To search this page, use Edit > Find / Replace in the toolbar or Control-F.
Cyber Crime Investigator's Field Guide
The movement toward miniaturized and mobile computing has created more opportunity for cyber thieves. To respond effectively, IT security professionals need a resource that combines the understanding of investigative techniques with the technical knowledge of cyberspace. The second edition of the Cyber Crime Investigator's Field Guide provides an investigative framework, demonstrates the knowledge of how cyberspace really works, and explains the tools needed to pursue cyber criminals. This volume covers the entire investigative process, from what to do upon arrival at the scene through the completion of the investigation, including exploration of the chain of custody.
Multimedia Security Handbook
Intellectual property owners who exploit new ways of reproducing, distributing, and marketing their creations
digitally must also protect them from piracy.
Multimedia Security Handbook addresses multiple issues related to the protection of digital media, including audio, image, and video content. This volume examines leading-edge multimedia security concepts including protection architectures, encryption, watermarking, fingerprinting, authentication, and various applications. The Handbook offers comprehensive reference material on advanced topics in the field. It delivers invaluable insight for researchers, practitioners, and engineers involved in designing and developing systems that protect digital multimedia content.
Curing the Patch Management Headache
Curing the Patch Management Headache responds to this demand by tying together all aspects of the subject into one easy-to-understand format that is applicable regardless of the operating system, network device, or patch deployment tool. This volume provides CxOs, IT directors and managers with the support and guidance that they need to integrate an effective patch management process into their environments. It emphasizes the importance of patch management and explains why having organizational support for the process drives successful implementation. The book details how patches should be implemented on devices and systems within an infrastructure, and how to distribute them in a timely manner.
Information Security Fundamentals
Information Security Fundamentals allows future (and present!) security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply these concepts into their own efforts. The book examines the elements of computer security, employee roles and responsibilities, and common threats. It examines the need for management controls, policies and procedures, and risk analysis, and also presents a comprehensive list of tasks and objectives that make up a typical information protection program.
A Practical Guide to Security Assessments
A Practical Guide to Security Assessments is a process-focused approach that presents a structured methodology for conducting assessments. The key element of the methodology is an understanding of business goals and processes, and how security measures are aligned with business risks. The guide also emphasizes that resulting security recommendations should be cost-effective and commensurate with the security risk. The methodology described serves as a foundation for building and maintaining an information security program. In addition to the methodology, the book includes an Appendix that contains questionnaires that can be modified and used to conduct security assessments.
The Ethical Hack: A Framework for Business Value Penetration Testing
The Ethical Hack explains the methodologies, framework, and "unwritten conventions" that ethical hacks should employ to provide the maximum value to organizations that want to harden their security. This book is unique in that it goes beyond the technical aspects of penetration testing to address the processes and rules of engagement required for successful tests. It examines testing from a strategic perspective, shedding light on how testing ramifications affect an entire organization.
Assessing and Managing Security Risk in IT Systems: A Structured Methodology
Assessing and Managing Security Risk in IT Systems pushes back the advance of security-as-art and supplant it with a structured methodology that functions independent of technology evolution. John McCumber outlines a simple yet thorough process to guide readers in the analysis and mitigation of risks in IT systems. The handbook contains enough detail to ensure practitioners and policy makers can apply the concepts of the model. Because it does not delve into technical implications, an in-depth technical background is not necessary, although all technical people can work within its structure. This book promises to become the most dog-eared possession for anyone charged with security in IT systems.
Information Security Policies and Procedures: A Practitioner's Guide, Second Edition
Information Security Policies and Procedures, developed by corporate information security guru Tom Peltier, and successfully implemented at numerous Fortune 500 companies, Information Security Policy and Procedures will substantially reduce the time and cost usually associated with developing corporate security policies and procedures. In an easy-to-use modular format, it supplies you witheverything you need to produce a comprehensive set of policies and procedures, custom-tailored to your organization-quickly, cheaply, and without all the friction and frustration.
Public Key Infrastructure: Building Trusted Applications and Web Services
PKI is essential for Web services and secure electronic business transaction. Public Key Infrastructure shows how to make advanced PKI technology successful in any organization. whether for internal security or Web services. It details how to develop advanced PKI technology online; lists available PKI software and its functionality; describes how to choose right operating system for PKI; dvaluates how other organizations made choices; walks through the steps of certificate management: requesting, obtaining, storing, using, and revoking a certificate; and looks into expectations for a Certificate Authority (CA) and what a CA will expect of you.
