Read: Security Patterns: Integrating Security and Systems Engineering

[yaobinwen]

The book's Amazon link is here.

TABLE OF CONTENTS

• [x] Chapter 1: The Pattern Approach.
  • [x] Patterns at a Glance.
  • [x] No Pattern is an Island.
  • [x] Patterns Everywhere.
  • [x] Humans are the Target.
  • [x] Patterns Resolve Problems and Shape Environments.
  • [x] Towards Pattern Languages.
  • [x] Documenting Patterns.
  • [x] A Brief Note on The History of Patterns.
  • [x] The Pattern Community and its Culture.
• [ ] Chapter 2: Security Foundations.
  • [x] Overview.
  • [ ] Security Taxonomy.
  • [ ] General Security Resources.
• [ ] Chapter 3: Security Patterns.
  • [ ] The History of Security Patterns.
  • [ ] Characteristics of Security Patterns.
  • [ ] Why Security Patterns?
  • [ ] Sources for Security Pattern Mining.
• [ ] Chapter 4: Patterns Scope and Enterprise Security.
  • [ ] The Scope of Patterns in the Book.
  • [ ] Organization Factors.
  • [ ] Resulting Organization.
  • [ ] Mapping to the Taxonomy.
  • [ ] Organization in the Context of an Enterprise Framework.
• [ ] Chapter 5: The Security Pattern Landscape.
  • [ ] Enterprise Security and Risk Management Patterns.
  • [ ] Identification & Authentication (I&A) Patterns.
  • [ ] Access Control Model Patterns.
  • [ ] System Access Control Architecture Patterns.
  • [ ] Operating System Access Control Patterns.
  • [ ] Accounting Patterns.
  • [ ] Firewall Architecture Patterns.
  • [ ] Secure Internet Applications Patterns.
  • [ ] Cryptographic Key Management Patterns.
  • [ ] Related Security Pattern Repositories Patterns.
• [ ] Chapter 6: Enterprise Security and Risk Management.
  • [ ] Security Needs Identification for Enterprise Assets.
  • [ ] Asset Valuation.
  • [ ] Threat Assessment.
  • [ ] Vulnerability Assessment.
  • [ ] Risk Determination.
  • [ ] Enterprise Security Approaches.
  • [ ] Enterprise Security Services.
  • [ ] Enterprise Partner Communication.
• [ ] Chapter 7: Identification and Authentication (I&A).
  • [ ] I&A Requirements.
  • [ ] Automated I&A Design Alternatives.
  • [ ] Password Design and Use.
  • [ ] Biometrics Design Alternatives.
• [ ] Chapter 8: Access Control Models.
  • [ ] Authorization.
  • [ ] Role-Based Access Control.
  • [ ] Multilevel Security.
  • [ ] Reference Monitor.
  • [ ] Role Rights Definition.
• [ ] Chapter 9: System Access Control Architecture.
  • [ ] Access Control Requirements.
  • [ ] Single Access Point.
  • [ ] Check Point.
  • [ ] Security Session.
  • [ ] Full Access with Errors.
  • [ ] Limited Access.
• [ ] Chapter 10: Operating System Access Control.
  • [ ] Authenticator.
  • [ ] Controlled Process Creator.
  • [ ] Controlled Object Factory.
  • [ ] Controlled Object Monitor.
  • [ ] Controlled Virtual Address Space.
  • [ ] Execution Domain.
  • [ ] Controlled Execution Environment.
  • [ ] File Authorization.
• [ ] Chapter 11: Accounting.
  • [ ] Security Accounting Requirements.
  • [ ] Audit Requirements.
  • [ ] Audit Trails and Logging Requirements.
  • [ ] Intrusion Detection Requirements.
  • [ ] Non-Repudiation Requirements.
• [ ] Chapter 12: Firewall Architectures.
  • [ ] Packet Filter Firewall.
  • [ ] Proxy-Based Firewall.
  • [ ] Stateful Firewall.
• [ ] Chapter 13: Secure Internet Applications.
  • [ ] Information Obscurity.
  • [ ] Secure Channels.
  • [ ] Known Partners.
  • [ ] Demilitarized Zone.
  • [ ] Protection Reverse Proxy.
  • [ ] Integration Reverse Proxy.
  • [ ] Front Door.
• [ ] Chapter 14: Case Study: IP Telephony.
  • [ ] IP Telephony at a Glance.
  • [ ] The Fundamentals of IP Telephony.
  • [ ] Vulnerabilities of IP Telephony Components.
  • [ ] IP Telephony Use Cases.
  • [ ] Securing IP telephony with patterns.
  • [ ] Applying Individual Security Patterns.
  • [ ] Conclusion.
• [ ] Chapter 15: Supplementary Concepts.
  • [ ] Security Principles and Security Patterns.
  • [ ] Enhancing Security Patterns with Misuse Cases.
• [ ] Chapter 16: Closing Remarks.
• [ ] References.
• [ ] Index.