To search this page, use Edit > Find / Replace in the toolbar or Control-F.
Articles on Information Security
 |
The movement toward miniaturized and mobile computing has created more opportunity for cyber thieves. To respond
effectively, IT security professionals need a resource that combines the understanding of investigative techniques
with the technical knowledge of cyberspace. The second edition of the
Cyber Crime Investigator's Field Guide provides an investigative framework, demonstrates the knowledge of how
cyberspace really works, and explains the tools needed to pursue cyber criminals. This volume covers the entire
investigative process, from what to do upon arrival at the scene through the completion of the investigation,
including exploration of the chain of custody.
Intellectual property owners who exploit new ways of reproducing, distributing, and marketing their creations
digitally must also protect them from piracy.
Multimedia Security Handbook addresses multiple issues related to the protection of digital media, including audio, image, and video content. This volume examines leading-edge multimedia security concepts including protection architectures, encryption, watermarking, fingerprinting, authentication, and various applications. The Handbook offers comprehensive reference material on advanced topics in the field. It delivers invaluable insight for researchers, practitioners, and engineers involved in designing and developing systems that protect digital multimedia content.
| 
Curing the Patch Management Headache responds to this demand by tying together all aspects of the
subject into one easy-to-understand format that is applicable regardless of the operating system, network device, or
patch deployment tool. This volume provides CxOs, IT directors and managers with the support and guidance
that they need to integrate an effective patch management process into their environments. It emphasizes the
importance of patch management and explains why having organizational support for the process drives successful
implementation. The book details how patches should be implemented on devices and systems within an infrastructure,
and how to distribute them in a timely manner.
| 
Information Security Fundamentals allows future (and present!) security professionals to gain a
solid understanding of the foundations of the field and the entire range of issues that practitioners must address.
This book enables students to understand the key elements that comprise a successful information security program
and eventually apply these concepts into their own efforts. The book examines the elements of computer security,
employee roles and responsibilities, and common threats. It examines the need for management controls, policies
and procedures, and risk analysis, and also presents a comprehensive list of tasks and objectives that make up a
typical information protection program.
| 
A Practical Guide to Security Assessments
is a process-focused approach that presents a structured methodology for
conducting assessments. The key element of the methodology is an understanding of business goals and processes, and
how security measures are aligned with business risks. The guide also emphasizes that resulting security recommendations
should be cost-effective and commensurate with the security risk. The methodology described serves as a foundation for
building and maintaining an information security program. In addition to the methodology, the book includes an Appendix
that contains questionnaires that can be modified and used to conduct security assessments.
| 
The Ethical Hack: A Framework for Business Value Penetration Testing
explains the methodologies, framework, and "unwritten conventions" that ethical hacks should employ to provide
the maximum value to organizations that want to harden their security. This book is unique in that it goes beyond
the technical aspects of penetration testing to address the processes and rules of engagement required for
successful tests. It examines testing from a strategic perspective, shedding light on how testing ramifications
affect an entire organization. |
Assessing and Managing Security Risk in IT Systems: A Structured Methodology pushes back the advance of security-as-art and supplant it with a structured methodology that functions independent of technology evolution. John McCumber outlines a simple yet thorough process to guide readers in the analysis and mitigation of risks in IT systems. The handbook contains enough detail to ensure practitioners and policy makers can apply the concepts of the model. Because it does not delve into technical implications, an in-depth technical background is not necessary, although all technical people can work within its structure. This book promises to become the most dog-eared possession for anyone charged with security in IT systems.
| 
Information Security Policies and Procedures: A Practitioner's Guide, Second Edition, developed by corporate
information security guru Tom Peltier, and successfully implemented at numerous
Fortune 500 companies, Information Security Policy and Procedures will
substantially reduce the time and cost usually associated with developing corporate
security policies and procedures. In an easy-to-use modular format, it supplies you with
everything you need to produce a comprehensive set of policies and procedures,
custom-tailored to your organization-quickly, cheaply, and without all the friction
and frustration. |
PKI is essential for Web services and secure electronic business transaction.
Public Key Infrastructure: Building Trusted Applications and Web Services shows how to make advanced PKI technology successful in any organization. whether for internal security or Web services.
