Defending the Digital Frontier - Mark W. Doll, Jose Granado, Sajay Rai

Blick ins Buch

Defending the Digital Frontier (eBook)

A Security Agenda

Mark W. Doll, Jose Granado, Sajay Rai (Autoren)

eBook Download: PDF

2003 | 1. Auflage
238 Seiten
Wiley (Verlag)
978-0-471-46630-7 (ISBN)

Lese- und Medienproben

Ebook-Leseprobe (PDF)

"e;The charge of securing corporate America falls upon its business leaders. This book, offered by Ernst & Young and written by Mark Doll, Sajay Rai, and Jose Granado, is not only timely, but comprehensive in outlook and broad in scope. It addresses many of the critical security issues facing corporate America today and should be read by responsible senior management."e; --Former Mayor of New York, Rudolph W. Giuliani "e;To achieve the highest possible level of digital security, every member of an organization's management must realize that digital security is 'baked in,' not 'painted on.'"e; --from Defending the Digital Frontier: A Security Agenda Like it or not, every company finds itself a pioneer in the digital frontier. And like all frontiers, this one involves exploration, potentially high returns . . . and high risks. Consider this: According to Computer Economics, the worldwide economic impact of such recent attacks as Nimda, Code Red(s), and Sircam worms totaled $4.4 billion. The "e;Love Bug"e; virus in 2000 inflicted an estimated $8.75 billion in damage worldwide. The combined impact of the Melissa and Explorer attacks was $2.12 billion. Companies were hurt as much in terms of image and public confidence as they were financially. Protecting the "e;digital frontier"e; is perhaps the greatest challenge facing business organizations in this millennium. It is no longer a function of IT technologists; it is a risk management operation requiring sponsorship by management at the highest levels. Written by leading experts at Ernst & Young, Defending the Digital Frontier: A Security Agenda deconstructs digital security for executive management and outlines a clear plan for creating world-class digital security to protect your organization's assets and people. Achieving and defending security at the Digital Frontier requires more than just informed decision-making at the top level. It requires a willingness to change your organization's mindset regarding security. Step by step, Defending the Digital Frontier shows you how to accomplish that. With detailed examples and real-world scenarios, the authors explain how to build-in the six characteristics that a world-class digital security system must possess. You must make your system: * Aligned with the organization's overall objectives. * Enterprise-wide, taking a holistic view of security needs for the entire, extended organization. * Continuous, maintaining constant, real-time monitoring and updating of policies, procedures, and processes. * Proactive to effectively anticipate potential threats. * Validated to confirm that appropriate risk management and mitigation measures are in place. * Formal, so that policies, standards, and guidelines are communicated to every member of the organization. An intrusion is bound to occur to even the most strongly defended systems. Will your organization be prepared to react, or lapse into chaos? Defending the Digital Frontier introduces the Restrict, Run, and Recover(r) model that guides organizations in formulating and implementing a clear, enterprise-wide, Agenda for Action to anticipate, detect, and react effectively to intrusions. You will learn how to roll out an effective Security Awareness and Training Program, establish Incident Response procedures, and set in place Digital Security Teams to control damage and manage risk in even worst-case scenarios. The digital threat knows no borders and honors no limits. But for the prepared organization, tremendous rewards await out on the digital frontier. By strengthening collective digital security knowledge from the top down and developing a rock-solid, comprehensive, on-going security agenda, every organization can build a secure future. Defending the Digital Frontier will get you there.

ERNST & YOUNG is one of the nation's leading professional services firms, providing tax, assurance, and advisory business services to thousands of individuals as well as domestic and global businesses. MARK W. DOLL is a Partner and the Americas Director of Ernst & Young's Security Services. As the Americas Director, Mark is responsible overall for security projects, including security assessments, architecture design, and security implementation as well as business continuity. Mr. Doll is a sought-after speaker on the topic of digital security, and has recently appeared before the House Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection as an expert witness on the subject. SAJAY RAI is a Partner in Ernst & Young's Security Services. He is a Certified Information Systems Security Professional (CISSP) and is a frequent speaker on the topics of security and business continuity. He serves on the advisory board of several organizations. JOSE GRANADO is a Partner in Ernst & Young's Security Services, and Director of the Advanced Security Center focused on attack and penetration services. He is a Certified Information Systems Security Professional (CISSP).

