Information Security - Donald Pipkin

Information Security

Protecting the Global Enterprise

(Autor)

Buch | Softcover
400 Seiten
2000
Prentice Hall (Verlag)
978-0-13-017323-2 (ISBN)
55,55 inkl. MwSt
  • Titel ist leider vergriffen;
    keine Neuauflage
  • Artikel merken
PLEASE PROVIDE COURSE INFORMATION

PLEASE PROVIDE
In this book, IT security expert Donald Pipkin addresses every aspect of information security: the business issues, the technical process issues, and the legal issues. Pipkin starts by reviewing the key business issues: estimating the value of information assets, evaluating the cost to the organization if they are lost or disclosed, and determining the appropriate levels of protection and response to security incidents. Next, he walks through the technical processes required to build a consistent, reasonable information security system, with appropriate intrusion detection and reporting features. Finally, Pipkin reviews the legal issues associated with information security, including corporate officers' personal liability for taking care that information is protected. The book's coverage is applicable to businesses of any size, from 50 employees to 50,000 or more, and ideal for everyone who needs at least a basic understanding of information security: network/system administrators, managers, planners, architects, and executives alike.

Donald L. Pipkin is a Security Systems Architect for the Internet Security Division of Hewlett-Packard. Don is a noted security expert with fifteen plus years experience in the industry. He is a frequent speaker on the topic both regionally and internationally. He is also the author of Halting the Hacker: A Practical Guide to Computer Security, a contributing author of Unix Security, and he has written security articles for computer publications such as SysAdmin magazine.

Phase I: Inspection



Defining Resources. Assessing Threats. Evaluating Potential Losses. Identifying Vulnerabilities. Assigning Safeguards. Evaluate Current Status.

1. Resource Inventory.


Identifying Resources. Assigning Ownership. Determining Value. Security Classification.

2. Threat Assessment.


Human Error. Natural Disasters. System Failures. Malicious Acts. Malicious Software. Collateral Damage.

3. Loss Analysis.


Denial of Service. Theft of Resources. Deletion of Information. Theft of Information. Disclosure of Information. Corruption of Information. Theft of Software. Theft of Hardware. Disruption of Computer Controlled Systems.

4. Identifying Vulnerabilities.


Location of Vulnerabilities. Known Vulnerabilities. Security Design Flaw. Innovative Misuses. Incorrect Implementation. Social Engineering.

5. Assigning Safeguards.


Avoidance. Transference. Mitigation. Acceptance.

6. Evaluation of Current Status.


Assessment. Testing. Business Impact Analysis.

Phase II: Protection.



Philosophies. Principles. Policies. Procedures. Practices.

7. Awareness.


Appropriate Use. Awareness Programs. Design Choices. Implementation Options. Lack of Awareness.

8. Access.


Global Access. Access Methods. Access Points as Security Checkpoints. Access Servers. Abuse of Access.

9. Identification.


Enterprise Identification. Issuance of Identifiers. Scope of Use. Administration of Identifiers. Identity Errors.

10. Authentication.


Factors of Authentication. Authentication Models. Authentication Options. Authentication Management. Subverting Authentication.

11. Authorization.


What Authorizations Provide. Granularity of Authorizations. Requirements. Design Choices. Abuse of Authorization.

12. Availability.


Types of Outages. Protecting all Levels. Availability Models. Availability Classifications. Availability Outage.

13. Accuracy.


Information Lifecycle. Information System Accuracy. Methods. Loss of Accuracy.

14. Confidentiality.


Information in the Enterprise. Confidentiality Concerns. Methods of Ensuring Confidentiality. Sensitivity Classifications. Invasion of Privacy.

15. Accountability.


Accountability Models. Accountability Principles. Accounting Events. Accountability System Features Accountability Failures.

16. Administration.


Enterprise Information Security Administration. Administration Process. Areas of Administration. Administration Errors.

Phase III: Detection.



Intruder Types. Intrusion Methods. Detection Methods.

17. Intruder Types.


Outside Intruders. Inside Intruders. Professional Intruder.

18. Intrusion Methods.


Technical Intrusions. Physical Security. Social Engineering.

19. Intrusion Process.


Reconnaissance. Gaining Access. Gaining Authorizations. Achieve Goals.

20. Intrusion Detection Methods.


Profiles. Offline Methods. Online Methods. Human Methods.

Phase IV: Reaction.



Incident Response Philosophies. Incident Response Plan.

21. Response Plan.


Response Procedures. Resources. Legal Review.

22. Incident Determination.


Possible Indicators. Probable Indicators. Definite Indicators. Predefined Situations.

23. Incident Notification.


Internal. Computer Security Incident Organizations. Affected Partners. Law Enforcement. News Media.

24. Incident Containment.


Stopping the Spread. Regain Control.

25. Assessing the Damage.


Determining the Scope of Damage. Determining the Length of the Incident. Determining the Cause. Determining the Responsible Party.

26. Incident Recovery.


Setting Priorities. Repair the Vulnerability. Improve the Safeguard. Update Detection. Restoration of Data. Restoration of Services. Monitor for Additional Signs of Attack. Restoration of Confidence.

27. Automated Response.


Automated Defenses. Gathering Counterintelligence. Counterstrike.

Phase V: Reflection.



Postmortem Documentation. Process Management. External Follow-up.

28. Incident Documentation.


Incident Source Information. Incident Timeline. Technical Summary. Executive Summary.

29. Incident Evaluation.


Identify Processes for Improvement. Process Improvement.

30. Public Relations.


The Right People. The Right Time. The Right Message. The Right Forum. The Right Attitude.

31. Legal Prosecution.


Computer Crime Laws. Jurisdiction. Collection of Evidence. Successful Prosecution.

Epilogue: The Future of Business.


A World without Borders. Service-based Architecture. Basic Business Principles. Pervasive Security.

Erscheint lt. Verlag 23.5.2000
Verlagsort Upper Saddle River
Sprache englisch
Maße 234 x 177 mm
Gewicht 608 g
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Informatik Theorie / Studium Kryptologie
ISBN-10 0-13-017323-1 / 0130173231
ISBN-13 978-0-13-017323-2 / 9780130173232
Zustand Neuware
Haben Sie eine Frage zum Produkt?
Mehr entdecken
aus dem Bereich
Das Lehrbuch für Konzepte, Prinzipien, Mechanismen, Architekturen und …

von Norbert Pohlmann

Buch | Softcover (2022)
Springer Vieweg (Verlag)
34,99

von Chaos Computer Club

Buch | Softcover (2024)
KATAPULT Verlag
28,00