LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code is needed.
Save up to 30% on Elsevier print and eBooks with free shipping. No promo code needed.
Save up to 30% on print and eBooks.
How to Cheat at Managing Information Security
- 1st Edition - August 22, 2006
- Author: Mark Osborne
- Language: English
- eBook ISBN:9 7 8 - 0 - 0 8 - 0 5 0 8 2 8 - 3
This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteThis is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks.
These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non – technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory.
Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to: • Design the organization chart of his new security organization • Design and implement policies and strategies • Navigate his way through jargon filled meetings • Understand the design flaws of his E-commerce and DMZ infrastructure
These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non – technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory.
Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to: • Design the organization chart of his new security organization • Design and implement policies and strategies • Navigate his way through jargon filled meetings • Understand the design flaws of his E-commerce and DMZ infrastructure
* A clearly defined guide to designing the organization chart of a new security organization and how to implement policies and strategies
* Navigate through jargon filled meetings with this handy aid
* Provides information on understanding the design flaws of E-commerce and DMZ infrastructure
* Navigate through jargon filled meetings with this handy aid
* Provides information on understanding the design flaws of E-commerce and DMZ infrastructure
For managers responsible for IT/Security departments from small office environments up to enterprise networks.
- Acknowledgments
- Author Acknowledgements
- About the Author
- About Interoute Communications Limited
- About the Technical Editor
- How to Use this Book
- Preface
- Introduction
- Chapter 1: The Security Organization
- Anecdote
- Introduction
- Where Should Security Sit? Below the CEO, CTO, or CFO
- Your Mission: If You Choose to Accept It
- Role of the Security Function: What’s in a Job?
- The Hybrid Security Team: Back to Organizational Studies
- What Makes a Good CISO?
- Summary
- Chapter 2: The Information Security Policy
- Anecdote
- Introduction
- Policy, Strategy, and Standards: Business Theory
- Back to Security
- The Security Strategy and the Security Planning Process
- Security Policy Revisited
- Security Standards Revisited
- Compliance and Enforcement
- Summary
- Chapter 3: Jargon, Principles, and Concepts
- Anecdote
- Introduction
- CIA: Confidentiality, Integrity, and Availability
- The Vulnerability Cycle
- Types of Controls
- Risk Analysis
- AAA
- Other Concepts You Need to Know
- Generic Types of Attack
- Summary
- Chapter 4: Information Security Laws and Regulations
- Anecdote
- Introduction
- U.K. Legislation
- U.S. Legislation
- Summary
- Chapter 5: Information Security Standards and Audits
- Anecdote
- Introduction
- ISO/IEC 27001:2005: What Now for BS 7799?
- PAS 56
- FIPS 140-2
- Common Criteria Certification
- Types of Audit
- Summary
- Chapter 6: Interviews, Bosses, and Staff
- Anecdote
- Introduction
- Bosses
- Worst Employees
- Summary
- Chapter 7: Infrastructure Security
- Anecdote
- Introduction
- E-commerce
- Just Checking
- Summary
- Chapter 8: Firewalls
- Anecdote
- Introduction
- Firewall Structure and Design
- Other Types of Firewalls
- Commercial Firewalls
- Summary
- Chapter 9: Intrusion Detection Systems: Theory
- Anecdote
- Introduction
- Why Bother with an IDS?
- NIDS in Your Hair
- For the Technically Minded
- Summary
- Chapter 10: Intrusion Detection Systems: In Practice
- Anecdote
- Introduction: Tricks, Tips, and Techniques
- IDS Deployment Methodology
- Selection
- Deployment
- Information Management
- Incident Response and Crisis Management
- Test and Tune
- Summary
- Chapter 11: Intrusion Prevention and Protection
- Anecdote
- Introduction
- What Is an IPS?
- Active Response: What Can an IPS Do?
- A Quick Tour of IPS Implementations
- Example Deployments
- Summary
- Chapter 12: Network Penetration Testing
- Anecdote
- Introduction
- Types of Penetration Testing
- Network Penetration Testing
- Controls and the Paperwork You Need
- What’s the Difference between a Pen Test and Hacking?
- Summary
- Chapter 13: Application Security Flaws and Application Testing
- Anecdote
- Introduction
- Configuration Management
- Unvalidated Input
- Bad Identity Control
- Fixing Things
- For the More Technically Minded
- Summary
- Index
- No. of pages: 400
- Language: English
- Edition: 1
- Published: August 22, 2006
- Imprint: Syngress
- eBook ISBN: 9780080508283
MO
Mark Osborne
Affiliations and expertise
Cheif Information Security Officer at InterouteRead How to Cheat at Managing Information Security on ScienceDirect