seasoned and influential security professional puts the chapters of this book into context by discussing the challenges of cyber security in the Web 2.0+ world.
1 The World of Cyber Security in 2019 1
It is 2019, Web 3.0 has arrived, but it is a destination fraught with the problems of cyber security. With the benefit of hindsight, what went wrong in the development of Web 2.0 is obvious, how to fix it is not so – the challenges abound. This chapter explores the road we travel and why uncorrected it will lead directly to the destination of an uncertain Web.
2 The Costs and Impact of Cyber Security 15
An increasing number of reporting and regulatory requirements are being placed on businesses, which is resulting in rising compliance costs while yielding poor results in the actual protection against cyber threats. This chapter discusses cyber security from an economic (cost) and risk management perspective, the methods of quantifying po- tential losses, enhancing business process, and reaping value from enhanced security standards.
3 Protecting Web 2.0: What Makes it so Challenging? 39
Web 2.0 has begun to impact almost every aspect of everyday life, but comprehensive controls to protect assets, wireless, and content in all of its forms, has yet to be implemented. The lack of security standards could be potentially devastating as virtual life and the physical world begin to meld without the recognition that both need to be protected with the same vigilance.
4 Limitations of the Present Models 63
This chapter names the problem – a practiced model of security that is bolted on – and why the current models of cyber security are inef- fective in transitioning to Web 2.0. Patching, over-reliance on de- tection and response, and the omnipresence of data in the cloud require a model of greater discipline where security is part of the design, not the afterthought.
5 Defining the Solution – ITU-T X.805 Standard Explained 79
Bell Labs introduced a security framework that became Recommen- dation ITU- T X.805 in 2003. The efficacy of this model for present and Web 2.0 systems is discussed in terms of its overall framework components. As a model it offers a way to apply a disciplined approach to security designed-in, not bolted on. In a security value life cycle, it forms the links in the trust chain from the point of technology creation through technology implemented in security-integrated operational environments.
6 Building the Security Foundation Using the ITU-T X.805 Standard: The ITU-T X.805 Standard Made Operational 101
By using the ITU-T X.805 standard as a framework, this chapter explores how to implement the X.805 framework as a model for trust concepts in applied computing.
7 The Benefits of a Security Framework Approach 113
Transparency is the primary benefit and one of the key attributes to transform from the present model of aftermarket security to protecting the evolution of Web 2.0. It allows for the proper implementation of security from the beginning stages of product development to the point of delivery while creating a basis for trust, developing a common language, and reducing costs.
8 Correcting Our Path – What Will it Take? 137
The challenges of protecting Web 2.0 and the solutions toward a more efficient paradigm have been presented, but who will im-plement these sorely needed changes in the system? Leadership from business, academia, and government is paramount to re-shaping the process of how products and solutions are made secure up front in the development life cycle. It will take more than the logic of why it should be done – it will take an active role in these three domains. It starts with the buyers of technology applying the leverage of purchasing in large numbers to change a behaviour already ingrained.
APPENDIX A 151
APPENDIX B 181
APPENDIX C 207