318 ◾ Index
S
SABSA model, See Sherwood Applied Business
Architecture (SABSA) model
Sahakian, Curtis E., 59
Salesforce.com, 43
SANS Internet Storm Center, 247
SANS (SysAdmin, Audit, Network, Security) Institute,
287
SAP, 43, 44
Scenario planning, 10, 68–69, 83
Schneier, Bruce, 63
Schon, Donald, 10
Schwartz, Peter, 68
SDL, See Security development lifecycle (SDL)
SDL and incident response, 189–190
application, 195–196
control objectives, 203–209
design, 197
development, 197
release, 198
requirements, 196–197
SDL challenges, 200–202
SDL drivers and benefi ts, 199–200
SDL success factors and lessons learned,
202–203
(SDL)
2
—software as a service extension
(SAAS), 198
support/service, 198
verifi cation, 197
rapid response, 214
automated responses, 217–218
incident response procedures, 214–217
nonincident-related response procedures, 218
rapid response drivers and benefi ts, 219–221
reporting a response procedures, 218–219
response challenges, 221
response success factors and, 221–223
security development lifecycle (SDL) overview,
190–191
security incident response overview, 191–193
elements of application development and
response, 195
tactical objectives, 193–195
transition objectives, 209
challenges, 211–212
common collection and dispatch, 209–210
control objectives, 212–214
drivers and benefi ts, 210–211
success factors and lessons learned, 212
(SDL)
2
—software as a service extension (SAAS), 198
Security, 7
challenges for security groups, 6
groups, challenges for, 6
Security awareness training, 275–277, 280
challenges, 289–291
determining success, 292–293
drivers and benefi ts, 283–284
elements, 282
industry training trends and best-practices
examples, 284–286
objectives, 280–282
staff development training, 277
general staff security training, 277–278
requirements, 279
security staff training, 278–279
success factors and lessons learned, 291
training resources, 286–289
Security balanced scorecard, 86
“Security by obscurity,” 154
Security Company, 289
Security continuum, 15–16
Security convergence, 29, 91–92
benefi ts, 93
convergence challenges, 97–98
cost savings, 93–94
improved business continuity planning, 96–97
improved security and risk management, 94–95
more eff ective event/incident management,
95–96
other improvements, 97
regulatory compliance, 96
success factors, 98–99
user experience, 96
defi nition, 93
“Security Convergence: Current Corporate Practices
and Future Trends,” 100
Security culture, creating, 15
Security development lifecycle (SDL), 190–191
attack scenarios
against computer applications, 192
against network connections, 192–193
design, 197
threat modeling, 197
development, 197
lifecycle processes and tasks, 196
principles, 191
release, 198
secure delivery lifecycle processes and tasks, 199
support/service, 198
verifi cation, 197
Security incident, 190
Security leadership challenges, 6–7
Security management approach, 7
Security metrics, sources, 4
Security objectives and tactics, 107
Security operations center (SOC), 99
Security services, security in outsourcing of, 261
challenges to outsourcing security services, 265–266
commonly outsourced services, 261–263
outsourcing of security services objectives, 264–265
outsourcing security services control objectives,
267–272
success factors and lessons learned, 266–267
TAF-K11348-10-0301-IDX.indd 318TAF-K11348-10-0301-IDX.indd 318 8/18/10 3:14:06 PM8/18/10 3:14:06 PM