Surviving Security: How to Integrate People, Process, and Technology, Second Edition
Previous information security references do not address the gulf between general security awareness and the specific technical steps that need to be taken to protect information assets. Surviving Security: How to Integrate People, Process, and Technology, Second Edition fills this void by explaining...
Đã lưu trong:
| Tác giả chính: | |
|---|---|
| Định dạng: | Sách |
| Ngôn ngữ: | English |
| Được phát hành: |
CRC Press
2009
|
| Truy cập trực tuyến: | http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1329 |
| Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
| Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
|---|
| id |
oai:scholar.dlu.edu.vn:DLU123456789-1329 |
|---|---|
| record_format |
dspace |
| institution |
Thư viện Trường Đại học Đà Lạt |
| collection |
Thư viện số |
| language |
English |
| description |
Previous information security references do not address the gulf between general security awareness and the specific technical steps that need to be taken to protect information assets. Surviving Security: How to Integrate People, Process, and Technology, Second Edition fills this void by explaining security through a holistic approach that considers both the overall security infrastructure and the roles of each individual component. This book provides a blueprint for creating and executing sound security policy. The author examines the costs and complications involved, covering security measures such as encryption, authentication, firewalls, intrusion detection, remote access, host security, server security, and more. After reading this book, you will know how to make educated security decisions that provide airtight, reliable solutions. About the Author Amanda Andress, CISSP, SSCP, CPA, CISA is Founder and President of ArcSec Technologies, a firm which focuses on security product reviews and consulting. Prior to that she was Director of Security for Privada, Inc., a privacy company in San Jose, California. She built extensive security auditing and IS control experience working at Exxon and Big 5 firms Deloitte & Touche and Ernst & Young. She has been published in NetworkWorld, InfoWorld, Information Security Magazine, and others, and is a frequent presenter at industry events such as N+I and Black Hat. |
| format |
Book |
| author |
Andress, Amanda |
| spellingShingle |
Andress, Amanda Surviving Security: How to Integrate People, Process, and Technology, Second Edition |
| author_facet |
Andress, Amanda |
| author_sort |
Andress, Amanda |
| title |
Surviving Security: How to Integrate People, Process, and Technology, Second Edition |
| title_short |
Surviving Security: How to Integrate People, Process, and Technology, Second Edition |
| title_full |
Surviving Security: How to Integrate People, Process, and Technology, Second Edition |
| title_fullStr |
Surviving Security: How to Integrate People, Process, and Technology, Second Edition |
| title_full_unstemmed |
Surviving Security: How to Integrate People, Process, and Technology, Second Edition |
| title_sort |
surviving security: how to integrate people, process, and technology, second edition |
| publisher |
CRC Press |
| publishDate |
2009 |
| url |
http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1329 |
| _version_ |
1757660006093684736 |
| spelling |
oai:scholar.dlu.edu.vn:DLU123456789-13292009-11-27T08:22:20Z Surviving Security: How to Integrate People, Process, and Technology, Second Edition Andress, Amanda Previous information security references do not address the gulf between general security awareness and the specific technical steps that need to be taken to protect information assets. Surviving Security: How to Integrate People, Process, and Technology, Second Edition fills this void by explaining security through a holistic approach that considers both the overall security infrastructure and the roles of each individual component. This book provides a blueprint for creating and executing sound security policy. The author examines the costs and complications involved, covering security measures such as encryption, authentication, firewalls, intrusion detection, remote access, host security, server security, and more. After reading this book, you will know how to make educated security decisions that provide airtight, reliable solutions. About the Author Amanda Andress, CISSP, SSCP, CPA, CISA is Founder and President of ArcSec Technologies, a firm which focuses on security product reviews and consulting. Prior to that she was Director of Security for Privada, Inc., a privacy company in San Jose, California. She built extensive security auditing and IS control experience working at Exxon and Big 5 firms Deloitte & Touche and Ernst & Young. She has been published in NetworkWorld, InfoWorld, Information Security