| Edition |
2nd ed. |
| Description |
1 online resource |
|
text txt rdacontent |
|
computer c rdamedia |
|
online resource cr rdacarrier |
| Summary |
Managing Information Security offers focused coverage of how to protect mission critical systems, and how to deploy security management systems, IT security, ID management, intrusion detection and prevention systems, computer forensics, network forensics, firewalls, penetration testing, vulnerability assessment, and more. It offers in-depth coverage of the current technology and practice as it relates to information security management solutions. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. Chapters contributed by leaders in the field covering foundational and practical aspects of information security management, allowing the reader to develop a new level of technical expertise found nowhere else. Comprehensive coverage by leading experts allows the reader to put current technologies to work. Presents methods of analysis and problem solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions. |
| Note |
Print version record. |
| Contents |
1. Information Security Essentials for IT Managers / Albert Caballero -- 1. Information Security Essentials for IT Managers, Overview -- 2. Protecting Mission-Critical Systems -- 3. Information Security from the Ground Up -- 4. Security Monitoring and Effectiveness -- 5. Summary -- Chapter Review Questions/Exercises -- Exercise -- 2. Security Management Systems / James T. Harmening -- 1. Security Management System Standards -- 2. Training Requirements -- 3. Principles of Information Security -- 4. Roles and Responsibilities of Personnel -- 5. Security Policies -- 6. Security Controls -- 7. Network Access -- 8. Risk Assessment -- 9. Incident Response -- 10. Summary -- Chapter Review Questions/Exercises -- Exercise -- 3. Information Technology Security Management / Bhushan Kapoor -- 1. Information Security Management Standards -- 2. Other Organizations Involved in Standards -- 3. Information Technology Security Aspects -- 4. Summary -- Chapter Review Questions/Exercises -- Exercise -- 4. Online Identity and User Management Services / Jean-Marc Seigneur -- 1. Introduction -- 2. Evolution of Identity Management Requirements -- 3. The Requirements Fulfilled by Identity Management Technologies -- 4. Identity Management 1.0 -- 5. Social Login and User Management -- 6. Identity 2.0 for Mobile Users -- 7. Summary -- Chapter Review Questions/Exercises -- Exercise -- References -- 5. Intrusion Prevention and Detection Systems / Christopher Day -- 1. What is an `Intrusion' Anyway? -- 2. Physical Theft -- 3. Abuse of Privileges (The Insider Threat) -- 4. Unauthorized Access by Outsider -- 5. Malware Infection -- 6. The Role of the `0-Day' -- 7. The Rogue's Gallery: Attackers and Motives -- 8. A Brief Introduction to TCP/IP -- 9. The TCP/IP Data Architecture and Data Encapsulation -- 10. Survey of Intrusion Detection and Prevention Technologies -- 11. Anti-Malware Software -- 12. Network-Based Intrusion Detection Systems -- 13. Network-Based Intrusion Prevention Systems -- 14. Host-Based Intrusion Prevention Systems -- 15. Security Information Management Systems -- 16. Network Session Analysis -- 17. Digital Forensics -- 18. System Integrity Validation -- 19. Summary -- Chapter Review Questions/Exercises -- Exercise -- References -- 6. Firewalls / Dr. Errin W. Fulp -- 1. Introduction -- 2. Network Firewalls -- 3. Firewall Security Policies -- 4. A Simple Mathematical Model for Policies, Rules, and Packets -- 5. First-Match Firewall Policy Anomalies -- 6. Policy Optimization -- 7. Firewall Types -- 8. Host and Network Firewalls -- 9. Software and Hardware Firewall Implementations -- 10. Choosing the Correct Firewall -- 11. Firewall Placement and Network Topology -- 12. Firewall Installation and Configuration -- 13. Supporting Outgoing Services Through Firewall Configuration -- 14. Secure External Services Provisioning. |
