| Description |
1 online resource (1 volume) : illustrations |
| Series |
The Complete Reference Ser |
|
The Complete Reference Ser
|
| Contents |
Cover -- About the Author -- Title Page -- Copyright Page -- Contents at a Glance -- Contents -- Preface -- Acknowledgments -- Introduction -- Part I: Foundations -- Chapter 1: Information Security Overview -- The Importance of Information Protection -- The Evolution of Information Security -- Justifying Security Investment -- Business Agility -- Cost Reduction -- Portability -- Security Methodology -- How to Build a Security Program -- Authority -- Framework -- Assessment -- Planning -- Action -- Maintenance -- The Impossible Job -- The Weakest Link -- Strategy and Tactics |
|
Business Processes vs. Technical Controls -- Summary -- References -- Chapter 2: Risk Analysis -- Threat Definition -- Threat Vectors -- Threat Sources and Targets -- Types of Attacks -- Malicious Mobile Code -- Advanced Persistent Threats (APTs) -- Manual Attacks -- Risk Analysis -- Summary -- References -- Chapter 3: Compliance with Standards, Regulations, and Laws -- Information Security Standards -- COBIT -- ISO 27000 Series -- NIST -- Regulations Affecting Information Security Professionals -- The Duty of Care -- Gramm-Leach-Bliley Act (GLBA) -- Sarbanes-Oxley Act |
|
HIPAA Privacy and Security Rules -- NERC CIP -- PCI DSS: Payment Card Industry Data Security Standard -- Laws Affecting Information Security Professionals -- Hacking Laws -- Electronic Communication Laws -- Other Substantive Laws -- Summary -- References -- Chapter 4: Secure Design Principles -- The CIA Triad and Other Models -- Confidentiality -- Integrity -- Availability -- Additional Concepts -- Defense Models -- The Lollipop Model -- The Onion Model -- Zones of Trust -- Best Practices for Network Defense -- Secure the Physical Environment -- Harden the Operating System -- Keep Patches Updated |
|
Use an Antivirus Scanner (with Real-Time Scanning) -- Use Firewall Software -- Secure Network Share Permissions -- Use Encryption -- Secure Applications -- Back Up the System -- Implement ARP Poisoning Defenses -- Create a Computer Security Defense Plan -- Summary -- References -- Chapter 5: Security Policies, Standards, Procedures, and Guidelines -- Security Policies -- Security Policy Development -- Security Policy Contributors -- Security Policy Audience -- Policy Categories -- Frameworks -- Security Awareness -- Importance of Security Awareness -- Objectives of an Awareness Program |
|
Increasing Effectiveness -- Implementing the Awareness Program -- Enforcement -- Policy Enforcement for Vendors -- Policy Enforcement for Employees -- Software-Based Enforcement -- Example Security Policy Topics -- Acceptable Use Policies -- Computer Policies -- Network Policies -- Data Privacy Policies -- Data Integrity Policies -- Personnel Management Policies -- Security Management Policies -- Physical Security Policies -- Security Standards -- Security Standard Example -- Security Procedures -- Security Procedure Example -- Security Guidelines -- Security Guideline Example |
| Summary |
Explaining how to build a holistic security program based on proven methodology; risk analysis; compliance; and business needs; this comprehensive book offers vendor-neutral details on all aspects of information protection; with an eye toward the evolving threat landscape. -- Edited summary from book |
| Notes |
Includes index |
| Bibliography |
Includes bibliographical references and index |
| Notes |
English |
|
Online resource; title from title page (viewed August 30, 2013) |
| Subject |
Computer networks -- Security measures.
|
|
Computer security
|
|
Computer Security
|
|
Computer networks -- Security measures
|
|
Computer security
|
| Form |
Electronic book
|
| ISBN |
9780071784368 |
|
0071784365 |
|
