How to cheat at managing information security / Mark Osborne ; Paul M. Summitt, technical editor.

Format:

Book

Author/Creator:

Osborne, Mark (Chief information security officer)

Series:

How to Cheat

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer networks.

Computer security--Management.

Computer security.

Physical Description:

1 online resource (345 p.)

Edition:

1st edition

Other Title:

Managing information security

Place of Publication:

Rockland, MA : Syngress Publishing, 2006.

Language Note:

English

System Details:

text file

Summary:

This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks. These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non - technical principle and practices of security and provides basic information about the technical detai

Contents:

Front Cover; How to Cheat at Managing Information Security; Copyright Page; Contents; Security Policy Revisited; Preface; Introduction; Chapter 1. The Security Organization; Anecdote; Introduction; Where Should Security Sit? Below the CEO, CTO, or CFO; Your Mission: If You Choose to Accept It; Role of the Security Function: What's in a Job?; The Hybrid Security Team: Back to Organizational Studies; What Makes a Good CISO?; Summary; Chapter 2. The Information Security Policy; Anecdote; Introduction; Policy, Strategy, and Standards: Business Theory; Back to Security

The Security Strategy and the Security Planning ProcessSecurity Standards Revisited; Compliance and Enforcement; Summary; Chapter 3. Jargon, Principles, and Concepts; Anecdote; Introduction; CIA: Confidentiality, Integrity, and Availability; The Vulnerability Cycle; Types of Controls; Risk Analysis; AAA; Other Concepts You Need to Know; Generic Types of Attack; Summary; Chapter 4. Information Security Laws and Regulations; Anecdote; Introduction; U.K. Legislation; U.S. Legislation; Summary; Chapter 5. Information Security Standards and Audits; Anecdote; Introduction

ISO/IEC 27001:2005: What Now for BS 7799?PAS 56; FIPS 140-2; Common Criteria Certification; Types of Audit; Summary; Chapter 6. Interviews, Bosses, and Staff; Anecdote; Introduction; Bosses; Worst Employees; Summary; Chapter 7. Infrastructure Security; Anecdote; Introduction; E-commerce; Just Checking; Summary; Chapter 8. Firewalls; Anecdote; Introduction; Firewall Structure and Design; Other Types of Firewalls; Commercial Firewalls; Summary; Chapter 9. Intrusion Detection Systems: Theory; Anecdote; Introduction; Why Bother with an IDS?; NIDS in Your Hair; For the Technically Minded; Summary

Chapter 10. Intrusion Detection Systems: In PracticeAnecdote; Introduction: Tricks, Tips, and Techniques; IDS Deployment Methodology; Selection; Deployment; Information Management; Incident Response and Crisis Management; Test and Tune; Summary; Chapter 11. Intrusion Prevention and Protection; Anecdote; Introduction; What Is an IPS?; Active Response: What Can an IPS Do?; A Quick Tour of IPS Implementations; Example Deployments; Summary; Chapter 12. Network Penetration Testing; Anecdote; Introduction; Types of Penetration Testing; Network Penetration Testing

Controls and the Paperwork You NeedWhat's the Difference between a Pen Test and Hacking?; Summary; Chapter 13. Application Security Flaws and Application Testing; Anecdote; Introduction; Configuration Management; Unvalidated Input; Bad Identity Control; Fixing Things; For the More Technically Minded; Summary; Index

Notes:

Description based upon print version of record.

ISBN:

9786611072971

9781281072979

1281072974

9780080508283

0080508286

9781597491310

1597491314

OCLC:

320315074