How to Integrate People, Process, and Technology
E-Book, Englisch, 528 Seiten
ISBN: 978-0-203-50140-5
Verlag: Taylor & Francis
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
About the Author
Amanda Andress, CISSP, SSCP, CPA, CISA is Founder and President of ArcSec Technologies, a firm which focuses on security product reviews and consulting. Prior to that she was Director of Security for Privada, Inc., a privacy company in San Jose, California. She built extensive security auditing and IS control experience working at Exxon and Big 5 firms Deloitte & Touche and Ernst & Young. She has been published in NetworkWorld, InfoWorld, Information Security Magazine, and others, and is a frequent presenter at industry events such as N+I and Black Hat.
Zielgruppe
Information security practitioners; network and system administrators; CIO and MIS managers; students.
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
WHY DO I NEED SECURITY?
Introduction
The Importance of an Effective Security Infrastructure
People, Process, and Technology
What Are You Protecting Against?
Types of Attacks
Types of Attackers
Security as a Competitive Advantage
Choosing a Solution
Finding Security Employees
The Layered Approach
UNDERSTANDING REQUIREMENTS AND RISK
What Is Risk?
Embracing Risk
Information Security Risk Assessment
Assessing Risk
Insurance
SECURITY POLICIES AND PROCEDURES
Internal Focus Is Key
Security Awareness and Education
Policy Life Cycle
Developing Policies
Components of a Security Policy
Sample Security Policies
Procedures
CRYPTOGRAPHY AND ENCRYPTION
A Brief History of Cryptography
Cryptography Today
Hash Algorithms
Digital Signatures
e-Signature Law
Digital Certificates
Public-Key Infrastructure (PKI)
Secure Sockets Layer (SSL)
Other Protocols and Standards
Pretty Good Privacy (PGP)
Steganography
Other Uses of Encryption
AUTHENTICATION
Multifactor Authentication
Methods of Authentication
Single Sign-On
Centralized Administration Remains Elusive
NETWORK ARCHITECTURE AND PHYSICAL SECURITY
Changing Network Architecture
Common Configurations
Anson Inc.'s Architecture
Internal Architecture
Virtual Local Area Networks
Physical Security
Choosing a Location
Policies and Procedures
FIREWALLS AND PERIMETER SECURITY
Firewall Advances
Firewall Technologies
Firewall Features
The Best Firewall for You
Hardware Appliance vs. Software
In-House vs. Outsource
Firewall Architectures
Which Architecture Will Work for You?
Configuring Your Firewall
Firewall Rules
Content Filtering
Logging
A Good Start
NETWORK MANAGEMENT AND DEVICE SECURITY
Networks, Networks Everywhere
Denial of Service
Reflected Attacks
Defending Your Network
Identifying Compromised Systems
SNMP
SNMP Security
Identifying New Devices on the Network
Secure Device Configuration
General Steps for All Network Devices
WIRELESS NETWORK SECURITY
Standards
Security Issues
Authentication Solutions
Auditing Wireless LANs
INTRUSION DETECTION
What Are Intrusion-Detection Systems?
Categories of Intrusion Analysis
Characteristics of a Good IDS
Errors
Categories of Intrusion Detection
Separating the Truth from the Hype
Network Architecture with Intrusion Detection
Managed Services
Problems with Intrusion Detection
Technologies Under Development
REMOTE ACCESS
Remote-Access Users
Remote-Access Requirements
Issues with Remote Access
Policies
Technologies
Deploying and Supporting Remote Access
End-User Security
HOST SECURITY
Implementing Host Security
Understanding System Functions
Operating System Hardening
Security-Monitoring Programs
System Auditing
SERVER SECURITY
Hardening vs. Server Security
Firewalls
Web Servers
E-Mail Servers
Databases
DNS Servers
DNSSEC
Domain Controllers and Active Directory
Appliances
E-Mail Security
Policy Management
Policy Control
CLIENT SECURITY
Locking Down Systems
Protecting against Viruses
Protecting against Malware
Microsoft Applications
Instant Messaging
APPLICATION DEVELOPMENT
Identifying Threats
Web-Application Security
Prevention 334
Technology Tools and Solutions
SECURITY MAINTENANCE AND MONITORING
Security Is an Ongoing Process
Patches
Monitor Mailing Lists
Review Logs
Periodically Review Configurations
Managed Security Services
VULNERABILITY TESTING
How Does the Assessment Work?
When Are Vulnerability Assessments Needed?
Why Assess Vulnerability?
Performing Assessments
Password Cracking
Common Attacks
SECURITY AUDITS
Audit Overview
The Audit
Types of Audits
Analysis of an Audit
Surviving an Audit
The Cost of an Audit
Sample Audit Checklist
INCIDENT RESPONSE
Understanding Incident Management
The Importance of CSIR Teams
Justifying a Response Team
Cost of an Incident
Assessing Your Needs
How to Use Your Assessment
Building an Incident Response Plan of Attack
When an Incident Occurs
The SANS Institute's Incident-Response Plan
Analyzing an Attack
INTEGRATING PEOPLE, PROCESS, AND TECHNOLOGY
Your Security Infrastructure
Maintaining a Successful Security Infrastructure
Security-Awareness Training
Who Are We?
What Are Our Responsibilities?
What are Your (the employee's) Responsibilities?
Security ROI
Security Infrastructure Components
Interoperability and Management
Security Infrastructure Myths
TRENDS TO WATCH
PDAs
Peer-to-Peer Networks
Honeypots
Storage-Area Networks
The Rewards Are Yours
