Record:   Prev Next
Author Osborne, Mark
Title How to Cheat at Managing Information Security
Imprint Rockland : Elsevier Science & Technology Books, 2006
©2006
book jacket
Edition 1st ed
Descript 1 online resource (345 pages)
text txt rdacontent
computer c rdamedia
online resource cr rdacarrier
Series How to Cheat Ser
How to Cheat Ser
Note Front Cover -- How to Cheat at Managing Information Security -- Copyright Page -- Contents -- Preface -- Introduction -- Chapter 1. The Security Organization -- Anecdote -- Introduction -- Where Should Security Sit? Below the CEO, CTO, or CFO -- Your Mission: If You Choose to Accept It -- Role of the Security Function: What's in a Job? -- The Hybrid Security Team: Back to Organizational Studies -- What Makes a Good CISO? -- Summary -- Chapter 2. The Information Security Policy -- Anecdote -- Introduction -- Policy, Strategy, and Standards: Business Theory -- Back to Security -- The Security Strategy and the Security Planning Process -- Security Policy Revisited -- Security Standards Revisited -- Compliance and Enforcement -- Summary -- Chapter 3. Jargon, Principles, and Concepts -- Anecdote -- Introduction -- CIA: Confidentiality, Integrity, and Availability -- The Vulnerability Cycle -- Types of Controls -- Risk Analysis -- AAA -- Other Concepts You Need to Know -- Generic Types of Attack -- Summary -- Chapter 4. Information Security Laws and Regulations -- Anecdote -- Introduction -- U.K. Legislation -- U.S. Legislation -- Summary -- Chapter 5. Information Security Standards and Audits -- Anecdote -- Introduction -- ISO/IEC 27001:2005: What Now for BS 7799? -- PAS 56 -- FIPS 140-2 -- Common Criteria Certification -- Types of Audit -- Summary -- Chapter 6. Interviews, Bosses, and Staff -- Anecdote -- Introduction -- Bosses -- Worst Employees -- Summary -- Chapter 7. Infrastructure Security -- Anecdote -- Introduction -- E-commerce -- Just Checking -- Summary -- Chapter 8. Firewalls -- Anecdote -- Introduction -- Firewall Structure and Design -- Other Types of Firewalls -- Commercial Firewalls -- Summary -- Chapter 9. Intrusion Detection Systems: Theory -- Anecdote -- Introduction -- Why Bother with an IDS? -- NIDS in Your Hair
For the Technically Minded -- Summary -- Chapter 10. Intrusion Detection Systems: In Practice -- Anecdote -- Introduction: Tricks, Tips, and Techniques -- IDS Deployment Methodology -- Selection -- Deployment -- Information Management -- Incident Response and Crisis Management -- Test and Tune -- Summary -- Chapter 11. Intrusion Prevention and Protection -- Anecdote -- Introduction -- What Is an IPS? -- Active Response: What Can an IPS Do? -- A Quick Tour of IPS Implementations -- Example Deployments -- Summary -- Chapter 12. Network Penetration Testing -- Anecdote -- Introduction -- Types of Penetration Testing -- Network Penetration Testing -- Controls and the Paperwork You Need -- What's the Difference between a Pen Test and Hacking? -- Summary -- Chapter 13. Application Security Flaws and Application Testing -- Anecdote -- Introduction -- Configuration Management -- Unvalidated Input -- Bad Identity Control -- Fixing Things -- For the More Technically Minded -- Summary -- Index
This is the only book that covers all the topics that any budding security manager needs to know! This book is written for managers responsible for IT/Security departments from mall office environments up to enterprise networks. These individuals do not need to know about every last bit and byte, but they need to have a solid understanding of all major, IT security issues to effectively manage their departments. This book is designed to cover both the basic concepts of security, non - technical principle and practices of security and provides basic information about the technical details of many of the products - real products, not just theory. Written by a well known Chief Information Security Officer, this book gives the information security manager all the working knowledge needed to: Design the organization chart of his new security organization Design and implement policies and strategies Navigate his way through jargon filled meetings Understand the design flaws of his E-commerce and DMZ infrastructure * A clearly defined guide to designing the organization chart of a new security organization and how to implement policies and strategies * Navigate through jargon filled meetings with this handy aid * Provides information on understanding the design flaws of E-commerce and DMZ infrastructure
Description based on publisher supplied metadata and other sources
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2020. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries
Link Print version: Osborne, Mark How to Cheat at Managing Information Security Rockland : Elsevier Science & Technology Books,c2006 9781597491105
Subject Computer networks -- Security measures.;Computer security -- Management
Electronic books
Record:   Prev Next