Securing Business Information
Addison Wesley (Verlag)
978-0-201-76735-3 (ISBN)
- Titel ist leider vergriffen;
keine Neuauflage - Artikel merken
Securing Business Information addresses one of today's most critical IT challenges: keeping enterprise data secure in a widely distributed, Internet-centric environment. Drawing upon advanced research and consulting at META Group, it introduces a comprehensive, six-part process for implementing the highest practical level of information security throughout the enterprise. The authors cover every step involved in maximizing information security. Begin by preparing the enterprise for a major security initiative, identifying appropriate roles for each staff member, and effectively marketing security within the enterprise. Learn how to organize "security domains," assess tolerable levels of risk for each, complete baseline security analyses, derive guiding policies based on what you've learned, and implement the improvements you've identified. Coverage also includes: evaluating the enforcement of existing security policies, identifying gaps, and setting priorities for remediation. Part of the Intel Press IT Best Practices Series, focused on identifying and sharing best-practice strategies for delivering Internet-based solutions that meet key business challenges.
For every IT executive, manager, administrator and professional concerned with enterprise information security.
F. CHRISTIAN BYRNES leads Meta Group's security coverage. He is the author of Security in Enterprise Computing: A Practical Guide. In recognition of his expertise in intellectual property concerns, he was appointed to the US Congress advisory committee that produced an extensive report to guide congress in planning future laws. Mr. Byrnes was CEO at Centrax Corporation, a security software vendor acquired by CyberSafe. Dale Kutnick is the cofounder, CEO, and chairman of the board of META group, overseeing all of the company¿s research and analytical activities. Prior to cofounding META Group in 1989, Mr. Kutnick was executive vice president of research at Gartner Group. Previously, he was executive director and a principal at Yankee Group, and a principal at Battery Ventures, a venture capital firm. 020176735XAB05062002
Preface.
1. Prepare the Enterprise for Security.
The Enterprise Security Charter.
Building the Security Organization.
Security Leadership.
Security Management.
Security Administration.
Resource Ownership.
Where Security Reports.
Building Security Job Descriptions.
Centralizing and Decentralizing Security Functions.
Marketing the Mission within the Enterprise.
Developing a Security Marketing Program.
Marketing Upward.
Marketing Outward.
2. Organize Security by Resource and Domains31
Identifying Resources31
Existing Sources of Resource Identification.
Levels of Information Hierarchy.
Complexity of Classification Schemes.
External Requirements.
Selecting Appropriate Security Levels.
Grouping Resources into Security Domains.
ESP Domain Schemes.
Merging the Domain Schemes.
An Example of Need-based Divisions.
Documenting the Rules for Domain Designation.
3. Complete the Baseline Security Analysis.
Choosing a Policy Model.
Formal Security Policies.
Identity-based Policies.
Role-based Policies54
Researching Existing Policies.
Conducting a Policy Audit.
Finding Documented Policies.
Finding Undocumented Policies.
Creating the Functional Assessment of Security.
Reducing the Scope of the Projects.
4. Complete the Requirements.
Identifying Security Requirements.
Selecting the Sources of Information.
Collecting Information.
Developing Requirements.
Categories of Requirements.
Determining Business Requirements.
Determining Data Management Requirements.
Determining Application Requirements.
Determining Infrastructure Requirements.
Trust Modeling.
Point 1: Establishing Trust Concepts.
Point 2: Applying Trust Concepts.
Point 3: Achieving Trust-based Requirements.
Patterns for Adaptive Infrastructure.
5. Identify Gaps and Prioritize Needs.
Analyzing Gaps.
Assessing Risk.
Analyzing Costs and Benefits.
Assessing Culture.
Prioritizing Projects.
6. Selecting and Planning the Projects.
Determining the Security Strategy.
Shortening the List of Projects.
Selecting Projects.
Reordering Priorities by Duration.
Determining Required Resources.
Planning the Projects.
Sourcing the Projects.
Selecting the Security Products.
Marketing the Projects.
Product Packaging.
Upward Marketing.
Outward Marketing.
What Is Next?
7. Modifying ESP.
Modifying the Baseline Steps.
Pass 1.
Pass 2.
Pass 3.
Pass 4.
Integrating ESP into the Ongoing Security Program.
8. Formulating a Technology Strategy.
Analyzing Technology Maturation.
Projecting Demand Curves.
Assessing Adoption Probability.
9. Security Technologies.
Enforcement Security Technologies.
Identification.
Authentication.
Authorization.
Access Control.
Support Security Technologies.
Auditing.
Administration.
Technology Integration.
10. Two Case Histories.
Meet Y Company.
Step 1. Prepare the Enterprise for Security.
Step 2. Organize Security by Resources and Domains.
Step 3. Complete the Baseline Security Analysis1 57
Step 4. Complete Requirements.
Step 5. Identify Gaps and Prioritize Needs.
Meet Z Company: A Federated Model.
Step 1. Prepare the Enterprise for Security.
Step 2. Organize Security by Resources and Domains.
Step 3. Complete the Baseline Security Analysis.
Step 4. Complete Requirements.
Step 5. Identifying Gaps and Prioritizing Needs.
11. Security Follow-Up Projects.
Y Company.
Marketing Program.
General Policy Revision and Domain Perimeter Repair.
Security Technology Improvements and Administration Policy Changes.
Considerations.
Z Company.
Establishing Minimum Security Criteria.
Policy Structure Creation.
Backbone Access Control.
12. Single-Point Administration through Role-based Authorization.
Single-Point Administration through Role-based Authorization.
Why Single-Point Administration Is Needed.
Role-based Authorization.
13. Single Sign-On.
The Security Fabric: Integrating the Tiers.
SSO Terminology.
Identification.
Strong Authentication and Authorization Management.
Product Architectures.
Script-based SSO Tools.
Broker-based SSO Tools.
How to Succeed at SSO.
Installability and Scalability.
SSO Planning Projects.
Evaluation Criteria for SSO Products.
Checklist of questions to ask in evaluating SSO products.
Appendix A: Sample Request For Proposal.
Request for Proposal.
Implementation of Secure Single Sign-On and Single-Point Administration.
I. Overview.
II. Environment.
Configuration.
III. Vendor Instructions.
IV. Requirements.
V. Implementation.
VI. Contract Terms.
VII. Vendor Financial Proposal.
Appendix B: Further Reading.
Glossary.
Index. 020176735XT01242002
| Erscheint lt. Verlag | 8.2.2002 |
|---|---|
| Verlagsort | Boston |
| Sprache | englisch |
| Maße | 192 x 243 mm |
| Gewicht | 599 g |
| Themenwelt | Informatik ► Theorie / Studium ► Kryptologie |
| Mathematik / Informatik ► Mathematik ► Finanz- / Wirtschaftsmathematik | |
| Wirtschaft ► Betriebswirtschaft / Management ► Unternehmensführung / Management | |
| ISBN-10 | 0-201-76735-X / 020176735X |
| ISBN-13 | 978-0-201-76735-3 / 9780201767353 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
