Tibble | Security De-Engineering | E-Book | sack.de
E-Book

E-Book, Englisch, 332 Seiten

Tibble Security De-Engineering


Solving the Problems in Information Risk Management

E-Book, Englisch, 332 Seiten

ISBN: 978-1-4665-1660-1
Verlag: Taylor & Francis
Format: EPUB
 Kopierschutz: Adobe DRM (»Systemvoraussetzungen)

As hacker organizations surpass drug cartels in terms of revenue generation, it is clear that the good guys are doing something wrong in information security. Providing a simple foundational remedy for our security ills, Security De-Engineering: Solving the Problems in Information Risk Management is a definitive guide to the current problems impacting corporate information risk management. It explains what the problems are, how and why they have manifested, and outlines powerful solutions.

Ian Tibble delves into more than a decade of experience working with close to 100 different Fortune 500s and multinationals to explain how a gradual erosion of skills has placed corporate information assets on a disastrous collision course with automated malware attacks and manual intrusions. Presenting a complete journal of hacking feats and how corporate networks can be compromised, the book covers the most critical aspects of corporate risk information risk management.

- Outlines six detrimental security changes that have occurred in the past decade

- Examines automated vulnerability scanners and rationalizes the differences between their perceived and actual value

- Considers security products—including intrusion detection, security incident event management, and identity management

The book provides a rare glimpse at the untold stories of what goes on behind the closed doors of private corporations. It details the tools and products that are used, typical behavioral traits, and the two types of security experts that have existed since the mid-nineties—the hackers and the consultants that came later. Answering some of the most pressing questions about network penetration testing and cloud computing security, this book provides you with the understanding and tools needed to tackle today’s risk management issues as well as those on the horizon.
Tibble Security De-Engineering jetzt bestellen!

Zielgruppe

Security professionals working in companies today, freelancers, programmers, managers, and others; IT and network operations; security hobbyists and black hatters.

Autoren/Hrsg.

Tibble, Ian

Fachgebiete

Weitere Infos & Material

PEOPLE AND BLAME

Whom Do You Blame?
The Buck Stops at the Top?
Managers and Their Loyal Secretaries
Information Security Spending—Driving Factors in the Wild
Do Top-Level Managers Care About Information Security?
Ignoring the Signs
Summary
The Hackers
Hat Colors and Ethics
"Hacker" Defined
Zen and the Art of Remote Assessment
The Hacker through the Looking Glass
Communication, Hyper-Casual Fridays, and "Maturity"
Hacker Cries Wolf
Unmuzzled Hackers and Facebook
Summary
Checklists and Standards Evangelists
Platform Security in HELL
CASE Survival Guidelines
CASEs and Network Security
Security Teams and Incident Investigation
Vulnerability/Malware Announcements
This Land Is Our Land
Common CASE Assertions
Summary
DE-ENGINEERING OF SECURITY

How Security Changed Post 2000
Migrating South: Osmosis of Analysis Functions to Operations Teams
Rise of Automated Vulnerability Scanner
Rise of Checklist
Incident Response and Management—According to Best Practices
"Best Practices" in Security Service Provision
Tip of the Iceberg—Audit Driven Security Strategy
Summary
Automated Vulnerability Scanners
Law of Diminishing Enthusiasm
False Positive Testing Revelations
Great Autoscanning Lottery
Judgment Day
Automation and Web Application Vulnerability Assessment
Web Application Security Source Code Testing
Summary
Eternal Yawn: Careers in Information Security
Information Security and Strange Attractors
Specialization in Security
Instant Manager
Technical Track
Summary
Penetration Testing—Old and New
Testing Restrictions
Restriction 1: Source IP Address
Restriction 2: Testing IP Address Range(s)
Restriction 3: Exploits Testing
Penetration Testing—The Bigger Picture
Summary
Love of Clouds and Incidents—Vain Search for Validation
Love of Incidents
Love of Clouds
Summary
SECURITY PRODUCTS

Intrusion Detection
Tuning/Initial Costs
Belt and Suspenders?
DoS the NIDS
Hidden Costs
Return on Investment
Network Intrusion Prevention Systems
Summary
A Final Note
Other Products
Identity Management
Security Information Event Management Solutions
Summary
RE-ENGINEERING OF SECURITY

One Professional Accreditation Program to Bind Them All
C-Levels Do Not Trust Us
Infosec Vocational Classifications
Requirements of an Infosec Manager
Requirements of Security Analyst
Regaining Trust: Theoretical Infosec Accreditation Structure
Summary
Index

Ian Tibble was an IT specialist with IBM Global Services before entering into the security arena. His experience of more than 11 years in information security allowed him to gain practical risk management expertise from both an architectural IT and a business analysis aspect. His experience in Infosec has been with service providers Trusecure (now Verizon) and PricewaterhouseCoopers, and also with end users in logistics, banking, and insurance. He has been engaged with security service delivery projects with close to 100 Fortune 500 companies and multinational financial institutions in Asia (Indonesia, Singapore, Malaysia, Taiwan, Hong Kong, and Australia) and Europe.

Ihre Fragen, Wünsche oder Anmerkungen
Vorname*
Nachname*
Ihre E-Mail-Adresse*
Kundennr.
Ihre Nachricht*
Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.
Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.