Security for a Web 2.0+ World looks at the perplexing issues of cyber security, and will be of interest to those who need to know how to make effective security policy decisions to engineers who design ICT systems – a guide to information security and standards in the Web 2.0+ era. It provides an understanding of IT security in the converged world of communications technology based on the Internet Protocol.
Many companies are currently applying security models following legacy policies or ad-hoc solutions. A series of new security standards (ISO/ITU) allow security professionals to talk a common language. By applying a common standard, security vendors are able to create products and services that meet the challenging security demands of technology further diffused from the central control of the local area network. Companies are able to prove and show the level of maturity of their security solutions based on their proven compliance of the recommendations defined by the standard.
Carlos Solari and his team present much needed information and a broader view on why and how to use and deploy standards. They set the stage for a standards-based approach to design in security, driven by various factors that include securing complex information-communications systems, the need to drive security in product development, the need to better apply security funds to get a better return on investment.
Security applied after complex systems are deployed is at best a patchwork fix. Concerned with what can be done now using the technologies and methods at our disposal, the authors set in place the idea that security can be designed in to the complex networks that exist now and for those in the near future. Web 2.0 is the next great promise of ICT – we still have the chance to design in a more secure path.
Time is of the essence – prevent-detect-respond!
A seasoned and influential security professional puts the chapters of this book into context by discussing the challenges of cyber security in the Web 2.0+ world.
1 The World of Cyber Security in 2019.
It is 2019, Web 3.0 has arrived, but it is a destination fraught with the problems of cyber security. With the benefit of hindsight, what went wrong in the development of Web2.0 is obvious,howto fix it is not so – the challenges abound. This chapter explores the road we travel and why uncorrected it will lead directly to the destination of an uncertain Web.
2 The Costs and Impact of Cyber Security.
An increasing number of reporting and regulatory requirements are being placed on businesses, which is resulting in rising compliance costs while yielding poor results in the actual protection against cyber threats. This chapter discusses cyber security from an economic (cost) and risk management perspective, the methods of quantifying potential losses, enhancing business process, and reaping value from enhanced security standards.
3 Protecting Web 2.0: What Makes it so Challenging?
Web 2.0 has begun to impact almost every aspect of everyday life, but comprehensive controls to protect assets, wireless, and content in all of its forms, has yet to be implemented. The lack of security standards could be potentially devastating as virtual life and the physical world begin to meld without the recognition that both need to be protected with the same vigilance.
4 Limitations of the Present Models.
This chapter names the problem – a practiced model of security that is bolted on – and why the current models of cyber security are ineffective in transitioning to Web 2.0. Patching, over-reliance on detection and response, and the omnipresence of data in the cloud require a model of greater discipline where security is part of the design, not the afterthought.
5 Defining the Solution – ITU-T X.805 Standard Explained
Bell Labs introduced a security framework that became Recommendation ITU- T X.805 in 2003. The efficacy of this model for present and Web 2.0 systems is discussed in terms of its overall framework components. As a model it offers a way to apply a disciplined approach to security designed-in, not bolted on. In a security value life cycle, it forms the links in the trust chain from the point of technology creation through technology implemented in security-integrated operational environments.
6 Building the Security Foundation Using the ITU-T X.805.
Standard: The ITU-T X.805 Standard Made Operational By using the ITU-T X.805 standard as a framework, this chapter explores how to implement the X.805 framework as a model for trust concepts in applied computing.
7 The Benefits of a Security Framework Approach.
Transparency is the primary benefit and one of the key attributes to transform from the present model of aftermarket security to protecting the evolution of Web 2.0. It allows for the proper implementation of security from the beginning stages of product development to the point of delivery while creating a basis for trust, developing a common language, and reducing costs.
8 Correcting Our Path – What Will it Take?
The challenges of protecting Web 2.0 and the solutions toward a more efficient paradigm have been presented, but who will implement these sorely needed changes in the system? Leadership from business, academia, and government is paramount to reshaping the process of how products and solutions are made secure up front in the development life cycle. It will take more than the logic of why it should be done – it will take an active role in these three domains. It starts with the buyers of technology applying the leverage of purchasing in large numbers to change a behavior already ingrained.