| Description |
1 online resource |
| Series |
Computer science, technology and applications |
|
Computer science, technology and applications.
|
| Contents |
ADVANCES IN SECURITY INFORMATION MANAGEMENT ; ADVANCES IN SECURITY INFORMATION MANAGEMENT ; CONTENTS ; PREFACE ; SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEMS ... A NEED IN THE REAL WORLD; Abstract; 1. Introduction; 2. Security Evolution; 2.1. Attack Evolution; 2.2.Compliance; 3. Traditional Incident Handling Strategies; 3.1. Passive Tools; 3.1.1. IDS; 3.1.2. Operating System (OS) Detection; 3.1.3. User Identi cation; 3.2. Active Tools; 3.2.1. Firewalls; 3.2.2. Intrusion Prevention Systems; 3.2.3. Web Content Filtering; 3.2.4. Anti-Virus; 3.2.5. Web Application Firewalls |
|
3.2.6. Data or Information Leakage Prevention3.3. Proactive Tools; 3.3.1. Vulnerability Assessment; 3.3.2. Exploit Tools and Penetration Testing; 3.4. Attacking Tools; 4. Deployment and Use ofSecurity Tools; 4.1. Proper Deployment; 4.1.1. Input for the Tools; 4.1.2.Network Access Requirements; 4.2. Log Analysis; 5. Dealing with Information Overload; 5.1. Log Correlation Basis; 5.2. Actionable Data; 5.2.1. Individual High Value True Positives Pre-SIEM; 5.2.2. SIEM Correlated True Positives; 5.2.3. Dealing with False Positives; 5.2.4. Evaluating Effectiveness: Results and Stats from SIEM; 6. AccomplishingSIEM |
|
6.1.Company Rules6.2. Management Buy-In; 6.3. Requirements and Testing; 7. SIEM Speci c Requirements; 7.1. Dealing with Standard Logs; 7.1.1. Logs need to be correctly interpreted by SIEM; 7.1.2. Support; 7.2. SIEM Defaults: Rules and Parsers; 7.3. Customization; 7.3.1. Incidents; 7.3.2. Events; 7.3.3. Fixed Hardware and Software Architectures; 7.4. Physical and Logical Implementation; 7.5. Training; 8. Role Speci c Importance; 8.1. Managed Security Services; 8.1.1. Outsourced Security Management; 8.1.2. In-House Security Management; 8.2. Incident Handlers and Analysts; 8.2.1. Tracking and Reporting |
|
8.2.2. Analysts8.2.3. Incident Response; 9. Conclusion; References; SECURITY INFORMATION AND VULNERABILITY MANAGEMENT; Abstract; 1. Introduction; 2. Software Vulnerability Evaluation; 2.1. Security Risk Evaluation; 2.2. Vulnerability Monitoring; 2.3. Perimeter Security Traf c and Risk Monitoring; 2.4. Vulnerability Recovery; 3. Security Information and Event Management; 3.1. Log information quality; 3.2. Reliable sources of security advisories; 3.3. Accurac yof the asset inventory; 3.4. Vulnerability assessment; 3.5. Firewall change management; 4. Building blocks; 4.1. Building connector |
|
4.2. Building collector4.3. Adaptive ltering and correlation; 4.4. Correlation capability; 4.5. Correlation scenario; 5. Conclusion; A Advisory Information; A1. Secunia Sample Report; A2. Oval Sample Report; B Generic Advisory Report Taxonomy; B1. Asset Sample Report; B2. Vulnerability Scan Sample Report; B3. Application Log Sample Report; B4. Firewall Sample Report; References; TOWARD A MULTISTAGE ATTACK DETECTION FRAMEWORK; Abstract; 1. Introduction; 2. Attack Scenarios; 2.1. Analysis Methodology; 2.2. Scenario Alpha; 2.2.1. General Statistics; 2.2.2. Summary of Conversations; 2.2.3. In-depth Analysis |
| Bibliography |
Includes bibliographical references and index |
| Notes |
English |
|
Description based on print version record and CIP data provided by publisher |
| Subject |
Computer security -- Management
|
|
Data protection.
|
|
COMPUTERS -- Internet -- Security.
|
|
COMPUTERS -- Networking -- Security.
|
|
COMPUTERS -- Security -- General.
|
|
Computer security -- Management
|
|
Data protection
|
| Form |
Electronic book
|
| Author |
Suárez de Tangil, Guillermo
|
|
Palomar, Esther
|
| LC no. |
2020677486 |
| ISBN |
9781624172212 |
|
1624172210 |
|
