COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
How to Cheat at Managing Information Security - 1st Edition - ISBN: 9781597491105, 9780080508283

How to Cheat at Managing Information Security

1st Edition

Author: Mark Osborne
Paperback ISBN: 9781597491105
eBook ISBN: 9780080508283
Imprint: Syngress
Published Date: 22nd August 2006
Page Count: 352
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Table of Contents

  • Acknowledgments
  • Author Acknowledgements
  • About the Author
  • About Interoute Communications Limited
  • About the Technical Editor
  • How to Use this Book
  • Preface
  • Introduction
  • Chapter 1: The Security Organization
    • Anecdote
    • Introduction
    • Where Should Security Sit? Below the CEO, CTO, or CFO
    • Your Mission: If You Choose to Accept It
    • Role of the Security Function: What’s in a Job?
    • The Hybrid Security Team: Back to Organizational Studies
    • What Makes a Good CISO?
    • Summary
  • Chapter 2: The Information Security Policy
    • Anecdote
    • Introduction
    • Policy, Strategy, and Standards: Business Theory
    • Back to Security
    • The Security Strategy and the Security Planning Process
    • Security Policy Revisited
    • Security Standards Revisited
    • Compliance and Enforcement
    • Summary
  • Chapter 3: Jargon, Principles, and Concepts
    • Anecdote
    • Introduction
    • CIA: Confidentiality, Integrity, and Availability
    • The Vulnerability Cycle
    • Types of Controls
    • Risk Analysis
    • AAA
    • Other Concepts You Need to Know
    • Generic Types of Attack
    • Summary
  • Chapter 4: Information Security Laws and Regulations
    • Anecdote
    • Introduction
    • U.K. Legislation
    • U.S. Legislation
    • Summary
  • Chapter 5: Information Security Standards and Audits
    • Anecdote
    • Introduction
    • ISO/IEC 27001:2005: What Now for BS 7799?
    • PAS 56
    • FIPS 140-2
    • Common Criteria Certification
    • Types of Audit
    • Summary
  • Chapter 6: Interviews, Bosses, and Staff
    • Anecdote
    • Introduction
    • Bosses
    • Worst Employees
    • Summary
  • Chapter 7: Infrastructure Security
    • Anecdote
    • Introduction
    • E-commerce
    • Just Checking
    • Summary
  • Chapter 8: Firewalls
    • Anecdote
    • Introduction
    • Firewall Structure and Design
    • Other Types of Firewalls
    • Commercial Firewalls
    • Summary
  • Chapter 9: Intrusion Detection Systems: Theory
    • Anecdote
    • Introduction
    • Why Bother with an IDS?
    • NIDS in Your Hair
    • For the Technically Minded
    • Summary
  • Chapter 10: Intrusion Detection Systems: In Practice
    • Anecdote
    • Introduction: Tricks, Tips, and Techniques
    • IDS Deployment Methodology
    • Selection
    • Deployment
    • Information Management
    • Incident Response and Crisis Management
    • Test and Tune
    • Summary
  • Chapter 11: Intrusion Prevention and Protection
    • Anecdote
    • Introduction
    • What Is an IPS?
    • Active Response: What Can an IPS Do?
    • A Quick Tour of IPS Implementations
    • Example Deployments
    • Summary
  • Chapter 12: Network Penetration Testing
    • Anecdote
    • Introduction
    • Types of Penetration Testing
    • Network Penetration Testing
    • Controls and the Paperwork You Need
    • What’s the Difference between a Pen Test and Hacking?
    • Summary
  • Chapter 13: Application Security Flaws and Application Testing
    • Anecdote
    • Introduction
    • Configuration Management
    • Unvalidated Input
    • Bad Identity Control
    • Fixing Things
    • For the More Technically Minded
    • Summary
  • Index


This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks.

These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non – technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory.

Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to: • Design the organization chart of his new security organization • Design and implement policies and strategies • Navigate his way through jargon filled meetings • Understand the design flaws of his E-commerce and DMZ infrastructure

Key Features

  • A clearly defined guide to designing the organization chart of a new security organization and how to implement policies and strategies

    * Navigate through jargon filled meetings with this handy aid

    * Provides information on understanding the design flaws of E-commerce and DMZ infrastructure


For managers responsible for IT/Security departments from small office environments up to enterprise networks.


No. of pages:
© Syngress 2006
22nd August 2006
Paperback ISBN:
eBook ISBN:

Ratings and Reviews

About the Author

Mark Osborne

Affiliations and Expertise

Cheif Information Security Officer at Interoute