It details how to develop advanced PKI technology online; lists available PKI software and its functionality; describes how
to choose right operating system for PKI; dvaluates how other organizations made choices; walks through the steps of
certificate management: requesting, obtaining, storing, using, and revoking a certificate; and looks into expectations for
a Certificate Authority (CA) and what a CA will expect of you. | 
The Hacker's Handbook: The Strategy Behind Breaking Into and Defending Networks moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders. | 
The Practical Guide to HIPAA Privacy and Security Compliance is a one-stop resource for real-world HIPAA privacy and security advice that you can immediately apply to your organization's unique situation. This how-to reference explains what HIPAA is about, what it requires, and what you can do to achieve and maintain compliance. It describes the HIPAA Privacy and Security Rules and compliance tasks in easy-to-understand language, focusing not on technical jargon, but on what you need to do to meet requirements. | 
Strategic Information Security integrates the importance of sound security policy with the strategic goals of an organization. It provides IT professionals and management with insight into the issues surrounding the goals of protecting valuable information assets. This text reiterates that an effective information security program relies on more than policies or hardware and software, instead it hinges on having a mindset that security is a core part of the business and not just an afterthought. Armed with the content contained in this book, security specialists can redirect the discussion of security towards the terms and concepts that management understands. This increases the likelihood of obtaining the funding and managerial support that is needed to build and maintain airtight security programs. | 
Critical Incident Management presents an expert overview of the elements that organizations need to address in order to prepare for and respond to network and information security violations. Written in a concise, practical style that emphasizes key points, this guide focuses on the establishment of policies and actions that prevent the loss of critical information or damage to infrastructure.
| 
Network Perimeter Security: Building Defense In-Depth reveals how you can evaluate the security
needs of your network, develop a security policy for your company, and create a budget based upon that policy. It assists
you in designing the security model, and outlines the testing process. Through the concepts and case studies presented
in this book, you will learn to build a comprehensive perimeter defense architecture based upon multiple layers of
protection, with expert recommendations for configuring firewalls, routers, intrusion detection system, and other
security tools and network components. | 
The Investigator's Guide to Steganography provides a comprehensive look at this unique form of
hidden communication from its earliest beginnings to its most modern uses. The book begins by exploring the past,
providing valuable insight into how this method of communication began and evolved from ancient times to the present
day. It continues with an in-depth look at the workings of digital steganography and watermarking methods, available
tools on the Internet, and a review of companies who are providing cutting edge steganography and watermarking
services. The third section builds on the first two by outlining and discussing real world uses of steganography
from the business and entertainment to national security and terrorism. The book concludes by reviewing steganography
detection methods and what can be expected in the future. | 
Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them. By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened, and avoid expensive and unnecessary purchases.
| 
Securing Windows NT/2000: From Policies to Firewalls
This managerial guide and practical technical tutorial provides viable security solutions for your organization. It
presents in-depth knowledge on how, why, and where these operating systems must be tuned in order to use them securely
to connect to the Internet. The book presents the steps required to define a corporate security policy, how to
implement that policy, and how to structure the project plan. It also provides practical provides step-by-step
instructions that guide you through performing a secure installation and in preparing the system for secure
operation on the Internet using Check Point Firewall-1. |
 Like no other book before it,
Global Information Warfare: How Businesses, Governments, and Others Achieve Objectives and Attain Competitive
Advantages illustrates the relationships and interdependencies of business and national objectives, of
companies and countries, and of the dependence of all of them on advances in technology. This book sheds light on
the "Achilles heel" that these dependencies on advanced computing and information technologies create. It underscores
how hostile countries, business competitors, terrorists, hacktivists and others are waging Information Warfare (IW)
against their adversaries. This may sound like science fiction, but it has been happening for years and continues
to this day-anyone and everyone can be a target and a casualty. |
The Asset Protection and Security Management Handbook is a must for all professionals involved
in the protection of assets. For those new to the security profession, the text covers the fundamental aspects of
security and security management providing a firm foundation for advanced development. For the experienced security
practitioner, it provides the tools necessary for developing effective solutions and responses to the growing number
of challenges encountered by today's security professionals. Based on the ASIS asset protection course, the text
provides information vital to security planning and operational requirements. It addresses the most commonly
recognized issues in the field and explores the future of asset protection management.
|  Intended for those interested in the construction and operation of an IA or Information Security (InfoSec) program,
Building a Global Information Assurance Program describes the key building blocks of an IA development effort. The text presents a systems development
life cycle (SDLC) methodology specifically tailored for an IA program. This process is a structured, cradle-to-grave
approach to IA program development, from program planning and design to implementation, support, and phase out. It
provides a proven series of steps and tasks that you can follow to build quality IA programs faster, at lower costs,
and with less risk. |
 Designed to be used by acquiring organizations, system integrators, manufacturers, and Common Criteria testing and
certification labs,
Using the Common Criteria for IT Security Evaluation explains how and why to use the Common
Criteria during the acquisition, implementation or evaluation of an IT product, system, network, or services contract.
