How to Cheat at Managing Information Security - 1st Edition - ISBN: 9781597491105, 9780080508283

How to Cheat at Managing Information Security

1st Edition

Authors: Mark Osborne
eBook ISBN: 9780080508283
Paperback ISBN: 9781597491105
Imprint: Syngress
Published Date: 22nd August 2006
Page Count: 400
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Table of Contents

  • Acknowledgments
  • Author Acknowledgements
  • About the Author
  • About Interoute Communications Limited
  • About the Technical Editor
  • How to Use this Book
  • Preface
  • Introduction
  • Chapter 1: The Security Organization
    • Anecdote
    • Introduction
    • Where Should Security Sit? Below the CEO, CTO, or CFO
    • Your Mission: If You Choose to Accept It
    • Role of the Security Function: What’s in a Job?
    • The Hybrid Security Team: Back to Organizational Studies
    • What Makes a Good CISO?
    • Summary
  • Chapter 2: The Information Security Policy
    • Anecdote
    • Introduction
    • Policy, Strategy, and Standards: Business Theory
    • Back to Security
    • The Security Strategy and the Security Planning Process
    • Security Policy Revisited
    • Security Standards Revisited
    • Compliance and Enforcement
    • Summary
  • Chapter 3: Jargon, Principles, and Concepts
    • Anecdote
    • Introduction
    • CIA: Confidentiality, Integrity, and Availability
    • The Vulnerability Cycle
    • Types of Controls
    • Risk Analysis
    • AAA
    • Other Concepts You Need to Know
    • Generic Types of Attack
    • Summary
  • Chapter 4: Information Security Laws and Regulations
    • Anecdote
    • Introduction
    • U.K. Legislation
    • U.S. Legislation
    • Summary
  • Chapter 5: Information Security Standards and Audits
    • Anecdote
    • Introduction
    • ISO/IEC 27001:2005: What Now for BS 7799?
    • PAS 56
    • FIPS 140-2
    • Common Criteria Certification
    • Types of Audit
    • Summary
  • Chapter 6: Interviews, Bosses, and Staff
    • Anecdote
    • Introduction
    • Bosses
    • Worst Employees
    • Summary
  • Chapter 7: Infrastructure Security
    • Anecdote
    • Introduction
    • E-commerce
    • Just Checking
    • Summary
  • Chapter 8: Firewalls
    • Anecdote
    • Introduction
    • Firewall Structure and Design
    • Other Types of Firewalls
    • Commercial Firewalls
    • Summary
  • Chapter 9: Intrusion Detection Systems: Theory
    • Anecdote
    • Introduction
    • Why Bother with an IDS?
    • NIDS in Your Hair
    • For the Technically Minded
    • Summary
  • Chapter 10: Intrusion Detection Systems: In Practice
    • Anecdote
    • Introduction: Tricks, Tips, and Techniques
    • IDS Deployment Methodology
    • Selection
    • Deployment
    • Information Management
    • Incident Response and Crisis Management
    • Test and Tune
    • Summary
  • Chapter 11: Intrusion Prevention and Protection
    • Anecdote
    • Introduction
    • What Is an IPS?
    • Active Response: What Can an IPS Do?
    • A Quick Tour of IPS Implementations
    • Example Deployments
    • Summary
  • Chapter 12: Network Penetration Testing
    • Anecdote
    • Introduction
    • Types of Penetration Testing
    • Network Penetration Testing
    • Controls and the Paperwork You Need
    • What’s the Difference between a Pen Test and Hacking?
    • Summary
  • Chapter 13: Application Security Flaws and Application Testing
    • Anecdote
    • Introduction
    • Configuration Management
    • Unvalidated Input
    • Bad Identity Control
    • Fixing Things
    • For the More Technically Minded
    • Summary
  • Index


This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks.

These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non – technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory.

Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to: • Design the organization chart of his new security organization • Design and implement policies and strategies • Navigate his way through jargon filled meetings • Understand the design flaws of his E-commerce and DMZ infrastructure

Key Features

  • A clearly defined guide to designing the organization chart of a new security organization and how to implement policies and strategies

  • Navigate through jargon filled meetings with this handy aid

  • Provides information on understanding the design flaws of E-commerce and DMZ infrastructure


For managers responsible for IT/Security departments from small office environments up to enterprise networks.


No. of pages:
© Syngress 2006
eBook ISBN:
Paperback ISBN:

Ratings and Reviews

About the Authors

Mark Osborne Author

Affiliations and Expertise

Cheif Information Security Officer at Interoute