Magazine, and others, and is a frequent presenter at industry events such as N+I and Black Hat. WHY DO I NEED SECURITY? * Introduction * The Importance of an Effective Security Infrastructure * People, Process, and Technology * What Are You Protecting Against? * Types of Attacks * Types of Attackers * Security as a Competitive Advantage * Choosing a Solution * Finding Security Employees * The Layered Approach UNDERSTANDING REQUIREMENTS AND RISK * What Is Risk? * Embracing Risk * Information Security Risk Assessment * Assessing Risk * Insurance SECURITY POLICIES AND PROCEDURES * Internal Focus Is Key * Security Awareness and Education * Policy Life Cycle * Developing Policies * Components of a Security Policy * Sample Security Policies * Procedures CRYPTOGRAPHY AND ENCRYPTION * A Brief History of Cryptography * Cryptography Today * Hash Algorithms * Digital Signatures * e-Signature Law * Digital Certificates * Public-Key Infrastructure (PKI) * Secure Sockets Layer (SSL) * Other Protocols and Standards * Pretty Good Privacy (PGP) * Steganography * Other Uses of Encryption AUTHENTICATION * Multifactor Authentication * Methods of Authentication * Single Sign-On * Centralized Administration Remains Elusive NETWORK ARCHITECTURE AND PHYSICAL SECURITY * Changing Network Architecture * Common Configurations * Anson Inc.'s Architecture * Internal Architecture * Virtual Local Area Networks * Physical Security * Choosing a Location * Policies and Procedures FIREWALLS AND PERIMETER SECURITY * Firewall Advances * Firewall Technologies * Firewall Features * The Best Firewall for You * Hardware Appliance vs. Software * In-House vs. Outsource * Firewall Architectures * Which Architecture Will Work for You? * Configuring Your Firewall * Firewall Rules * Content Filtering * Logging * A Good Start NETWORK MANAGEMENT AND DEVICE SECURITY * Networks, Networks Everywhere * Denial of Service * Reflected Attacks * Defending Your Network * Identifying Compromised Systems * SNMP * SNMP Security * Identifying New Devices on the Network * Secure Device Configuration * General Steps for All Network Devices WIRELESS NETWORK SECURITY * Standards * Security Issues * Authentication Solutions * Auditing Wireless LANs INTRUSION DETECTION * What Are Intrusion-Detection Systems? * Categories of Intrusion Analysis * Characteristics of a Good IDS * Errors * Categories of Intrusion Detection * Separating the Truth from the Hype * Network Architecture with Intrusion Detection * Managed Services * Problems with Intrusion Detection * Technologies Under Development REMOTE ACCESS * Remote-Access Users * Remote-Access Requirements * Issues with Remote Access * Policies * Technologies * Deploying and Supporting Remote Access * End-User Security HOST SECURITY * Implementing Host Security * Understanding System Functions * Operating System Hardening * Security-Monitoring Programs * System Auditing SERVER SECURITY * Hardening vs. Server Security * Firewalls * Web Servers * E-Mail Servers * Databases * DNS Servers * DNSSEC * Domain Controllers and Active Directory * Appliances * E-Mail Security * Policy Management * Policy Control CLIENT SECURITY * Locking Down Systems * Protecting against Viruses * Protecting against Malware * Microsoft Applications * Instant Messaging APPLICATION DEVELOPMENT * Identifying Threats * Web-Application Security * Prevention 334 * Technology Tools and Solutions SECURITY MAINTENANCE AND MONITORING * Security Is an Ongoing Process * Patches * Monitor Mailing Lists * Review Logs * Periodically Review Configurations * Managed Security Services VULNERABILITY TESTING * How Does the Assessment Work? * When Are Vulnerability Assessments Needed? * Why Assess Vulnerability? * Performing Assessments * Password Cracking * Common Attacks SECURITY AUDITS * Audit Overview * The Audit * Types of Audits * Analysis of an Audit * Surviving an Audit * The Cost of an Audit * Sample Audit Checklist INCIDENT RESPONSE * Understanding Incident Management * The Importance of CSIR Teams * Justifying a Response Team * Cost of an Incident * Assessing Your Needs * How to Use Your Assessment * Building an Incident Response Plan of Attack * When an Incident Occurs * The SANS Institute's Incident-Response Plan * Analyzing an Attack INTEGRATING PEOPLE, PROCESS, AND TECHNOLOGY * Your Security Infrastructure * Maintaining a Successful Security Infrastructure * Security-Awareness Training * Who Are We? * What Are Our Responsibilities? * What are Your (the employee's) Responsibilities? * Security ROI * Security Infrastructure Components * Interoperability and Management * Security Infrastructure Myths TRENDS TO WATCH * PDAs * Peer-to-Peer Networks * Honeypots * Storage-Area Networks * The Rewards Are Yours 2009-11-27T08:22:20Z 2009-11-27T08:22:20Z 2003 Book http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1329 en application/octet-stream CRC Press |