The Hacker's Handbook: The Strategy Behind Breaking Into and Defending Networks
The Hacker's Handbook moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders.
The Practical Guide to HIPAA Privacy and Security Compliance
The Practical Guide to HIPAA Privacy and Security Compliance is a one-stop resource for real-world HIPAA privacy and security advice that you can immediately apply to your organization's unique situation. This how-to reference explains what HIPAA is about, what it requires, and what you can do to achieve and maintain compliance. It describes the HIPAA Privacy and Security Rules and compliance tasks in easy-to-understand language, focusing not on technical jargon, but on what you need to do to meet requirements.
Strategic Information Security
Strategic Information Security integrates the importance of sound security policy with the strategic goals of an organization. It provides IT professionals and management with insight into the issues surrounding the goals of protecting valuable information assets. This text reiterates that an effective information security program relies on more than policies or hardware and software, instead it hinges on having a mindset that security is a core part of the business and not just an afterthought. Armed with the content contained in this book, security specialists can redirect the discussion of security towards the terms and concepts that management understands. This increases the likelihood of obtaining the funding and managerial support that is needed to build and maintain airtight security programs.
Critical Incident Management
Critical Incident Management presents an expert overview of the elements that organizations need to address in order to prepare for and respond to network and information security violations. Written in a concise, practical style that emphasizes key points, this guide focuses on the establishment of policies and actions that prevent the loss of critical information or damage to infrastructure.
Network Perimeter Security: Building Defense In-Depth
Network Perimeter Security reveals how you can evaluate the security needs of your network, develop a security policy for your company, and create a budget based upon that policy. It assists you in designing the security model, and outlines the testing process. Through the concepts and case studies presented in this book, you will learn to build a comprehensive perimeter defense architecture based upon multiple layers of protection, with expert recommendations for configuring firewalls, routers, intrusion detection system, and other security tools and network components.
The Investigator's Guide to Steganography
The Investigator's Guide to Steganography provides a comprehensive look at this unique form of hidden communication from its earliest beginnings to its most modern uses. The book begins by exploring the past, providing valuable insight into how this method of communication began and evolved from ancient times to the present day. It continues with an in-depth look at the workings of digital steganography and watermarking methods, available tools on the Internet, and a review of companies who are providing cutting edge steganography and watermarking services. The third section builds on the first two by outlining and discussing real world uses of steganography from the business and entertainment to national security and terrorism. The book concludes by reviewing steganography detection methods and what can be expected in the future.
Managing a Network Vulnerability Assessment
Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them. By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened, and avoid expensive and unnecessary purchases.
Securing Windows NT/2000: From Policies to Firewalls
Securing Windows NT/2000This managerial guide and practical technical tutorial provides viable security solutions for your organization. It presents in-depth knowledge on how, why, and where these operating systems must be tuned in order to use them securely to connect to the Internet. The book presents the steps required to define a corporate security policy, how to implement that policy, and how to structure the project plan. It also provides practical provides step-by-step instructions that guide you through performing a secure installation and in preparing the system for secure operation on the Internet using Check Point Firewall-1.
The Asset Protection and Security Management Handbook
The Asset Protection and Security Management Handbook is a must for all professionals involved in the protection of assets. For those new to the security profession, the text covers the fundamental aspects of security and security management providing a firm foundation for advanced development. For the experienced security practitioner, it provides the tools necessary for developing effective solutions and responses to the growing number of challenges encountered by today's security professionals. Based on the ASIS asset protection course, the text provides information vital to security planning and operational requirements. It addresses the most commonly recognized issues in the field and explores the future of asset protection management.
Building a Global Information Assurance Program
Intended for those interested in the construction and operation of an IA or Information Security (InfoSec) program, Building a Global Information Assurance Program describes the key building blocks of an IA development effort. The text presents a systems development life cycle (SDLC) methodology specifically tailored for an IA program. This process is a structured, cradle-to-grave approach to IA program development, from program planning and design to implementation, support, and phase out. It provides a proven series of steps and tasks that you can follow to build quality IA programs faster, at lower costs, and with less risk.
Using the Common Criteria for IT Security Evaluation
Designed to be used by acquiring organizations, system integrators, manufacturers, and Common Criteria testing andcertification labs, Using the Common Criteria for IT Security Evaluation explains how and why to use the Common Criteria during the acquisition, implementation or evaluation of an IT product, system, network, or services contract. The text describes the Common Criteria methodology; the major processes, steps, activities, concepts, terminology, and how the CC methodology is used throughout the life of a system. It illustrates how each category of user should employ the methodology as well as their different roles and responsibilities.