The text describes the Common Criteria methodology; the major processes, steps, activities, concepts, terminology,
and how the CC methodology is used throughout the life of a system. It illustrates how each category of user should
employ the methodology as well as their different roles and responsibilities. |
The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques
starts with a review of each of the ten domains and provides 25 sample questions with answers and references for each.
It discusses successful approaches for preparing for the exam based on experiences of those who have recently passed
the exam. It then provides two complete 250 questions practice exams with answers. Explanations are provided to clarify
why the correct answers are correct, and why the incorrect answers are incorrect. | |
Privacy Papers: Managing Technology, Consumer, Employee, and Legislative Actions is a book for C-level executives, IT managers, HR managers, security officers, privacy officers, and legal professionals. It covers all aspects of technology and legislation that enable privacy and also those that place it at risk. This how-to guide presents sample policies for employee training, awareness, and acceptable use; covers why companies must protect data and how to do it; describes the technology that makes information more private; and lists and summarizes major federal and international privacy legislation.
Secure Internet Practices: Best Practices for Securing Systems in the Internet and e-Business Age presents an overview of security programs, policies, goals, life cycle development issues, infrastructure, and architecture aimed at enabling readers to effectively implement security at their organization. In addition to discussing general issues and solutions, the book provides concrete examples and templates for crafting or revamping your security program in the form of an Enterprise-Wide Security Program Modal, and an Information Security Policy Framework. Although rich in technical expertise, this is not strictly a handbook of Internet technologies, but a guide that is equally useful to business, finance, and manufacturing.
Building an Information Security Awareness Program This takes you step-by-step through the methodology for developing, distributing, and monitoring an information security awareness program. It includes detailed instructions on how to communicate the message and describes how to efficiently use outside sources to optimize the impact of a small staff. The author stresses the importance of security and the entire organizations' role and responsibility in protecting it. He also presents the material in a fashion that makes it easy for non-technical staff members to grasp the concepts.
A Practical Guide to Security Engineering and Information Assurance Is a comprehensive, practical guide to security engineering this book provides insight into the broader realm of information assurance (IA). It explains real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system. The author provides step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations.
Securing e-Business Applications and Communications Here's everything you need to know to build a secure E-Commerce web site from the ground up. Written with heterogeneous networks in mind, it includes implementation examples for Unix (Solaris and Linux), Windows NT 4.0, and Windows 2000. Numerous coding examples illustrate how to use the most current technologies from Microsoft, Sun, and others to support secure transactions. It also explores the most popular web servers, the technologies that drive them, and a number of commercial utilities that can be used to manage them remotely.
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management Covers writing policies, writing procedures, and writing standards, and how to integrate them into a comprehensive document for managing information security. Uses BS 7799 and ISO 17799 standards as the foundation for the content. Includes examples of existing documents and checklists to help the critique these documents.
A Technical Guide to IPSec Virtual Private Networks provides a technical explanation of a very complicated and misunderstood technology in terms that will allow the most novice of individuals to understand the inner workings of IPSec. It details the suite of IP Security protocols and their interaction with users, systems, and devices. It includes in-depth descriptions of the various IPSec communications and key management protocols that provide the foundation of secure communications. Includes multiple examples of implementations and real world experience and their comparison to the standards that make up IPSec.
Information Security Policies and Procedures: A Practitioner's Guide, Second Edition, developed by corporate information security guru Tom Peltier, and successfully implemented at numerous Fortune 500 companies, Information Security Policy and Procedures will substantially reduce the time and cost usually associated with developing corporate security policies and procedures. In an easy-to-use modular format, it supplies you with everything you need to produce a comprehensive set of policies and procedures, custom-tailored to your organization-quickly, cheaply, and without all the friction and frustration.
Effective Use of Teams in IT Audits, the latest supplement to Standard for Auditing Computer Applications, presents four approaches to ensure that you use teams effectively.
A Standard for Auditing Computer Applications is a step-by-step guide to auditing financial and operational applications systems for internal auditors.
Business Resumption Planning is a reference that answers to the most frequently asked questions about data center recovery, communications recovery, and general business operations recovery. Included with the handbook are complete forms and checklists on diskette that can be used to produce a detailed, custom disaster recovery plan.
Call Center Continuity Planning shows you how to plan for continuity through disasters large and small -- everything from power outages and hurricanes to unexpected peaks in inbound call volume that might threaten to swamp your call-takers.
