did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

did-you-know? rent-now

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

9780130619068

Secured Enterprise, The: Protecting Your Information Assets

by ;
  • ISBN13:

    9780130619068

  • ISBN10:

    013061906X

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2002-01-01
  • Publisher: Prentice Hall PTR
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $34.99

Summary

Securing enterprise data and applications has become the critical issue for business decision-makers, especially in an age of impending cyberterrorism. But until now, most guides to information security have been highly technical -- written for programmers and network administrators, not business executives. The Essential Guide to Information Security fills the gap, providing a non-technical, up-to-the-minute briefing on both the "people" and technology issues associated with information security. Proctor and Byrnes begin by introducing the fundamentals of security, briefing decision-makers on the key threats they face, and presenting the basics of an effective security policy. They review each tool and approach available to protect data and applications, including mechanisms for identification, authentication, and access control; firewalls; vulnerability scanners and virus detectors; and intrusion detection systems. The book includes detailed explanations of virtual private networks, Public Key Infrastructure, SSL for e-commerce, single sign-on systems that integrate diverse computing platforms, and security options for wireless communications. The authors offer up-to-the-minute guidance on third-party security products and services, including risk assessment, architectural support, and managed security offerings. The book includes a complete step-by-step guide to establishing an effective security program; and concludes with a look at the legal issues and liabilities associated with Web and e-commerce security.

Author Biography

Paul E. Proctor has worked with the CIA, FBI, and NSA on security issues, and led a study of state-of-the-art intrusion detection methodology for the U.S. government. Currently Senior Vice President for NFR Security, Inc., he has spent his entire career developing information security systems and assisting large enterprises in their deployment F. Christian Byrnes has worked for IBM, Oxford Software Corporation, and META Group

