E-Book, Englisch, 592 Seiten, Web PDF
Contos / Crowell / DeRodeff Physical and Logical Security Convergence: Powered By Enterprise Security Management
1. Auflage 2011
ISBN: 978-0-08-055878-3
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, 592 Seiten, Web PDF
ISBN: 978-0-08-055878-3
Verlag: Elsevier Science & Techn.
Format: PDF
Kopierschutz: 1 - PDF Watermark
Government and companies have already invested hundreds of millions of dollars in the convergence of physical and logical security solutions, but there are no books on the topic.
This book begins with an overall explanation of information security, physical security, and why approaching these two different types of security in one way (called convergence) is so critical in today's changing security landscape. It then details enterprise security management as it relates to incident detection and incident management. This is followed by detailed examples of implementation, taking the reader through cases addressing various physical security technologies such as: video surveillance, HVAC, RFID, access controls, biometrics, and more.
*This topic is picking up momentum every day with every new computer exploit, announcement of a malicious insider, or issues related to terrorists, organized crime, and nation-state threats
*The author has over a decade of real-world security and management expertise developed in some of the most sensitive and mission-critical environments in the world
*Enterprise Security Management (ESM) is deployed in tens of thousands of organizations worldwide
William P. Crowell is an Independent Consultant specializing in Information Technology, Security and Intelligence Systems. He also is a director and Chairman of Broadware Technologies, an Internet streaming-video company, a director of ArcSight, Inc., an enterprise security management software company, a director of Narus, a software company specializing in IP telecommunications Infrastructure software, a director at Ounce Labs, a software company specializing in source code vulnerability assessment tools and a director of RVison, a video surveillance technology company. In July 2003 he was appointed to the Unisys Corporate Security Advisory Board (now the Security Leadership Institute) to address emerging security issues and best practices.
William P. Crowell served as President and Chief Executive Officer of Santa Clara, California-based Cylink Corporation, a leading provider of e-business security solutions from November 1998 to February 2003, when Cylink was acquired by SafeNet, Inc., a Baltimore based VPN technology and security products company. He continues to serve as a consultant and member of the Federal Advisory Board at SafeNet.
Crowell came to Cylink from the National Security Agency, where he held a series of senior positions in operations, strategic planning, research and development, and finance. In early 1994 he was appointed as the Deputy Director of NSA and served in that post until his retirement in late 1997 From 1989 to 1990, Crowell served as a vice president at Atlantic Aerospace Electronics Corporation, now a subsidiary of Titan Systems, leading business development in space technology, signal processing and intelligence systems.
In April 1999, Crowell was appointed to the President's Export Council (PEC), which advised the administration on trade and export policy. He served as chairman of the PEC Subcommittee on Encryption, which worked with the Administration, Congress and private industry to substantially loosen restric
Zielgruppe
Academic/professional/technical: Research and professional
Autoren/Hrsg.
Weitere Infos & Material
1;Front Cover;1
2;Physical and Logical Security Convergence;4
3;Copyright Page;5
4;Contents;16
5;Foreword;24
6;Chapter 1. Introduction;28
6.1;Security Concepts and the Impact of Convergence;31
7;Chapter 2. The Evolution of Physical Security;42
7.1;Introduction;43
7.2;The History of Physical Security;46
7.3;The Four Categories of Physical Security;47
7.4;Command and Control: Automating Security Responses;79
7.5;Conclusion;83
8;Chapter 3. Security Convergence: What Is It Anyway?;86
8.1;Introduction;87
8.2;Defining Security Convergence;87
8.3;Functional Convergence Drives Security Solutions;95
8.4;Security Convergence Is Changing the Security Culture;99
8.5;The Convergence Role in Accelerating Security Solutions Worldwide;104
8.6;Security Convergence Is Changing the Sales Channel;113
8.7;Summary;118
9;Chapter 4. The Challenges Surrounding Security Convergence;120
9.1;Introduction;121
9.2;Technology History: Uncontrolled Internet Growth;122
