Managing Information Security.

Format:

Book

Author/Creator:

Vacca, John R.

Language:

English

Subjects (All):

Computer security--Management.

Computer security -- Management.

Computer networks--Security measures.

Computer networks -- Security measures.

Physical Description:

1 online resource (372 pages)

Edition:

2nd ed.

Place of Publication:

San Diego : Elsevier Science & Technology Books, 2013.

Contents:

Front Cover

Managing Information Security

Copyright Page

Contents

Acknowledgements

About the Editor

Contributors

Introduction

Organization of this Book

1. Information Security Essentials for IT Managers

1. Information Security Essentials for it Managers, Overview

Scope of Information Security Management

CISSP Ten Domains of Information Security

What is a Threat?

Common Attacks

Impact of Security Breaches

2. Protecting Mission-Critical Systems

Information Assurance

Information Risk Management

Administrative, Technical, and Physical Controls

Risk Analysis

Defense in Depth

Contingency Planning

An Incident Response (IR) Plan

Business Continuity Planning (BCP)

3. Information Security from the Ground Up

Physical Security

Facility Requirements

Data Security

Data Classification

Access Control Models

Systems and Network Security

Host-Based Security

Network-Based Security

Intrusion Detection

Intrusion Prevention

Business Communications Security

General Rules for Self-Protection

Handling Protection Resources

Rules for Mobile IT Systems

Operation on Open Networks

Additional Business Communications Guidelines

Wireless Security

Access Control

Confidentiality

Integrity

Availability

Enhancing Security Controls

Web and Application Security

Web Security

Application Security

Security Policies and Procedures

Security Employee Training and Awareness

The Ten Commandments of SETA

4. Security Monitoring and Effectiveness

Security Monitoring Mechanisms

Incidence Response and Forensic Investigations

Validating Security Effectiveness

Vulnerability Assessments and Penetration Tests

5. Summary

Chapter Review Questions/Exercises

True/False.

Multiple Choice

Exercise

Problem

Hands-On Projects

Project

Case Projects

Optional Team Case Project

2. Security Management Systems

1. Security Management System Standards

2. Training Requirements

3. Principles of Information Security

4. Roles and Responsibilities of Personnel

5. Security Policies

6. Security Controls

7. Network Access

8. Risk Assessment

9. Incident Response

10. Summary

True/False

Multiple Choice

3. Information Technology Security Management

1. Information Security Management Standards

Federal Information Security Management Act

International Standards Organization

2. Other Organizations Involved in Standards

3. Information Technology Security Aspects

Security Organization Structure

End User

Executive Management

Security Officer

Data/Information Owners

Information System Auditor

Information Technology Personnel

Systems Administrator

IT Security Processes

Processes for a Business Continuity Strategy

Processes for IT Security Governance Planning

Rules and Regulations

4. Summary

4. Online Identity and User Management Services

1. Introduction

2. Evolution of Identity Management Requirements

Digital Identity Definition

Identity Management Overview

Privacy Requirement

User Centricity

Usability Requirement

3. The Requirements Fulfilled by Identity Management Technologies.

Evolution of Identity Management

4. Identity Management 1.0

Silo Model

Solution by Aggregation

Centralized vs. Federation Identity Management

A Simple Centralized Model

Meta-Directories

Virtual Directories

Single-Sign-On (SSO)

Federated Identity Management

Identity 2.0

Identity 2.0 Initiatives

LID

XRI/XDI

SAML

Shibboleth

ID-WSF

Roadmap to Interoperable Federated Identity Services

OpenID 2.0

OpenID Stack

Discovery

Authentication

Data Transport

InfoCard

SXIP 2.0

Higgins

Summarizing Table

5. Social Login and User Management

6. Identity 2.0 for Mobile Users

Mobile Web 2.0

Mobility

Evolution of Mobile Identity

PDA as Solution to Strong Authentication

Different Kinds of Strong Authentication Through a Mobile PDA

SMS Based One-Time Password (OTP)

Soft Token Application

Full Option Mobile Solution

Future of Mobile User-Centric Identity Management in an Ambient Intelligence (AmI) World

