{"product_id":"security-patterns-isbn-9780470858844","title":"Security Patterns","description":"Most security books are targeted at security engineers and specialists. Few show how build security into software. None breakdown the different concerns facing security at different levels of the system: the enterprise, architectural and operational layers. \u003ci\u003eSecurity Patterns\u003c\/i\u003e addresses the full spectrum of security in systems design, using best practice solutions to show how to integrate security in the broader engineering process.  \u003cul type=\"disc\"\u003e \u003cli\u003eEssential for designers building large-scale systems who want best practice solutions to typical security problems\u003c\/li\u003e \u003cli\u003eReal world case studies illustrate how to use the patterns in specific domains\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eFor more information visit www.securitypatterns.org\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 The Pattern Approach 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePatterns at a Glance 2\u003c\/p\u003e \u003cp\u003eNo Pattern is an Island 4\u003c\/p\u003e \u003cp\u003ePatterns Everywhere 4\u003c\/p\u003e \u003cp\u003eHumans are the Target 5\u003c\/p\u003e \u003cp\u003ePatterns Resolve Problems and Shape Environments 6\u003c\/p\u003e \u003cp\u003eTowards Pattern Languages 7\u003c\/p\u003e \u003cp\u003eDocumenting Patterns 9\u003c\/p\u003e \u003cp\u003eA Brief Note on The History of Patterns 11\u003c\/p\u003e \u003cp\u003eThe Pattern Community and its Culture 12\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Security Foundations 15\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview 16\u003c\/p\u003e \u003cp\u003eSecurity Taxonomy 17\u003c\/p\u003e \u003cp\u003eGeneral Security Resources 26\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Security Patterns 29\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe History of Security Patterns 30\u003c\/p\u003e \u003cp\u003eCharacteristics of Security Patterns 31\u003c\/p\u003e \u003cp\u003eWhy Security Patterns? 34\u003c\/p\u003e \u003cp\u003eSources for Security Pattern Mining 37\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Patterns Scope and Enterprise Security 47\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Scope of Patterns in the Book 48\u003c\/p\u003e \u003cp\u003eOrganization Factors 49\u003c\/p\u003e \u003cp\u003eResulting Organization 51\u003c\/p\u003e \u003cp\u003eMapping to the Taxonomy 53\u003c\/p\u003e \u003cp\u003eOrganization in the Context of an Enterprise Framework 53\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 The Security Pattern Landscape 59\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEnterprise Security and Risk Management Patterns 59\u003c\/p\u003e \u003cp\u003eIdentification \u0026amp; Authentication (I\u0026amp;A) Patterns 62\u003c\/p\u003e \u003cp\u003eAccess Control Model Patterns 67\u003c\/p\u003e \u003cp\u003eSystem Access Control Architecture Patterns 69\u003c\/p\u003e \u003cp\u003eOperating System Access Control Patterns 71\u003c\/p\u003e \u003cp\u003eAccounting Patterns 73\u003c\/p\u003e \u003cp\u003eFirewall Architecture Patterns 77\u003c\/p\u003e \u003cp\u003eSecure Internet Applications Patterns 78\u003c\/p\u003e \u003cp\u003eCryptographic Key Management Patterns 80\u003c\/p\u003e \u003cp\u003eRelated Security Pattern Repositories Patterns 83\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Enterprise Security and Risk Management 85\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity Needs Identification for Enterprise Assets 89\u003c\/p\u003e \u003cp\u003eAsset Valuation 103\u003c\/p\u003e \u003cp\u003eThreat Assessment 113\u003c\/p\u003e \u003cp\u003eVulnerability Assessment 125\u003c\/p\u003e \u003cp\u003eRisk Determination 137\u003c\/p\u003e \u003cp\u003eEnterprise Security Approaches 148\u003c\/p\u003e \u003cp\u003eEnterprise Security Services 161\u003c\/p\u003e \u003cp\u003eEnterprise Partner Communication 173\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Identification and Authentication (I\u0026amp;A) 187\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eI\u0026amp;A Requirements 192\u003c\/p\u003e \u003cp\u003eAutomated I\u0026amp;A Design Alternatives 207\u003c\/p\u003e \u003cp\u003ePassword Design and Use 217\u003c\/p\u003e \u003cp\u003eBiometrics Design Alternatives 229\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Access Control Models 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAuthorization 245\u003c\/p\u003e \u003cp\u003eRole-Based Access Control 249\u003c\/p\u003e \u003cp\u003eMultilevel Security 253\u003c\/p\u003e \u003cp\u003eReference Monitor 256\u003c\/p\u003e \u003cp\u003eRole Rights Definition 259\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 System Access Control Architecture 265\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAccess Control Requirements 267\u003c\/p\u003e \u003cp\u003eSingle Access Point 279\u003c\/p\u003e \u003cp\u003eCheck Point 287\u003c\/p\u003e \u003cp\u003eSecurity Session 297\u003c\/p\u003e \u003cp\u003eFull Access with Errors 305\u003c\/p\u003e \u003cp\u003eLimited Access 312\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Operating System Access Control 