Designing Secure Systems
暫譯: 設計安全系統
Melone, Michael
- 出版商: CRC
- 出版日期: 2021-09-28
- 售價: $3,280
- 貴賓價: 9.5 折 $3,116
- 語言: 英文
- 頁數: 204
- 裝訂: Hardcover - also called cloth, retail trade, or trade
- ISBN: 0367700018
- ISBN-13: 9780367700010
海外代購書籍(需單獨結帳)
相關主題
商品描述
Modern systems are an intertwined mesh of human process, physical security, and technology. Many times, an attacker will leverage a weakness in one form of security to gain control over an otherwise protected operation.
Designing Secure Systems takes a theory-based approach to concepts underlying all forms of systems, from padlocks to phishing to enterprise software architecture. In this book, we will discuss similarities in how a weakness in one part of a process enables vulnerability to bleed into another by applying standards and frameworks used in the cybersecurity world to assess the system as a complete process including people, processes, and technology.
In Designing Secure Systems, we begin by describing the core concepts of access, authorization, authentication, and exploitation. We then break authorization down into five interrelated components and describe how these aspects apply to physical, human process, and cybersecurity.
In the second portion of the book, we discuss how to operate a secure system based on the NIST Cybersecurity Framework (CSF) concepts of identify, protect, detect, respond, and recover.
Other topics covered in this book include The NIST National Vulnerability Database (NVD), MITRE Common Vulnerability Scoring System (CVSS), Microsoft's Security Development Lifecycle (SDL), and the MITRE ATT&CK Framework.
商品描述(中文翻譯)
現代系統是一個人類過程、物理安全和技術交織的網絡。許多時候,攻擊者會利用某種安全形式中的弱點來控制本來受到保護的操作。
《設計安全系統》採取基於理論的方法來探討所有形式系統的基本概念,從掛鎖到網路釣魚再到企業軟體架構。在本書中,我們將討論過程中某一部分的弱點如何使脆弱性滲透到另一部分,並應用在網路安全領域中使用的標準和框架來評估整個系統的過程,包括人員、過程和技術。
在《設計安全系統》中,我們首先描述訪問、授權、身份驗證和利用的核心概念。然後,我們將授權分解為五個相互關聯的組件,並描述這些方面如何應用於物理、安全過程和網路安全。
在本書的第二部分,我們討論如何根據NIST網路安全框架(CSF)的識別、保護、檢測、響應和恢復概念來運行安全系統。
本書還涵蓋的其他主題包括NIST國家漏洞資料庫(NVD)、MITRE通用漏洞評分系統(CVSS)、微軟的安全開發生命週期(SDL)以及MITRE ATT&CK框架。
作者簡介
Michael Melone has 20 years of information security experience overall, including 16 years in technology and 8 years as an incident responder. He currently works as a principal program manager for the Defender ATP product group gathering feedback and assisting Microsoft's largest and most influential customers throughout their onboarding process.
He was previously one of the initial members of DART, Microsoft's customer-facing targeted attack incident response team. During his tenure he designed the process used by consultants to recover customer networks from targeted attacks and led the development of IRDB, the proprietary threat hunting platform designed to surface attackers hidden within networks.
He holds a masters degree in IT management specializing in information assurance and security from Capella University, and is actively pursuing his executive MBA from University of South Florida. He also holds a number of information security and other technology credentials including CISSP since 2007.
In 2017 Michael self-published his first short book on authorization theory called Think Like a Hacker. This new book is the result of applying its concepts at customers and identifying a single unified approach based on its core algorithm.
作者簡介(中文翻譯)
麥可·梅隆(Michael Melone)擁有20年的資訊安全經驗,其中包括16年的技術經驗和8年的事件響應經驗。他目前擔任Defender ATP產品組的首席專案經理,負責收集反饋並協助微軟最大的、最具影響力的客戶完成其上線過程。
他曾是DART的初始成員之一,DART是微軟面向客戶的針對性攻擊事件響應團隊。在任職期間,他設計了顧問用於從針對性攻擊中恢復客戶網絡的流程,並主導開發了IRDB,這是一個專有的威脅獵捕平台,旨在揭示隱藏在網絡中的攻擊者。
他擁有卡佩拉大學(Capella University)資訊管理碩士學位,專攻資訊保障和安全,並正在南佛羅里達大學(University of South Florida)積極追求其高階MBA學位。他還擁有多項資訊安全及其他技術證書,包括自2007年以來的CISSP。
在2017年,麥可自出版了他的第一本短書《像駭客一樣思考》(Think Like a Hacker),這本新書是將其概念應用於客戶並基於其核心算法識別出單一統一方法的結果。
