The Official HP Guides

Mark L. Chambers has been a technical writer and PC/Mac hardware technician since 1989. Jan S. Smith is a senior communications specialist for the Imaging and Printing Group at Hewlett-Packard Company. In that role, she has produced dozens of award-winning multimedia videos, films, CDs and television programs. Nancy Stevenson has written over thirty books on technology and business topics. She has taught technical writing at the university level, and has been a corporate trainer working with computer learners ranging from beginner to advanced.

Prologue. Acknowledgments. 1. Introduction. The Security Mind. Where Do We Start? Where Does It End? 2. A New Look at Information Security. Security as an Art Form. What We Know About Security. Understanding the Fear Factor. How to Successfully Implement and Manage Security. 3. The Four Virtues of Security. Introduction to the Virtues. The Virtue of Daily Consideration. The Virtue of Community Effort. The Virtue of Higher Focus. The Virtue of Education. Using These Virtues. 4. The Eight Rules of Security (Components of All Security Decisions). Introduction to the Rules. Rule of Least Privilege. Rule of Change. Rule of Trust. Rule of the Weakest Link. Rule of Separation. Rule of the Three-Fold Process. Rule of Preventative Action (Proactive Security). Rule of Immediate and Proper Response. Incorporating the Rules. 5. Developing a Higher Security Mind. The Art of Higher Security. Thinking in Zones. Creating Chokepoints. Layering Security. Working in Stillness. Understanding Relational Security. Understanding Secretless Security. Dividing Responsibilities. Failing Securely. 6. Making Security Decisions. Using the Rules to Make a Decision. The Decision-Making Process. Example Decision. 7. Know Thy Enemy and Know Thyself. Understanding the Modern Hacker. Where Modern Vulnerabilities Exist. Modern Targets. Modern Exploits. Neglecting the Rules: A Hacker's Tale. Creating Your Own Security Profile. Becoming Invisible to Your Enemies. 8. Practical Security Assessments. The Importance of a Security Audit. Understanding Risks and Threats. The Traditional Security Assessment Model. The Relational Security Assessment Model. Relational Security Assessment Model: Risks. Relational Security Assessment Model: Controls. Relational Security Assessment Model: Tactical Audit Process. Analytical Audit Measures. Additional Audit Considerations. 9. The Security Staff. Building a Successful Security Team. Bringing in Security Consultants. Outsourcing Security Maintenance. 10. Modern Considerations. Using Standard Defenses. Open Source vs. Closed Source Security. Wireless Networks. Encryption. Virtual Private Networking. 11. The Rules in Practice. Practicing the Rules. Perimeter Defenses. Internal Defenses. Physical Defenses. Direct Object Defenses. Outbound Internet Access. Logging and Monitoring. Handling Authentication. 12. Going Forward. The Future of Information Security. Appendix A. Tips on Keeping Up-to-Date. Appendix B. Ideas for Training. Appendix C. Additional Recommended Audit Practices. Appendix D. Recommended Reading. Appendix E. The Hidden Statistics of Information Security. Index.