List of Figures and Tables.

Foreword.

Preface.

Acknowledgments.

PART ONE: THE CHALLENGE OF THE FRONTIER.

Chapter 1: The Security Frontier.

Identifying the Security Frontier.

Environment.

Responsibilities.

Priorities.

Challenges at the Frontier.

Threats and Vulnerabilities.

An Attack Scenario.

Chapter 2: Security Characteristics.

Aligned.

Enterprise-Wide.

Continuous.

Proactive.

Validated.

Formal.

Chapter 3: Organizational Components and Security Objectives.

Organizational Components.

People.

Process.

Technology.

Security Objectives.

Confidentiality, Integrity, and Availability.

Access Control.

PART TWO: THE AGENDA FOR ACTION.

Chapter 4: The Security Agenda.

Restrict, Run, and Recover(SM).

Security Agenda Items.

Planning, Architecture, Operations, and Monitoring Capabilities.

Organizational Model.

Capabilities.

Chapter 5: The Three Rs of Digital Security.

Restrict.

Intrusion and Virus Detection.

Incident Response.

Privacy.

Policies, Standards, and Guidelines.

Physical Security.

Run.

Asset and Service Management.

Vulnerability Management.

Entitlement Management.

Recover.

Business Continuity Planning.

PART THREE: THE APPROACH FOR SAFETY.

Chapter 6: The Security Culture.

The Chief Executive as an Agent of Change.

Instill a Heightened Sense of Awareness.

Build a Digital Security Guidance Council.

Establish a Time Table and Monitor Progress.

Roll Out an Enterprise-Wide Security Awareness and Training Program.

Chapter 7: The Risk Frontier.

Modeling and Defining Digital Security Risk.

Low and Slow Scenario: Lessons to Be Learned.

High-Impact Risk Scenario: Lessons to Be Learned.

Containment and Control Scenarios: Lessons to Be Learned.

Approaching Risk Management.

Chapter 8: Road Map for Success.

Positioning the Organization within the Industry.

Resource Allocation.

Insuring against Digital Security Events.

Table-Top Exercises.

The Orbit of Regard.

Appendix A: Security-Related Laws and Regulations.

U.S. Laws.

The USA Patriot Act of 2001.

The Digital Privacy Act of 2000.

The Electronic Communications Privacy Act of 1986, 2000.

The Gramm Leach Bliley (GLB) Act of 1999 (Financial Services Modernization Act).

The Electronic Freedom of Information Act of 1996 161 The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996.

The National Information Infrastructure Protection Act of 1996.

The Computer Security Act of 1987.

The Computer Fraud and Abuse Act of 1986.

The Computer Crime Control Act of 1984.

U.S. Federal Privacy Act of 1974.

U.S. Regulations, Agencies, and Guidelines.

The National Infrastructure Assurance Council (NIAC, 1999).

Federal Guidelines for Searching and Seizing Computers (U.S. Dept. of Justice, 2001).

International Laws, Regulations, and Guidelines Related to Digital Security and Privacy.

Australia.

European Union.

India.

Japan.

Malaysia.

Mauritius.

Philippines.

Poland.

United Kingdom.

Appendix B: Threat Vectors.

2002 Top 10 Digital Security Threat Vectors.

Appendix C: Ernst & Young 2002 Digital Security Overview: An Executive Guide and Diagnostic.

Endnotes.

Glossary of Digital Security Terminology.

Index.

Erscheint lt. Verlag	7.4.2003
Sprache	englisch
Themenwelt	Informatik ► Netzwerke ► Sicherheit / Firewall
	Informatik ► Theorie / Studium ► Kryptologie
	Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management
Schlagworte	Business & Management • Business Technology • Computersicherheit • Informationstechnik • Unternehmenstechnologie • Wirtschaft u. Management
ISBN-10	0-471-46630-1 / 0471466301
ISBN-13	978-0-471-46630-7 / 9780471466307

Haben Sie eine Frage zum Produkt?

PDF (Adobe DRM)
Größe: 2,4 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Print-Ausgabe

Buch | Hardcover

27,93 €