Table of Contents

Foreword xxi
Acknowledgments xxiii
Introduction: How to Read This Book xxv
Part 1 Introduction to Security 1(66)
Introduction to security
3(20)
Objectives of Computer Security
4(5)
Confidentiality
4(2)
Integrity
6(1)
Availability
7(1)
Nonrepudiation
8(1)
Who is Responsible for Security? Why Me?
9(1)
Relative Security
9(2)
Organizing Security: Roles and Responsibilities
11(2)
What Do You Need to Know?
13(1)
The Role of the Business Manager
14(1)
The Need for Policy
15(1)
Enforcement Technology
15(3)
Operations Technology
18(1)
Security Services
19(2)
Summary
21(2)
Threat Briefing
23(16)
CSI/FBI Study
24(2)
Threats
26(10)
Misuse Examples
26(1)
Insider Threats
27(2)
Hacker Threats
29(3)
Social Engineering
32(1)
Network Vulnerabilities
33(1)
Loss of Brand Equity
33(1)
Graffiti (Web Site Defacing)
34(1)
Denial of Service
34(2)
Security and Return on Investment
36(2)
Quantifying Risk
37(1)
Summary
38(1)
Security Policies
39(14)
Nontechnology-Related Security Topics
40(1)
Business Policy
40(1)
Why Are Policies Important?
41(1)
How can One Policy Work for Everyone?
42(2)
Policy Guidance
44(6)
Secure Communications Policy
44(1)
Isolation Infrastructure Policy
45(2)
Identity Infrastructure Policy
47(1)
Permission Infrastructure Policy
48(1)
Configuration Management Policy
48(1)
User Management Policy
49(1)
Threat Management and Monitoring Policy
49(1)
Conformance Monitoring Policy
49(1)
Application Architecture Policy
50(1)
What Does A Security Policy Look Like?
50(1)
How Are Policies Applied and Enforced?
51(1)
Who is Responsible for Security Policies?
51(1)
Summary
51(2)
Authentication, Authorization, Access Control
53(14)
The AAA Disciplines
54(1)
Access Control
54(2)
Authentication/Identification
56(6)
Who Are You Really?
57(5)
Authorization
62(2)
Assembling the Pieces
64(2)
The Ultimate Solution
64(1)
The Real World for the Next New Years
65(1)
Summary
66(1)
Part 2 Security Technologies 67(136)
Firewalls
69(20)
What is A Firewall?
70(1)
Uses for Firewalls
71(2)
Types of Firewalls and How they Operate
73(4)
Network Layer Firewalls
73(2)
Application Layer Firewalls
75(1)
Hybrid Firewalls
76(1)
Working with Firewalls
77(3)
Access Rules
78(2)
Architecting A Firewall Solution
80(3)
Internet Firewalls
80(1)
Extranets
80(1)
The DMZ
80(1)
Firewalls and Dial-Ups
81(1)
High Availability
82(1)
Managing Firewalls
83(4)
Firewalls and Operating Systems
83(2)
Firewall Logging and Reporting
85(2)
Business Application
87(1)
Summary
88(1)
Vulnerability Scanners
89(16)
Your Computers are not Configured Securely
90(4)
Proper Configuration is Difficult
90(1)
Consistency is Hard in Large Enterprises
91(1)
Enterprises Are Living, Breathing, and Changing Things
91(1)
Vendors Delivered Insecure Software to You
91(1)
Keeping Up on Patches and Updates is Very Difficult
92(1)
Poor Administrators Change Things Unintentionally
92(1)
Hackers and Insiders Change Things Intentionally
93(1)
Vulnerability Scanners
94(4)
Network-Based Scanners
95(2)
Host-Based Scanners
97(1)
Port Scanners
97(1)
Commercial Scanner Products
98(1)
Free Vulnerability Scanners
99(3)
Winfingerprint
100(1)
Saint
101(1)
Cerberus Information Scanner
101(1)
Vulnerability Databases
102(1)
Security Process and Procedures for Scanners
102(1)
Summary
103(2)
Virus Detection and Content Filters
105(18)
Viruses
106(9)
The Virus Threat
106(1)
The Wild List
107(1)
How Viruses Work
107(2)
How Viruses Spread
109(1)
The Virus Calendar
110(1)
Virus Mutation
110(1)
Common Virus Types
111(4)
Virus Detection
115(2)
Tips to Protect Against Viruses
115(1)
Enterprise Virus Protection
116(1)
Content Filters
117(4)
How Content Filtering Works
118(2)
Email Content Tracking
120(1)
malicious Code Filters
120(1)
URL Filters
121(1)
Incident Response for Content Filtering
121(1)
Summary
121(2)
Intrusion Detection
123(18)
The Case for Intrusion Detection
124(3)
What is Intrusion Detection?
127(1)
The Most Common Intrusion Detection
127(1)
Network Versus Host-Based Intrusion Detection
128(2)
Anatomy of An Intrusion Detection System
130(3)
Command Console
130(1)
Network Sensor
131(1)
Alert Notification
132(1)
Response Subsystem
132(1)
Database
132(1)
Target Agents
133(1)
Anatomy of An Intrusion Detection Process
133(3)
Intrusion Detection Myths
136(4)
The Network Intrusion Detection Myth
136(1)
The False-Positive Myth
137(1)
The Automated Anomaly Detection Myth
137(2)
The Real-Time Requirement Myth
139(1)
The Automated Response Myth
140(1)
The Artificial Intelligence Myth
140(1)
Summary
140(1)
Public Key Infrastructure and Encryption
141(14)
Encryption Basics
142(7)
Secret Key Encryption
143(2)
Public Key Encryption
145(3)
Key Lengths and Security Strength
148(1)
Public Keys as Infrastructure
149(3)
The Benefits of PKI
151(1)
The Problems of PKI
151(1)
Summary
152(3)
Encrypted Communications
155(12)
What is a Virtual Private Network?
156(7)
A Brief History of VPNs
157(1)
VPN Technology in Business
157(1)
VPN Technology
158(1)
Point-to-Point VPNs
159(1)