|
15. Network Firewalls for Voice and Video Applications -- 16. Firewalls and Important Administrative Service Protocols -- 17. Internal IP Services Protection -- 18. Firewall Remote Access Configuration -- 19. Load Balancing and Firewall Arrays -- 20. Highly Available Firewalls -- 21. Firewall Management -- 22. Summary -- Chapter Review Questions/Exercises -- Exercise -- 7. Penetration Testing / Sanjay Bavisi -- 1. Introduction -- 2. What is Penetration Testing? -- 3. How Does Penetration Testing Differ from an Actual "Hack?" -- 4. Types of Penetration Testing -- 5. Phases of Penetration Testing -- 6. Defining What's Expected -- 7. The Need for a Methodology -- 8. Penetration Testing Methodologies -- 9. Methodology in Action -- 10. Penetration Testing Risks -- 11. Liability Issues -- 12. Legal Consequences -- 13. "Get Out of Jail Free" Card -- 14. Penetration Testing Consultants -- 15. Required Skill Sets -- 16. Accomplishments -- 17. Hiring a Penetration Tester -- 18. Why Should a Company Hire You? -- 19. Summary -- Chapter Review Questions/Exercises -- Exercise -- 8. What is Vulnerability Assessment? / Almantas Kakareka -- 1. Introduction -- 2. Reporting -- 3. The "It Won't Happen to Us" Factor -- 4. Why Vulnerability Assessment? -- 5. Penetration Testing Versus Vulnerability Assessment -- 6. Vulnerability Assessment Goal -- 7. Mapping the Network -- 8. Selecting the Right Scanners -- 9. Central Scans Versus Local Scans -- 10. Defense in Depth Strategy -- 11. Vulnerability Assessment Tools -- 12. SARA -- 13. SAINT -- 14. MBSA -- 15. Scanner Performance -- 16. Scan Verification -- 17. Scanning Cornerstones -- 18. Network Scanning Countermeasures -- 19. Vulnerability Disclosure Date -- 20. Proactive Security Versus Reactive Security -- 21. Vulnerability Causes -- 22. Diy Vulnerability Assessment -- 23. Summary -- Chapter Review Questions/Exercises -- Exercise -- 9. Cyber Forensics / Scott R. Ellis -- 1. What is Cyber Forensics? -- 2. Analysis of Data -- 3. Cyber Forensics in the Court System -- 4. Understanding Internet History -- 5. Temporary Restraining Orders and Labor Disputes -- 6. First Principles -- 7. Hacking a Windows XP Password -- 8. Network Analysis -- 9. Cyber Forensics Applied -- 10. Tracking, Inventory, Location of Files, Paperwork, Backups, and so on -- 11. Testifying as an Expert -- 12. Beginning to End in Court -- 13. Summary -- Chapter Review Questions/Exercises -- Exercise -- 10. Cyber Forensics and Incident Response / Cem Gurkok -- 1. Introduction to Cyber Forensics -- 2. Handling Preliminary Investigations -- 3. Controlling an Investigation -- 4. Conducting Disk-Based Analysis -- 5. Investigating Information-Hiding Techniques -- 6. Scrutinizing Email -- 7. Validating Email Header Information -- 8. Tracing Internet Access -- 9. Searching Memory in Real Time -- 10. Summary -- Chapter Review Questions/Exercises -- Exercise -- References -- 11. Network Forensics / Yong Guan -- 1. Scientific Overview -- 2. The Principles of Network Forensics -- 3. Attack Traceback and Attribution -- 4. Critical Needs Analysis -- 5. Research Directions -- 6. Summary -- Chapter Review Questions/Exercises -- Exercise. |
| Subject |
Computer security -- Management.
|
|
Electronic data processing departments -- Security measures.
|
|
Computer networks -- Security measures.
|
|
Sécurité informatique -- Gestion.
|
|
Centres de traitement de l'information -- Sécurité -- Mesures.
|
|
Réseaux d'ordinateurs -- Sécurité -- Mesures.
|
|
Computer networks -- Security measures
|
|
Computer security -- Management
|
|
Electronic data processing departments -- Security measures
|
| Added Author |
Vacca, John R.
|
| Other Form: |
Print version: 9781299808348 |
| ISBN |
1299808344 (electronic bk.) |
|
9781299808348 (electronic bk.) |
|
9780124166882 |
|
0124166881 |
| Standard No. |
DEBBG BV042314344 |
|
DEBSZ 405350392 |
|
NZ1 15197936 |
|
NZ1 15407555 |
|
CHNEW 001011373 |
|
AU@ 000067095354 |
|
