12 Security

Security is one of those areas that if done properly, looks effortless and easy.  If done poorly, then it gets in the way, doing the minimum to tick a box.  Some organizations on the face of it have great security, but scratch the surface, you discover, they have gone and left the key under the mat, digitally speaking.   Security is a seductive force; the longer you go without any sort of incident, the more you can convince yourself into believing you run a secure environment - not unlike thinking your house is fire-proof because it hasn’t suffered a fire.

There is no doubt, layering in security at the end, creates a lot of work and takes concentrated effort to get right with much disruption.   That said, there are things you can do a lot to secure an existing platform, if there has been no real effort to build it in from the start.  In this chapter we will go over some of the steps you can do to make significant progress to create a secure environment.

12.1 Patching

12.1.1 Identify Patches

12.1.2 Scheduling

12.1.3 Special Considerations

12.2 Penetration Testing

12.3 Social Engineering

12.4 Data leakage

12.4.1 Logging

12.4.2 Application Errors

12.4.3 Data Exports

12.4.4 Version Control

12.5 Password Rotation

12.5.1 System Credentials Tracking

12.6 Secure Environment

12.6.1 Identify

12.6.2 Protect

12.6.3 Monitor

12.7 Developing with Security

12.7.1 Creating Secure Code

12.7.2 Securing the build process

12.8 “We are under attack”

12.8.1 Kill-Switch

12.8.2 Communication

12.8.3 Managing a Security Breach