Client-to-Server VPNs
160(2)
Application-Level VPNs
162(1)
Secure Sockets Layer
163(2)
SSL Example
164(1)
Secure Shell
165(1)
SSH Example
165(1)
Summary
165(2)
Mobile Workers and Wireless LANs
167(14)
Mobile Users and Security
168(3)
Physical Security Issues in Mobile Computing
170(1)
Wireless Networks
171(5)
Wireless over Long Distances (Miles)
172(2)
Wireless LANs (in the Same Building)
174(1)
Personal LANs (Within 10 Meters)
175(1)
Security in the Wireless World
176(3)
Security in Radiospace
177(1)
Security Your WLAN
177(1)
Security and Bluetooth
178(1)
Cellular Security
178(1)
Wireless and Mobile Computing in the Future
179(1)
Summary
180(1)
Single Signon
181(8)
What is SSO?
182(1)
Why SSO Fails
183(4)
Too Many Account Names
184(1)
Too Many Passwords
185(1)
Frequent Re-Entry
186(1)
Password Resets
186(1)
User Account Management
186(1)
Should Your Organization Address SSO?
187(1)
Summary
188(1)
Digital Signatures and Electronic Commerce
189(14)
E-Commerce
190(1)
Electronic Signatures
191(3)
E-Sign
192(2)
Transactional Security
194(5)
Identrus: A Transactional Security Infrastructure
195(2)
Smart Cards in Electronic Commerce
197(2)
Visa Compliance Standards
199(1)
Summary
200(3)
Part 3 Implementation 203(56)
Establishing a Security Program
205(8)
Step One: Define Responsible Personnel
206(1)
Step Two: Establish Core Processes
207(3)
The Risk Assessment/Data Classification Process
207(1)
The User Administration Process
208(1)
The Policy Definition Process
209(1)
Technical Implementation, Planning, and Design
209(1)
Step Three: Define Requirements
210(1)
Step Four: Communicate!
210(1)
The Awareness Program
210(1)
The Executive Communication Program
211(1)
Step Five: Audit and Monitor
211(1)
Configuration Control and Audit
211(1)
Instruction Monitoring and Vulnerability Scanning
211(1)
Intrusion Response and Forensics
212(1)
Security Performance Reporting
212(1)
Summary
212(1)
Security Assessments
213(14)
What is Assessment?
214(2)
Penetration Testing
216(1)
Vulnerability Assessment
217(2)
Security Posture Review
219(3)
Security Audit
222(1)
Risk Assessment
223(2)
Problems with Quantitative Risk Assessment
224(1)
Summary
225(2)
Managed Security Services
227(10)
What is MSS?
228(1)
The Business Case for Outsourcing
229(1)
How Much Should You Outsource?
230(1)
Security Elements You Can Outsource
231(3)
Perimeter Protection
231(1)
Firewalls
231(1)
Client-Side Firewalls
232(1)
Virus Detection
232(1)
VPNs
232(1)
Vulnerability Assessments/Penetration Testing
232(1)
Web Filtering
233(1)
Intrusion Detection/Monitoring
233(1)
Incident Response
233(1)
Selecting A Managed Security Service Provider
234(1)
Service Offerings
234(1)
Service Level Agreements
234(1)
SOCs
234(1)
History
235(1)
The Growing Market
235(1)
Summary
235(2)
Response and Recovery
237(8)
Incident Response
238(2)
Escalation Procedures
239(1)
Incident Triage
239(1)
Business Continuity
240(1)
Elements of Business Continuity
240(1)
Cert
241(2)
National Coordination CERTs
242(1)
The CERT Inside Your Company
243(1)
Summary
243(2)
Implementing Web and Internet Security
245(14)
Establishing the Policy Base
246(3)
Appropriate Use
246(1)
Privacy
247(1)
Data Location and Protection
247(2)
Application Design
249(2)
Authentication Requirements
249(1)
Authorization and Scalability
249(1)
Secure Code
250(1)
Infrastructure Design
251(4)
The DMZ of the Firewall
251(2)
Server Connectivity
253(1)
Operating System Configuration
254(1)
Security Operations
255(2)
Virus Scanners and Content Filters
255(1)
Vulnerability Scanners
255(1)
Intrusion Detection Tools
256(1)
Change Control Process
256(1)
Operating System Maintenance
257(1)
More Than the Sum of its Parts
257(1)
Summary
257(2)
Part 4 Odds and Ends 259(28)
Legal Issues
261(20)
Introduction
262(1)
Computer Crime Laws
262(2)
Law Enforcement/Criminal Prosecutions
264(1)
Toret Litigation
265(2)
Negligence Litigation
265(1)
Better Technology
265(1)
Corporate Reluctance to Prosecute
266(1)
Attacking Back
267(1)
Liability When Your Network is Used to Attack Others
267(1)
Standard of Due Care
268(1)
Responsibilities
268(1)
Evidentiary Issues
269(5)
Rules of Evidence
269(2)
Accuracy
271(1)
Chain of Custody
272(1)
Transparency
272(1)
Case Study
273(1)
Organizations
274(3)
National White Collar Crime Center
274(1)
National Cybercrime Training Partnership
275(1)
High-Technology Crime Investigators Association
276(1)
Government Regulation of Information Security
277(2)
European Data Privacy Initiatives and U.S. Department of Commerce Safe Harbor
278(1)
The Gramm-Leach-Bliley and Health Insurance Portability and Accountability Acts
279(1)
Government Information Services Reform Act
279(1)
Going Forward
279(1)
Summary
279(1)
Resources
280(1)
Putting it All Together
281(6)
Communication (Again)
282(2)
Understand Your Company's Business
284(1)
Advice on Politics
284(1)
Protect Yourself
284(2)
A Final Word
286(1)
Glossary 287(6)
Index 293

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program