Book description
Managing Information Security offers focused coverage of how to protect mission critical systems, and how to deploy security management systems, IT security, ID management, intrusion detection and prevention systems, computer forensics, network forensics, firewalls, penetration testing, vulnerability assessment, and more. It offers in-depth coverage of the current technology and practice as it relates to information security management solutions. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors’ respective areas of expertise.
- Chapters contributed by leaders in the field covering foundational and practical aspects of information security management, allowing the reader to develop a new level of technical expertise found nowhere else
- Comprehensive coverage by leading experts allows the reader to put current technologies to work
- Presents methods of analysis and problem solving techniques, enhancing the reader’s grasp of the material and ability to implement practical solutions
Table of contents
- Cover image
- Title page
- Table of Contents
- Copyright
- Dedication
- Acknowledgements
- About the Editor
- Contributors
- Introduction
- Chapter 1. Information Security Essentials for IT Managers: Protecting Mission-Critical Systems
- Chapter 2. Security Management Systems
- Chapter 3. Information Technology Security Management
- Chapter 4. Online Identity and User Management Services
-
Chapter 5. Intrusion Prevention and Detection Systems
- 1 What is an ‘Intrusion’ Anyway?
- 2 Physical Theft
- 3 Abuse of Privileges (The Insider Threat)
- 4 Unauthorized Access by Outsider
- 5 Malware Infection
- 6 The Role of the ‘0-Day’
- 7 The Rogue’s Gallery: Attackers and Motives
- 8 A Brief Introduction to TCP/IP
- 9 The TCP/IP Data Architecture and Data Encapsulation
- 10 Survey of Intrusion Detection and Prevention Technologies
- 11 Anti-Malware Software
- 12 Network-Based Intrusion Detection Systems
- 13 Network-Based Intrusion Prevention Systems
- 14 Host-Based Intrusion Prevention Systems
- 15 Security Information Management Systems
- 16 Network Session Analysis
- 17 Digital Forensics
- 18 System Integrity Validation
- 19 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
-
Chapter 6. Firewalls
- 1 Introduction
- 2 Network Firewalls
- 3 Firewall Security Policies
- 4 A Simple Mathematical Model for Policies, Rules, and Packets
- 5 First-Match Firewall Policy Anomalies
- 6 Policy Optimization
- 7 Firewall Types
- 8 Host and Network Firewalls
- 9 Software and Hardware Firewall Implementations
- 10 Choosing the Correct Firewall
- 11 Firewall Placement and Network Topology
- 12 Firewall Installation and Configuration
- 13 Supporting Outgoing Services Through Firewall Configuration
- 14 Secure External Services Provisioning
- 15 Network Firewalls for Voice and Video Applications
- 16 Firewalls and Important Administrative Service Protocols
- 17 Internal IP Services Protection
- 18 Firewall Remote Access Configuration
- 19 Load Balancing and Firewall Arrays
- 20 Highly Available Firewalls
- 21 Firewall Management
- 22 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 7. Penetration Testing
- 1 Introduction
- 2 What is Penetration Testing?
- 3 How Does Penetration Testing Differ from an Actual “Hack?”
- 4 Types of Penetration Testing
- 5 Phases of Penetration Testing
- 6 Defining What’s Expected
- 7 The Need for a Methodology
- 8 Penetration Testing Methodologies
- 9 Methodology in Action
- 10 Penetration Testing Risks
- 11 Liability Issues
- 12 Legal Consequences
- 13 “Get Out of Jail Free” Card
- 14 Penetration Testing Consultants
- 15 Required Skill Sets
- 16 Accomplishments
- 17 Hiring a Penetration Tester
- 18 Why Should a Company Hire You?
- 19 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 8. What is Vulnerability Assessment?
- 1 Introduction
- 2 Reporting
- 3 The “it Won’t Happen to US” Factor
- 4 Why Vulnerability Assessment?
- 5 Penetration Testing Versus Vulnerability Assessment
- 6 Vulnerability Assessment Goal
- 7 Mapping the Network
- 8 Selecting the Right Scanners
- 9 Central Scans Versus Local Scans
- 10 Defense in Depth Strategy
- 11 Vulnerability Assessment Tools
- 12 SARA
- 13 SAINT
- 14 MBSA
- 15 Scanner Performance
- 16 Scan Verification
- 17 Scanning Cornerstones
- 18 Network Scanning Countermeasures
- 19 Vulnerability Disclosure Date
- 20 Proactive Security Versus Reactive Security
- 21 Vulnerability Causes
- 22 Diy Vulnerability Assessment
- 23 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 9. Cyber Forensics
- 1 What is Cyber Forensics?
- 2 Analysis of Data
- 3 Cyber Forensics in the Court System
- 4 Understanding Internet History
- 5 Temporary Restraining Orders and Labor Disputes
- 6 First Principles
- 7 Hacking a Windows XP Password
- 8 Network Analysis
- 9 Cyber Forensics Applied
- 10 Tracking, Inventory, Location of Files, Paperwork, Backups, and so on
- 11 Testifying as an Expert
- 12 Beginning to End in Court
- 13 Summary
- Chapter Review Questions/Exercises
- Exercise
-
Chapter 10. Cyber Forensics and Incident Response
- 1 Introduction to Cyber Forensics
- 2 Handling Preliminary Investigations
- 3 Controlling an Investigation
- 4 Conducting Disk-Based Analysis
- 5 Investigating Information-Hiding Techniques
- 6 Scrutinizing Email
- 7 Validating Email Header Information
- 8 Tracing Internet Access
- 9 Searching Memory in Real Time
- 10 Summary
- Chapter Review Questions/Exercises
- Exercise
- References
- Chapter 11. Network Forensics
- Index
Product information
- Title: Managing Information Security, 2nd Edition
- Author(s):
- Release date: August 2013
- Publisher(s): Syngress
- ISBN: 9780124166943
You might also like
book
Information Security Management Principles - Second edition
Commercial, personal and sensitive information is very hard to keep secure, and technological solutions are not …
book
Information Security Handbook
Implement information security effectively as per your organization's needs. About This Book Learn to build your …
book
Information Security Risk Management for ISO27001/ISO27002
Plan and carry out a risk assessment to protect your business information. In the knowledge economy, …
book
Writing Information Security Policies
Administrators, more technically savvy than their managers, have started to secure the networks in a way …