9.3;Internet Productivity;127
9.4;Administration, Process, and Procedures: Management in the Internet Age;130
9.5;Benefits of Using Risk Management in Planning IT Security Administration;132
9.6;Security and Intelligence: The Impact of a New Surveillance Community;142
9.7;The DNI and the Intelligence Reform Act of 2004;145
9.8;Conclusion;149
10;Chapter 5. IT Governance and Enterprise Security Policy;150
10.1;The Twenty-First-Century Business Model;151
10.2;What Is IT Governance?;154
10.3;IT Governance Research: MIT Sloan School of Management;157
10.4;The New Management Strategy Behind IT Governance;162
10.5;Security Policy: A Growing Priority for IT Governance;163
10.6;Web Collaboration: A Global Communications Requirement;168
10.7;Government Compliance;171
10.8;Conclusion;176
11;Chapter 6. The Evolution of Global Security Solutions;178
11.1;Introduction;179
11.2;Collaboration Convergence:The Transfer of Military Technology;179
11.3;Follow the Money: Funding Sources and New Convergence Strategies;182
11.4;Security Convergence: Rapidly Going Global;192
11.5;The Starting Point: IdentityManagement and Access Control;196
11.6;The Challenges of Convergence: Positioning to Embrace Change;206
11.7;The Emergence of the CIO and Its Impact on Security Convergence;210
11.8;Conclusion;214
12;Chapter 7. Positioning Security: Politics, Industry, and Business Value;216
12.1;Twenty-First-Century Risk: Physical and Electronic Security Collaboration;217
12.2;Homeland Security;220
12.3;Industry Associations: Anticipating Trends in the Global Security Market;229
12.4;Convergence: Creating New Security Business Value;236
12.5;The Collaboration of Security Responsibilities;237
13;Chapter 8. The New Security Model: The Trusted Enterprise;252
13.1;How Wall Street Funded the Global Economy:Twenty-First Century Security;253
13.2;Wall Street Still Needs a Yardstick:The Trusted Enterprise Valuation;256
13.3;Identity and Verification:The Foundation of the Trusted Enterprise;258
13.4;Unisys Corporation: Leading the Way to the Trusted Enterprise;260
13.5;Modeling the Trusted Enterprise;265
13.6;Conclusion;280
14;Chapter 9. ESM Architecture;282
14.1;Introduction;283
14.2;What Is ESM?;283
14.3;ESM at the Center of Physical and Logical Security Convergence;286
14.4;ESM Deployment Strategies;290
14.5;The Convergence of Network Operations and Security Operations;298
14.6;Conclusion;314
15;Chapter 10. Log Collection;316
15.1;Introduction;317
15.2;National Institute ofStandards and Technology (NIST) Special Publication 800-92;318
15.3;Log Normalization;319
15.4;Log Severity;327
15.5;Log Time Correction;329
15.6;Log Categorization;330
15.7;What to Transport;332
15.8;When to Transport;342
15.9;How to Transport;343
15.10;Conclusion;345
16;Chapter 11. Real-Time Event Correlation, Analysis, and Response;346
16.1;Introduction;347
16.2;Threat Formulas;347
16.3;Correlation and Rules;349
16.4;Active Channels;362
16.5;Dashboards;364
16.6;Workflow;370
16.7;Conclusion;376
17;Chapter 12. Event Storage and Forensic Analysis;378
17.1;Introduction;379
17.2;Event Storage;379
17.3;Discovering and Interacting with Patterns;387
17.4;Conclusion;397
18;Chapter 13. Bridging the Chinese Wall;398
18.1;Introduction;399
18.2;What Is a Chinese Wall?;399
18.3;Data Sources;402
18.4;Bridging the Chinese Wall: Detection through Convergence;419
18.5;Conclusion;428
19;Chapter 14. Physical and Logical Access;430
19.1;Introduction;431
19.2;Use-Case Exploration;431
19.3;Data Sources;433
19.4;Detection through Convergence: Physical + VPN Access;461
19.5;Detection through Convergence: Administrative Account Sharing;466
19.6;Conclusion;471
20;Chapter 15. Intelligent Video Analytics;472
20.1;Introduction;473
20.2;Technology Background: Video Analytics;473
20.3;Data Sources;479
20.4;Detection through Convergence;498
20.5;Conclusion;506
21;Chapter 16. Environmental Sensors;508
21.1;Introduction;509
21.2;Environmental Sensors: A Technology Background;509
21.3;Providing Automated Response to Environmental Threats;513
21.4;Challenges of Integration;522
21.5;Data Center Meltdown;524
21.6;Conclusion;529
22;Chapter 17. Protecting Critical Infrastructure: Process Control and SCADA;530
22.1;Introduction;531
22.2;Technology Background: Process Control Systems;532
22.3;Why Convergence?;546
22.4;Threats and Challenges;550
22.5;Conclusion;573
23;Chapter 18. Final Thoughts;576
23.1;Introduction;577
23.2;Final Thoughts from William Crowell;577
23.3;Final Thoughts from Dan Dunkel;578
23.4;Final Thoughts from Brian Contos;579
23.5;Final Thoughts from Colby DeRodeoff;580
24;Index;582
