Save up to 30% on Elsevier print and eBooks with free shipping. No promo code needed.
Save up to 30% on print and eBooks.
How to Cheat at Managing Information Security
1st Edition - August 22, 2006
Author: Mark Osborne
Language: English
eBook ISBN:9780080508283
9 7 8 - 0 - 0 8 - 0 5 0 8 2 8 - 3
This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from…Read more
Purchase options
LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks.
These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non – technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory.
Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to: • Design the organization chart of his new security organization • Design and implement policies and strategies • Navigate his way through jargon filled meetings • Understand the design flaws of his E-commerce and DMZ infrastructure
* A clearly defined guide to designing the organization chart of a new security organization and how to implement policies and strategies
* Navigate through jargon filled meetings with this handy aid
* Provides information on understanding the design flaws of E-commerce and DMZ infrastructure
For managers responsible for IT/Security departments from small office environments up to enterprise networks.
Acknowledgments
Author Acknowledgements
About the Author
About Interoute Communications Limited
About the Technical Editor
How to Use this Book
Preface
Introduction
Chapter 1: The Security Organization
Anecdote
Introduction
Where Should Security Sit? Below the CEO, CTO, or CFO
Your Mission: If You Choose to Accept It
Role of the Security Function: What’s in a Job?
The Hybrid Security Team: Back to Organizational Studies
What Makes a Good CISO?
Summary
Chapter 2: The Information Security Policy
Anecdote
Introduction
Policy, Strategy, and Standards: Business Theory
Back to Security
The Security Strategy and the Security Planning Process
Security Policy Revisited
Security Standards Revisited
Compliance and Enforcement
Summary
Chapter 3: Jargon, Principles, and Concepts
Anecdote
Introduction
CIA: Confidentiality, Integrity, and Availability
The Vulnerability Cycle
Types of Controls
Risk Analysis
AAA
Other Concepts You Need to Know
Generic Types of Attack
Summary
Chapter 4: Information Security Laws and Regulations
Anecdote
Introduction
U.K. Legislation
U.S. Legislation
Summary
Chapter 5: Information Security Standards and Audits
Anecdote
Introduction
ISO/IEC 27001:2005: What Now for BS 7799?
PAS 56
FIPS 140-2
Common Criteria Certification
Types of Audit
Summary
Chapter 6: Interviews, Bosses, and Staff
Anecdote
Introduction
Bosses
Worst Employees
Summary
Chapter 7: Infrastructure Security
Anecdote
Introduction
E-commerce
Just Checking
Summary
Chapter 8: Firewalls
Anecdote
Introduction
Firewall Structure and Design
Other Types of Firewalls
Commercial Firewalls
Summary
Chapter 9: Intrusion Detection Systems: Theory
Anecdote
Introduction
Why Bother with an IDS?
NIDS in Your Hair
For the Technically Minded
Summary
Chapter 10: Intrusion Detection Systems: In Practice
Anecdote
Introduction: Tricks, Tips, and Techniques
IDS Deployment Methodology
Selection
Deployment
Information Management
Incident Response and Crisis Management
Test and Tune
Summary
Chapter 11: Intrusion Prevention and Protection
Anecdote
Introduction
What Is an IPS?
Active Response: What Can an IPS Do?
A Quick Tour of IPS Implementations
Example Deployments
Summary
Chapter 12: Network Penetration Testing
Anecdote
Introduction
Types of Penetration Testing
Network Penetration Testing
Controls and the Paperwork You Need
What’s the Difference between a Pen Test and Hacking?
Summary
Chapter 13: Application Security Flaws and Application Testing
Anecdote
Introduction
Configuration Management
Unvalidated Input
Bad Identity Control
Fixing Things
For the More Technically Minded
Summary
Index
No. of pages: 400
Language: English
Edition: 1
Published: August 22, 2006
Imprint: Syngress
eBook ISBN: 9780080508283
MO
Mark Osborne
Affiliations and expertise
Cheif Information Security Officer at Interoute
Read How to Cheat at Managing Information Security on ScienceDirect