Andress Surviving Security

How to Integrate People, Process, and Technology
2. Auflage 2003
ISBN: 978-0-203-50140-5
Verlag: CRC Press
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

Häufig gestellte Fragen zu E-Books

E-Book, Englisch, 528 Seiten

Surviving Security
2. Auflage 2003, 978-1-135-49162-8, eBook, EPUB, 2 - DRM Adobe

Surviving Security
2. Auflage 2003, 978-0-8493-2042-2, Buch

Keine Vorlesefunktionen des Lesesystems deaktiviert (bis auf)
Navigierbares Inhaltsverzeichnis
Seitennummerierung folgt dem gedruckten Werk
E-Mail des Verlages bei Fragen zur Barrierefreiheit: ebookqueries@tandf.co.uk

How to Integrate People, Process, and Technology

E-Book, Englisch, 528 Seiten

ISBN: 978-0-203-50140-5
Verlag: CRC Press
Format: PDF
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

Häufig gestellte Fragen zu E-Books

65,99 €

(inkl. MwSt.)

versandkostenfreie Lieferung
sofort verfügbar

Previous information security references do not address the gulf between general security awareness and the specific technical steps that need to be taken to protect information assets. Surviving Security: How to Integrate People, Process, and Technology, Second Edition fills this void by explaining security through a holistic approach that considers both the overall security infrastructure and the roles of each individual component. This book provides a blueprint for creating and executing sound security policy. The author examines the costs and complications involved, covering security measures such as encryption, authentication, firewalls, intrusion detection, remote access, host security, server security, and more. After reading this book, you will know how to make educated security decisions that provide airtight, reliable solutions.

About the Author
Amanda Andress, CISSP, SSCP, CPA, CISA is Founder and President of ArcSec Technologies, a firm which focuses on security product reviews and consulting. Prior to that she was Director of Security for Privada, Inc., a privacy company in San Jose, California. She built extensive security auditing and IS control experience working at Exxon and Big 5 firms Deloitte & Touche and Ernst & Young. She has been published in NetworkWorld, InfoWorld, Information Security Magazine, and others, and is a frequent presenter at industry events such as N+I and Black Hat.

Andress Surviving Security jetzt bestellen!

Zielgruppe

Information security practitioners; network and system administrators; CIO and MIS managers; students.

Autoren/Hrsg.

Andress, Amanda

Fachgebiete

Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Netzwerksicherheit

Weitere Infos & Material

Inhaltsverzeichnis

WHY DO I NEED SECURITY?

Introduction

The Importance of an Effective Security Infrastructure

People, Process, and Technology

What Are You Protecting Against?

Types of Attacks

Types of Attackers

Security as a Competitive Advantage

Choosing a Solution

Finding Security Employees

The Layered Approach

UNDERSTANDING REQUIREMENTS AND RISK

What Is Risk?

Embracing Risk

Information Security Risk Assessment

Assessing Risk

Insurance

SECURITY POLICIES AND PROCEDURES

Internal Focus Is Key

Security Awareness and Education

Policy Life Cycle

Developing Policies

Components of a Security Policy

Sample Security Policies

Procedures

CRYPTOGRAPHY AND ENCRYPTION

A Brief History of Cryptography

Cryptography Today

Hash Algorithms

Digital Signatures

e-Signature Law

Digital Certificates

Public-Key Infrastructure (PKI)

Secure Sockets Layer (SSL)

Other Protocols and Standards

Pretty Good Privacy (PGP)

Steganography

Other Uses of Encryption

AUTHENTICATION

Multifactor Authentication

Methods of Authentication

Single Sign-On

Centralized Administration Remains Elusive

NETWORK ARCHITECTURE AND PHYSICAL SECURITY

Changing Network Architecture

Common Configurations

Anson Inc.'s Architecture

Internal Architecture

Virtual Local Area Networks

Physical Security

Choosing a Location

Policies and Procedures

FIREWALLS AND PERIMETER SECURITY

Firewall Advances

Firewall Technologies

Firewall Features

The Best Firewall for You

Hardware Appliance vs. Software

In-House vs. Outsource

Firewall Architectures

Which Architecture Will Work for You?

Configuring Your Firewall

Firewall Rules

Content Filtering

Logging

A Good Start

NETWORK MANAGEMENT AND DEVICE SECURITY

Networks, Networks Everywhere

Denial of Service

Reflected Attacks

Defending Your Network

Identifying Compromised Systems

SNMP

SNMP Security

Identifying New Devices on the Network

Secure Device Configuration

General Steps for All Network Devices

WIRELESS NETWORK SECURITY

Standards

Security Issues

Authentication Solutions

Auditing Wireless LANs

INTRUSION DETECTION

What Are Intrusion-Detection Systems?

Categories of Intrusion Analysis

Characteristics of a Good IDS

Errors

Categories of Intrusion Detection

Separating the Truth from the Hype

Network Architecture with Intrusion Detection

Managed Services

Problems with Intrusion Detection

Technologies Under Development

REMOTE ACCESS

Remote-Access Users

Remote-Access Requirements

Issues with Remote Access

Policies

Technologies

Deploying and Supporting Remote Access

End-User Security

HOST SECURITY

Implementing Host Security

Understanding System Functions

Operating System Hardening

Security-Monitoring Programs

System Auditing

SERVER SECURITY

Hardening vs. Server Security

Firewalls

Web Servers

E-Mail Servers

Databases

DNS Servers

DNSSEC

Domain Controllers and Active Directory

Appliances

E-Mail Security

Policy Management

Policy Control

CLIENT SECURITY

Locking Down Systems

Protecting against Viruses

Protecting against Malware

Microsoft Applications

Instant Messaging

APPLICATION DEVELOPMENT

Identifying Threats

Web-Application Security

Prevention 334
Technology Tools and Solutions

SECURITY MAINTENANCE AND MONITORING

Security Is an Ongoing Process

Patches

Monitor Mailing Lists

Review Logs

Periodically Review Configurations

Managed Security Services

VULNERABILITY TESTING

How Does the Assessment Work?

When Are Vulnerability Assessments Needed?

Why Assess Vulnerability?

Performing Assessments

Password Cracking

Common Attacks

SECURITY AUDITS

Audit Overview

The Audit

Types of Audits

Analysis of an Audit

Surviving an Audit

The Cost of an Audit

Sample Audit Checklist

INCIDENT RESPONSE

Understanding Incident Management

The Importance of CSIR Teams

Justifying a Response Team

Cost of an Incident

Assessing Your Needs

How to Use Your Assessment

Building an Incident Response Plan of Attack

When an Incident Occurs

The SANS Institute's Incident-Response Plan

Analyzing an Attack

INTEGRATING PEOPLE, PROCESS, AND TECHNOLOGY
Your Security Infrastructure

Maintaining a Successful Security Infrastructure

Security-Awareness Training

Who Are We?

What Are Our Responsibilities?

What are Your (the employee's) Responsibilities?

Security ROI

Security Infrastructure Components

Interoperability and Management

Security Infrastructure Myths

TRENDS TO WATCH

PDAs

Peer-to-Peer Networks

Honeypots

Storage-Area Networks

The Rewards Are Yours

Produktsicherheit

Fragen zum Artikel?

Ihre Fragen, Wünsche oder Anmerkungen

Vorname*

Nachname*

Ihre E-Mail-Adresse*

Kundennr.

Ihre Nachricht*

Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.

Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.

65,99 € (inkl. MwSt.)

sofort verfügbar

Webcode: www2.sack.de/xxdw7