AmI Scenario

Requirements for Mobile User-centric Identity Management in an AmI world

7. Summary

References

5. Intrusion Prevention and Detection Systems

1. What is an 'Intrusion' Anyway?

2. Physical Theft

3. Abuse of Privileges (The Insider Threat)

4. Unauthorized Access by Outsider

5. Malware Infection

6. The Role of the '0-Day'

7. The Rogue's Gallery: Attackers and Motives

Script Kiddy

Joy Rider

Mercenary

Nation-State Backed

8. A Brief Introduction to TCP/IP

9. The TCP/IP Data Architecture and Data Encapsulation

10. Survey of Intrusion Detection and Prevention Technologies

11. Anti-Malware Software.

12. Network-Based Intrusion Detection Systems

13. Network-Based Intrusion Prevention Systems

14. Host-Based Intrusion Prevention Systems

15. Security Information Management Systems

16. Network Session Analysis

17. Digital Forensics

18. System Integrity Validation

19. Summary

6. Firewalls

2. Network Firewalls

3. Firewall Security Policies

Rule-Match Policies

4. A Simple Mathematical Model for Policies, Rules, and Packets

5. First-Match Firewall Policy Anomalies

6. Policy Optimization

Policy Reordering

Combining Rules

Default Accept or Deny?

7. Firewall Types

Packet Filter

Stateful Packet Firewalls

Application Layer Firewalls

8. Host and Network Firewalls

9. Software and Hardware Firewall Implementations

10. Choosing the Correct Firewall

11. Firewall Placement and Network Topology

Demilitarized Zones

Perimeter Networks

Two-Router Configuration

Dual-Homed Host

Network Configuration Summary

12. Firewall Installation and Configuration

13. Supporting Outgoing Services Through Firewall Configuration

Forms of State

Payload Inspection

14. Secure External Services Provisioning

15. Network Firewalls for Voice and Video Applications

Packet Filtering H.323

16. Firewalls and Important Administrative Service Protocols

Routing Protocols

Internet Control Message Protocol

Network Time Protocol

Central Log File Management

Dynamic Host Configuration Protocol

17. Internal IP Services Protection

18. Firewall Remote Access Configuration

19. Load Balancing and Firewall Arrays

Load Balancing in Real Life.

How to Balance the Load

Advantages and Disadvantages of Load Balancing

20. Highly Available Firewalls

Load Balancer Operation

Interconnection of Load Balancers and Firewalls

21. Firewall Management

22. Summary

7. Penetration Testing

2. What is Penetration Testing?

3. How Does Penetration Testing Differ from an Actual "Hack?"

4. Types of Penetration Testing

5. Phases of Penetration Testing

The Pre-Attack Phase

The Attack Phase

The Post-Attack Phase

6. Defining What's Expected

7. The Need for a Methodology

8. Penetration Testing Methodologies

9. Methodology in Action

EC-Council LPT Methodology

Information Gathering

Vulnerability Analysis

External Penetration Testing

Internal Network Penetration Testing

Router Penetration Testing

Firewall Penetration Testing

IDS Penetration Testing

Wireless Network Penetration Testing

Denial-of-Service Penetration Testing

Password-Cracking Penetration Testing

Social Engineering Penetration Testing

Stolen Laptop, PDA, and Cell Phone Penetration Testing

Application Penetration Testing

Physical Security Penetration Testing

Database Penetration Testing

Voice-Over-IP Penetration Testing

VPN Penetration Testing

10. Penetration Testing Risks

11. Liability Issues

12. Legal Consequences

13. "Get Out of Jail Free" Card

14. Penetration Testing Consultants

15. Required Skill Sets

16. Accomplishments

17. Hiring a Penetration Tester

18. Why Should a Company Hire You?

Qualifications

Work Experience

Cutting-Edge Technical Skills

Communication Skills

Attitude

Team Skills.

Company Concerns.

Notes:

Description based on publisher supplied metadata and other sources.

Other Format:

Print version: Vacca, John R. Managing Information Security

ISBN:

9780124166943

OCLC:

861257287