3.The Four Deployment Models
1.3.The Rise of Mobility
1.4.New IT
ch. 2 The Evolving Threat Landscape
2.1.From Cryptographers to World Leaders
2.2.The Changing Threat Landscape
2.3.Hacktivists
2.3.1.Motivation
2.3.2.Modus Operandi
2.3.3.Hacktivism and Cloud
2.3.4.Hacktivism and Mobility
2.3.5.Hacktivism and Security
2.4.Organized Cyber Crime
2.4.1.Motivation
2.4.2.Modus Operandi
2.4.3.Organized Crime and Cloud
2.4.4.Organized Crime and Mobility
2.4.5.Organized Crime and Security
2.5.Cyber Espionage and Terrorism
2.5.1.Motivation
2.5.2.Modus Operandi
2.5.3.Cyber Espionage, Terrorism, and Cloud
2.5.4.Cyber Espionage, Terrorism, and Mobility
2.5.5.Cyber Espionage, Terrorism, and Security
2.6.Hackers for Hire
2.6.1.Motivation and Modus Operandi
2.6.2.Hackers for Hire and the Cloud
2.6.3.Hackers for Hire and Mobility
2.6.4.Hackers for Hire and Security
2.7.Insider
pt. II Deconstructing Cloud Security
ch. 3 Cloud Dialogues
3.1.Point of Cloud
3.2.Capability
3.3.Financials
3.4.Agility
3.5.Security
3.6.Licensing
3.7.Service Level Agreements
pt. III Securing Private Cloud Computing
ch. 4 Segmentation and the Private Cloud
4.1.Physical and Logical Segmentation
4.2.Physical Segmentation
4.3.Physical and Virtual Segmentation
4.4.Highly Optimized Segmentation Model
4.5.Production-Based Segmentation Model
4.6.Storage Segmentation Model
ch. 5 Orchestration and Cloud Management
5.1.What Is Orchestration?
5.2.Benefits and Challenges
5.3.Information Security Considerations
5.3.1.Secure Service Delivery Workflows
5.3.2.Secure Resource Delivery Automation
5.3.3.Secure Orchestration Management
5.3.4.Security Monitoring
ch. 6 Encryption Services
6.1.Holistic Encryption Strategy
6.2.Scope Reduction
6.3.Transport Layer Encryption
6.3.1.Secure Socket Layer (SSL)
6.3.2.Virtual Private Networks (VPNs)
6.3.3.Secure Shell (SSH)
6.3.4.Secure File Transfer Protocol (SFTP)
6.3.5.Transport Layer Security (TLS)
6.4.Data Layer Encryption
6.4.1.Database Encryption
6.4.2.File Encryption
6.4.3.Encryption Appliances
6.4.4.Disk Encryption
6.4.5.Virtualization Encryption
6.5.Key Management Life Cycle
ch. 7 Threat Intelligence
7.1.Security Threats to Private Cloud
7.2.Threat Prevention Strategies
7.3.Threat Detection Toolset
7.4.Making Threat Detection Intelligent
ch. 8 Identity Management for Private Clouds
8.1.Layers of Identities
8.2.Challenges of Disparate Identity Repositories
8.3.Centralizing Identity Repositories
8.3.1.Entitlements Aggregator
8.3.2.Authoritative Sources of Identities
8.3.3.Administrative Access
8.3.4.Task User Access
8.3.5.Central Identity Repository
pt. IV Securing Public Clouds
ch. 9 Enterprise Cloud Governance
9.1.Security Exposure of Public Cloud Use
9.2.Corporate Cloud Use Policy
9.3.Cloud Request Form
9.4.Cloud Approval Workflow
ch. 10 Cursory Cloud Use Review
10.1.Overview
10.2.Interview with Cloud Service Provider
10.3.Cursory Review-Assessment Report
ch. 11 In-Depth Cloud Assessment
11.1.Overview
11.2.Interview with the Requestor
11.3.Security Governance
11.4.Data Protection
11.4.1.Overview
11.4.2.Data Protection Questions for All Service Models
11.4.3.SaaS Data Protection Questions
11.4.4.PaaS Data Protection Questions
11.4.5.IaaS Data Protection Questions
11.5.Security Architecture
11.6.Application Security
11.6.1.Overview
11.6.2.SaaS Application Security
11.6.3.PaaS Application Security
11.7.Identity and Access Management
11.7.1.Overview
11.7.2.Identity Access Management for CSP Staff
11.7.3.Identity and Access Management for CSP Customers
11.8.Compliance
11.9.Electronic Discovery
11.10.Closing the Loop
ch. 12 Third-Party Cloud Assessment
12.1.Overview
12.2.Selecting an Assessor
12.3.Finalizing the SOW
12.4.Closing the Loop
pt. V Securing Mobile
ch. 13 Mobile Security Infrastructure
13.1.Overview
13.2.BlackBerry® Enterprise Server Architecture
13.3.Exchange to Support iOS, Android[™], and Windows® Phone
ch. 14 The Mobile Client Itself
14.1.Overview
14.2.Tablet and Smart Phone Security Issues
14.3.Bring Your Own Device (BYOD)
14.4.Lack of Encryption
14.5.Lack of Good Authentication and Password Controls
14.6.Unfiltered Mobile Apps
14.7.Saying No Is a Tricky Business
14.8.Updating Mobile Standards and Searching for Solutions
14.9.Performing Sanity Testing
14.10.Garnering Executive Support and the Big Win
ch. 15 Connecting to Enterprise and Third-Party Applications from Mobile Devices
15.1.Overview
15.2.Connecting to Exchange
15.3.Connecting via VPN
15.4.Connecting to Microsoft SharePoint® 2010 or Later
15.5.Connecting to a Desktop or Server
15.6.Connecting to File Shares
15.7.Connecting to or Installing Third-Party Applications
ch. 16 Creating Secure Mobile Applications
16.1.Mobile Application Development in Your Organization
16.2.Start with the Stakeholders
16.3.Step through the Entire SDLC
16.4.Guidelines Regarding Enterprise App Store/Google® Play
16.4.1.Overview of Infrastructure
16.4.2.Overview of Environment Setup and General Controls
16.4.3.A Note about Publishing Your Apps
16.4.3.1.Dealing with the Apple® App Store
16.4.3.2.Dealing with Android's Google Play
No other version available