- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Despite all the recent advances in security technologies and a barrage of new products, most organizations are only slightly more secure than they were 4 or 5 years ago. While companies are running to the latest security technology, they are missing the understanding of the whys and hows of security on a macro level. This book bridges that gap. If you work in a medium to large firm and need to develop a comprehensive security plan for your company, you need to understand how these technologies and products fit into the big picture. You need to be able to make decisions about which technologies to select and where/how they should be deployed in a cost efficient manner. The first half of the book breaks down security decisions into a set of simple rules that allow one to analyze a security problem and make decisions in almost any environment. The second half of the book applies the rules to making decisions about a security plan for the entire enterprise covering perimeter/firewall security, application security, system and hardware security as well as on-going security measures such as recurring audits, logging and monitoring, and incident response. Day also includes sections on choosing between open source and proprietary security options; wired, wireless, and VPNs; and an entire section devoted to risk assessment.
Contents
Prologue. Acknowledgments. 1. Introduction. The Security Mind. Where Do We Start? Where Does It End? 2. A New Look at Information Security. Security as an Art Form. What We Know About Security. Understanding the Fear Factor. How to Successfully Implement and Manage Security. 3. The Four Virtues of Security. Introduction to the Virtues. The Virtue of Daily Consideration. The Virtue of Community Effort. The Virtue of Higher Focus. The Virtue of Education. Using These Virtues. 4. The Eight Rules of Security (Components of All Security Decisions). Introduction to the Rules. Rule of Least Privilege. Rule of Change. Rule of Trust. Rule of the Weakest Link. Rule of Separation. Rule of the Three-Fold Process. Rule of Preventative Action (Proactive Security). Rule of Immediate and Proper Response. Incorporating the Rules. 5. Developing a Higher Security Mind. The Art of Higher Security. Thinking in Zones. Creating Chokepoints. Layering Security. Working in Stillness. Understanding Relational Security. Understanding Secretless Security. Dividing Responsibilities. Failing Securely. 6. Making Security Decisions. Using the Rules to Make a Decision. The Decision-Making Process. Example Decision. 7. Know Thy Enemy and Know Thyself. Understanding the Modern Hacker. Where Modern Vulnerabilities Exist. Modern Targets. Modern Exploits. Neglecting the Rules: A Hacker's Tale. Creating Your Own Security Profile. Becoming Invisible to Your Enemies. 8. Practical Security Assessments. The Importance of a Security Audit. Understanding Risks and Threats. The Traditional Security Assessment Model. The Relational Security Assessment Model. Relational Security Assessment Model: Risks. Relational Security Assessment Model: Controls. Relational Security Assessment Model: Tactical Audit Process. Analytical Audit Measures. Additional Audit Considerations. 9. The Security Staff. Building a Successful Security Team. Bringing in Security Consultants. Outsourcing Security Maintenance. 10. Modern Considerations. Using Standard Defenses. Open Source vs. Closed Source Security. Wireless Networks. Encryption. Virtual Private Networking. 11. The Rules in Practice. Practicing the Rules. Perimeter Defenses. Internal Defenses. Physical Defenses. Direct Object Defenses. Outbound Internet Access. Logging and Monitoring. Handling Authentication. 12. Going Forward. The Future of Information Security. Appendix A. Tips on Keeping Up-to-Date. Appendix B. Ideas for Training. Appendix C. Additional Recommended Audit Practices. Appendix D. Recommended Reading. Appendix E. The Hidden Statistics of Information Security. Index.