The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques
The Total CISSP Exam Prep Book starts with a review of each of the ten domains and provides 25 sample questions with answers and references for each. It discusses successful approaches for preparing for the exam based on experiences of those who have recently passed the exam. It then provides two complete 250 questions practice exams with answers. Explanations are provided to clarify why the correct answers are correct, and why the incorrect answers are incorrect.
Privacy Papers: Managing Technology, Consumer, Employee, and Legislative Actions is a book for C-level executives, IT managers, HR managers, security officers, privacy officers, and legal professionals. It covers all aspects of technology and legislation that enable privacy and also those that place it at risk. This how-to guide presents sample policies for employee training, awareness, and acceptable use; covers why companies must protect data and how to do it; describes the technology that makes information more private; and lists and summarizes major federal and international privacy legislation.
Secure Internet Practices: Best Practices for Securing Systems in the Internet and e-Business Age presents an overview of security programs, policies, goals, life cycle development issues, infrastructure, and architecture aimed at enabling readers to effectively implement security at their organization. In addition to discussing general issues and solutions, the book provides concrete examples and templates for crafting or revamping your security program in the form of an Enterprise-Wide Security Program Modal, and an Information Security Policy Framework. Although rich in technical expertise, this is not strictly a handbook of Internet technologies, but a guide that is equally useful to business, finance, and manufacturing.
Building an Information Security Awareness Program This takes you step-by-step through the methodology for developing, distributing, and monitoring an information security awareness program. It includes detailed instructions on how to communicate the message and describes how to efficiently use outside sources to optimize the impact of a small staff. The author stresses the importance of security and the entire organizations' role and responsibility in protecting it. He also presents the material in a fashion that makes it easy for non-technical staff members to grasp the concepts.
A Practical Guide to Security Engineering and Information Assurance Is a comprehensive, practical guide to security engineering this book provides insight into the broader realm of information assurance (IA). It explains real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system. The author provides step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations.
Securing e-Business Applications and Communications Here's everything you need to know to build a secure E-Commerce web site from the ground up. Written with heterogeneous networks in mind, it includes implementation examples for Unix (Solaris and Linux), Windows NT 4.0, and Windows 2000. Numerous coding examples illustrate how to use the most current technologies from Microsoft, Sun, and others to support secure transactions. It also explores the most popular web servers, the technologies that drive them, and a number of commercial utilities that can be used to manage them remotely.
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management Covers writing policies, writing procedures, and writing standards, and how to integrate them into a comprehensive document for managing information security. Uses BS 7799 and ISO 17799 standards as the foundation for the content. Includes examples of existing documents and checklists to help the critique these documents.
A Technical Guide to IPSec Virtual Private Networks provides a technical explanation of a very complicated and misunderstood technology in terms that will allow the most novice of individuals to understand the inner workings of IPSec. It details the suite of IP Security protocols and their interaction with users, systems, and devices. It includes in-depth descriptions of the various IPSec communications and key management protocols that provide the foundation of secure communications. Includes multiple examples of implementations and real world experience and their comparison to the standards that make up IPSec.
Information Security Policies and Procedures: A Practitioner's Guide, Second Edition, developed by corporate information security guru Tom Peltier, and successfully implemented at numerous Fortune 500 companies, Information Security Policy and Procedures will substantially reduce the time and cost usually associated with developing corporate security policies and procedures. In an easy-to-use modular format, it supplies you with everything you need to produce a comprehensive set of policies and procedures, custom-tailored to your organization-quickly, cheaply, and without all the friction and frustration.
Effective Use of Teams in IT Audits, the latest supplement to Standard for Auditing Computer Applications, presents four approaches to ensure that you use teams effectively.
A Standard for Auditing Computer Applications is a step-by-step guide to auditing financial and operational applications systems for internal auditors.
Business Resumption Planning is a reference that answers to the most frequently asked questions about data center recovery, communications recovery, and general business operations recovery. Included with the handbook are complete forms and checklists on diskette that can be used to produce a detailed, custom disaster recovery plan.
Call Center Continuity Planning shows you how to plan for continuity through disasters large and small -- everything from power outages and hurricanes to unexpected peaks in inbound call volume that might threaten to swamp your call-takers.