321\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAuthenticator 323\u003c\/p\u003e \u003cp\u003eControlled Process Creator 328\u003c\/p\u003e \u003cp\u003eControlled Object Factory 331\u003c\/p\u003e \u003cp\u003eControlled Object Monitor 335\u003c\/p\u003e \u003cp\u003eControlled Virtual Address Space 339\u003c\/p\u003e \u003cp\u003eExecution Domain 343\u003c\/p\u003e \u003cp\u003eControlled Execution Environment 346\u003c\/p\u003e \u003cp\u003eFile Authorization 350\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Accounting 355\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity Accounting Requirements 360\u003c\/p\u003e \u003cp\u003eAudit Requirements 369\u003c\/p\u003e \u003cp\u003eAudit Trails and Logging Requirements 378\u003c\/p\u003e \u003cp\u003eIntrusion Detection Requirements 388\u003c\/p\u003e \u003cp\u003eNon-Repudiation Requirements 396\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Firewall Architectures 403\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePacket Filter Firewall 405\u003c\/p\u003e \u003cp\u003eProxy-Based Firewall 411\u003c\/p\u003e \u003cp\u003eStateful Firewall 417\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Secure Internet Applications 423\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInformation Obscurity 426\u003c\/p\u003e \u003cp\u003eSecure Channels 434\u003c\/p\u003e \u003cp\u003eKnown Partners 442\u003c\/p\u003e \u003cp\u003eDemilitarized Zone 449\u003c\/p\u003e \u003cp\u003eProtection Reverse Proxy 457\u003c\/p\u003e \u003cp\u003eIntegration Reverse Proxy 465\u003c\/p\u003e \u003cp\u003eFront Door 473\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Case Study: IP Telephony 481\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIP Telephony at a Glance 482\u003c\/p\u003e \u003cp\u003eThe Fundamentals of IP Telephony 483\u003c\/p\u003e \u003cp\u003eVulnerabilities of IP Telephony Components 488\u003c\/p\u003e \u003cp\u003eIP Telephony Use Cases 488\u003c\/p\u003e \u003cp\u003eSecuring IP telephony with patterns 493\u003c\/p\u003e \u003cp\u003eApplying Individual Security Patterns 497\u003c\/p\u003e \u003cp\u003eConclusion 500\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Supplementary Concepts 503\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity Principles and Security Patterns 504\u003c\/p\u003e \u003cp\u003eEnhancing Security Patterns with Misuse Cases 525\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Closing Remarks 531\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eReferences 535\u003c\/p\u003e \u003cp\u003eIndex 555\u003c\/p\u003e  \u003cb\u003eMarkus Schumacher\u003c\/b\u003e, SAP AG, Germany.  \u003cp\u003e\u003cb\u003eEduardo Fernandez-Buglioni\u003c\/b\u003e, Florida Atlantic University, USA.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eDuane Hybertson\u003c\/b\u003e, The MITRE Corp, USA.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eFrank Buschmann\u003c\/b\u003e, Siemens AG, Germany.\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePeter Sommerlad\u003c\/b\u003e, Hochschule für Technik Rapperswil, Germany.\u003c\/p\u003e  \u003cb\u003eInternational security experts explain the full spectrum of security in systems design\u003c\/b\u003e  \u003cp\u003eSecurity can be an intimidating subject area, but this need not be the case. Although time constraints may prevent systems engineers from becoming security specialists, guarding systems against attack is essential. With the growing success of the Internet, computer and software systems have become more and more networked. Written from the heart of the patterns community, the authors address key questions and present corresponding proven solutions, clearly showing you how to build secure systems.\u003c\/p\u003e \u003cp\u003eIn a time where systems are constantly at risk, it is essential that you arm yourself with the knowledge of different security measures. This pioneering title breaks down security at various levels of the system: the enterprise, architectural and operational layers. It acts as an extension to the larger enterprise contexts and shows you how to integrate security in the broader engineering process.\u003c\/p\u003e \u003cp\u003eEssential security topics include:\u003c\/p\u003e \u003cp\u003e\u003cb\u003e\u003ci\u003eEnterprise level security\u003c\/i\u003e\u003c\/b\u003e – security management, principles, institutional policies (such as need-to-know) and enterprise needs (including confidentiality, integrity, availability, accountability, I\u0026amp;A, access control and audit). \u003c\/p\u003e \u003cp\u003e\u003cb\u003e\u003ci\u003eArchitectural level security\u003c\/i\u003e\u003c\/b\u003e – system level solutions responding to enterprise level policies – and the most important level for facilitating building security into a system.\u003c\/p\u003e \u003cp\u003e\u003cb\u003e\u003ci\u003eUser level security\u003c\/i\u003e\u003c\/b\u003e – concerned with achieving security in operational contexts\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989999796453,"sku":"NP9780470858844","price":80.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780470858844.jpg?v=1761786163","url":"https:\/\/k12savings.com\/products\/security-patterns-isbn-9780470858844","provider":"K12savings","version":"1.0","type":"link"}