Buch, Englisch, 290 Seiten, Format (B × H): 152 mm x 229 mm, Gewicht: 424 g
Buch, Englisch, 290 Seiten, Format (B × H): 152 mm x 229 mm, Gewicht: 424 g
ISBN: 978-1-119-09093-9
Verlag: Wiley
Autoren/Hrsg.
Fachgebiete
Weitere Infos & Material
Preface xiii
Chapter 1 Electronic Business Systems Security 1
Introduction 1
How Is E-Business Security Defined? 2
Can E-Business Security Be Explained More Simply? 3
Is E-Business Security Really Such a Big Deal? 3
Is E-Business Security More Important Than Other Information Technology Initiatives? 4
How Does an Organization Get Started? 5
Instead of Playing “Catch-Up,” What Should an Organization Be Doing to Design E-Business Systems That Are Secure in the First Place? 7
Chapter 2 E-Business Systems and Infrastructure Support Issues 8
Introduction 8
E-Business Defined 9
A Short History of E-Business Innovations 9
The Need for Secure E-Business Systems 14
Software: The Vulnerable Underbelly of Computing 17
The Interoperability Challenge and E-Business Success 20
E-Business Security: An Exercise in Trade-Offs 23
Few Systems Are Designed to Be Secure 25
Conclusion 26
Chapter 3 Security Weaknesses in E-Business Infrastructure and “Best Practices” Security 27
Introduction 27
Fundamental Technical Security Threats 28
The Guiding Principles of Protection 38
“Best Practice” Prevention, Detection, and Countermeasures and Recovery Techniques 47
Chapter 4 Managing E-Business Systems and Security 58
Introduction 58
Part One: Misconceptions and Questionable Assumptions 60
Part Two: Managing E-Business Systems as a Corporate Asset 69
Part Three: E-Business Security Program Management 97
Chapter 5 A “Just-in-Time” Strategy for Securing the E-Business System: The Role for Security Monitoring and Incident Response 129
The Current State of E-Business Security 130
Standard Requirements of an E-Business Security Strategy 132
A New Security Strategy 133
The Crucial Role of Security Monitoring and Incident Response to the Securing of E-Business Systems 134
The Current State of Intrusion Detection Systems (IDS) 134
Defining a Cost-Effective Security Monitoring and Incident Response Capability 137
Alternatives to Building “Your Own” Security Monitoring and Incident Response Capability 138
Summary 139
Chapter 6 Designing and Delivering Secured E-Business Application Systems 140
Introduction 140
Past Development Realities 145
Contemporary Development Realities 148
Developing Secured E-Business Systems 150
Using the SDR Framework 153
Choosing a Systems Development Methodology That Is Compatible with the SDR Framework 154
Participants in the Identification of Security and Integrity Controls 154
Importance of Automated Tools 162
A Cautionary Word About New Technologies 165
Summary and Conclusions 165
Chapter 7 Justifying E-Business Security and the Security Management Program 167
Introduction 167
The “Quantifiable” Argument 169
Emerging “Nonquantifiable” Arguments 170
Benefits Justifications Must Cover Security Program Administration 175
Conclusion 177
Chapter 8 Computers, Software, Security, and Issues of Liability 178
Evolving Theories of Responsibility 178
Likely Scenarios 179
How Might a Liability Case Unfold? 180
Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E-Business System 182
Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative 187
The Problem of Dependency 187
Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships 188
Frequently Asked Questions About the IT-ISAC 190
Critical Information Infrastructure Protection Issues that Need Resolution 192
Appendix A: Y2K Lessons Learned and Their Importance for E-Business Security 194
Appendix B: Systems Development Review Framework for E-Business Development Projects 208
Appendix C: A Corporate Plan of Action for Securing E-Business Systems (Sample) 229
Appendix D: E-Business Risk Management Review Model Instructions for Use 251
Appendix E: Resources Guide 262
Index 267
