book

Managing Information Security, 2nd Edition

Name: Managing Information Security, 2nd Edition
Author: John R. Vacca
ISBN: 9780124166943

by John R. Vacca

August 2013

Intermediate to advanced

372 pages

12h 9m

English

Syngress

Read now

Unlock full access

Cover image
Title page
Table of Contents
Copyright
Dedication
Acknowledgements
About the Editor
Contributors
Introduction
Organization of this Book
Chapter 1. Information Security Essentials for IT Managers: Protecting Mission-Critical Systems
1 Information Security Essentials for it Managers, Overview2 Protecting Mission-Critical Systems3 Information Security from the Ground Up4 Security Monitoring and Effectiveness5 SummaryChapter Review Questions/ExercisesExercise

Chapter 2. Security Management Systems
1 Security Management System Standards2 Training Requirements3 Principles of Information Security4 Roles and Responsibilities of Personnel5 Security Policies6 Security Controls7 Network Access8 Risk Assessment9 Incident Response10 SummaryChapter Review Questions/ExercisesExercise
Chapter 3. Information Technology Security Management
1 Information Security Management Standards2 Other Organizations Involved in Standards3 Information Technology Security Aspects4 SummaryChapter Review Questions/ExercisesExercise
Chapter 4. Online Identity and User Management Services
1 Introduction2 Evolution of Identity Management Requirements3 The Requirements Fulfilled by Identity Management Technologies4 Identity Management 1.05 Social Login and User Management6 Identity 2.0 for Mobile Users7 SummaryChapter Review Questions/ExercisesExerciseReferences
Chapter 5. Intrusion Prevention and Detection Systems
1 What is an ‘Intrusion’ Anyway?2 Physical Theft3 Abuse of Privileges (The Insider Threat)4 Unauthorized Access by Outsider5 Malware Infection6 The Role of the ‘0-Day’7 The Rogue’s Gallery: Attackers and Motives8 A Brief Introduction to TCP/IP9 The TCP/IP Data Architecture and Data Encapsulation10 Survey of Intrusion Detection and Prevention Technologies11 Anti-Malware Software12 Network-Based Intrusion Detection Systems13 Network-Based Intrusion Prevention Systems14 Host-Based Intrusion Prevention Systems15 Security Information Management Systems16 Network Session Analysis17 Digital Forensics18 System Integrity Validation19 SummaryChapter Review Questions/ExercisesExerciseReferences
Chapter 6. Firewalls
1 Introduction2 Network Firewalls3 Firewall Security Policies4 A Simple Mathematical Model for Policies, Rules, and Packets5 First-Match Firewall Policy Anomalies6 Policy Optimization7 Firewall Types8 Host and Network Firewalls9 Software and Hardware Firewall Implementations10 Choosing the Correct Firewall11 Firewall Placement and Network Topology12 Firewall Installation and Configuration13 Supporting Outgoing Services Through Firewall Configuration14 Secure External Services Provisioning15 Network Firewalls for Voice and Video Applications16 Firewalls and Important Administrative Service Protocols17 Internal IP Services Protection18 Firewall Remote Access Configuration19 Load Balancing and Firewall Arrays20 Highly Available Firewalls21 Firewall Management22 SummaryChapter Review Questions/ExercisesExercise
Chapter 7. Penetration Testing
1 Introduction2 What is Penetration Testing?3 How Does Penetration Testing Differ from an Actual “Hack?”4 Types of Penetration Testing5 Phases of Penetration Testing6 Defining What’s Expected7 The Need for a Methodology8 Penetration Testing Methodologies9 Methodology in Action10 Penetration Testing Risks11 Liability Issues12 Legal Consequences13 “Get Out of Jail Free” Card14 Penetration Testing Consultants15 Required Skill Sets16 Accomplishments17 Hiring a Penetration Tester18 Why Should a Company Hire You?19 SummaryChapter Review Questions/ExercisesExercise
Chapter 8. What is Vulnerability Assessment?
1 Introduction2 Reporting3 The “it Won’t Happen to US” Factor4 Why Vulnerability Assessment?5 Penetration Testing Versus Vulnerability Assessment6 Vulnerability Assessment Goal7 Mapping the Network8 Selecting the Right Scanners9 Central Scans Versus Local Scans10 Defense in Depth Strategy11 Vulnerability Assessment Tools12 SARA13 SAINT14 MBSA15 Scanner Performance16 Scan Verification17 Scanning Cornerstones18 Network Scanning Countermeasures19 Vulnerability Disclosure Date20 Proactive Security Versus Reactive Security21 Vulnerability Causes22 Diy Vulnerability Assessment23 SummaryChapter Review Questions/ExercisesExercise
Chapter 9. Cyber Forensics
1 What is Cyber Forensics?2 Analysis of Data3 Cyber Forensics in the Court System4 Understanding Internet History5 Temporary Restraining Orders and Labor Disputes6 First Principles7 Hacking a Windows XP Password8 Network Analysis9 Cyber Forensics Applied10 Tracking, Inventory, Location of Files, Paperwork, Backups, and so on11 Testifying as an Expert12 Beginning to End in Court13 SummaryChapter Review Questions/ExercisesExercise
Chapter 10. Cyber Forensics and Incident Response
1 Introduction to Cyber Forensics2 Handling Preliminary Investigations3 Controlling an Investigation4 Conducting Disk-Based Analysis5 Investigating Information-Hiding Techniques6 Scrutinizing Email7 Validating Email Header Information8 Tracing Internet Access9 Searching Memory in Real Time10 SummaryChapter Review Questions/ExercisesExerciseReferences
Chapter 11. Network Forensics
1 Scientific Overview2 The Principles of Network Forensics3 Attack Traceback and Attribution4 Critical Needs Analysis5 Research Directions6 SummaryChapter Review Questions/ExercisesExercise
Index

Content preview from Managing Information Security, 2nd Edition

Chapter 3

Information Technology Security Management

Rahul Bhaskar and Bhushan Kapoor, California State University

Information technology security management can be defined as processes that supported enabling organizational structure and technology to protect an organization’s IT operations and assets against internal and external threats, intentional or otherwise. The principle purpose of IT security management is to ensure confidentiality, integrity, and availability (CIA) of IT systems. Fundamentally, security management is a part of the risk management process and business continuity strategy in an organization.

Keywords

information technology; information security management; international standards; security policies; procedures; ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

The Basics of Information Security, 2nd Edition

Publisher Resources

ISBN: 9780124166882

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Managing Information Security, 2nd Edition

by John R. Vacca