چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Security Planning : An Applied Approach

Susan Lincke (auth.)

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

نویسنده
Susan Lincke (auth.)
سال انتشار
۲۰۱۵
فرمت
PDF
زبان
انگلیسی
حجم فایل
۷٫۳ مگابایت

دربارهٔ کتاب

This Book Guides Readers Through Building An It Security Plan. Offering A Template, It Helps Readers To Prioritize Risks, Conform To Regulation, Plan Their Defense And Secure Proprietary/confidential Information. The Process Is Documented In The Supplemental Online Security Workbook. Security Planning Is Designed For The Busy It Practitioner, Who Does Not Have Time To Become A Security Expert, But Needs A Security Plan Now. It Also Serves To Educate The Reader Of A Broader Set Of Concepts Related To The Security Environment Through The Introductory Concepts And Advanced Sections. The Book Serves Entry Level Cyber-security Courses Through Those In Advanced Security Planning. Exercises Range From Easier Questions To The Challenging Case Study. This Is The First Text With An Optional Semester-long Case Study: Students Plan Security For A Doctor’s Office, Which Must Adhere To Hipaa Regulation. For Software Engineering-oriented Students, A Chapter On Secure Software Development Introduces Security Extensions To Uml And Use Cases (with Case Study). The Text Also Adopts The Nsa’s Center Of Academic Excellence (cae) Revamped 2014 Plan, Addressing Five Mandatory And 15 Optional Knowledge Units, As Well As Many Acm Information Assurance And Security Core And Elective Requirements For Computer Science. Preface -- Security Awareness -- Combatting Fraud -- Complying With Security Regulation And Standards -- Managing Risk -- Addressing Business Impact Analysis And Business Continuity -- Governing -- Important Tactical Concepts -- Planning For Network Security -- Designing Physical Security -- Organizing Personal Security -- Planning For Incident Response -- Defining Security Metrics -- Performing An Audit Or Security Test -- Complying With Hipaa And Hitech -- Developing Secure Software. By Susan Lincke. Preface: How to Use This Book 6 To the Security Instructor 7 Addressing Educational Criteria 8 Acknowledgments and Disclaimers 8 Contents 10 Part I: The Problem of Security 16 Chapter 1: Security Awareness: Brave New World 17 1.1 With Security, Every Person Counts 17 1.2 Protecting Yourself 20 1.3 Criminal Attacks to an Organization 25 1.4 Questions 29 References 31 Chapter 2: Combatting Fraud 33 2.1 Internal Fraud 34 2.1.1 Defenses Against Internal Fraud 35 2.1.2 Recognizing Fraud 39 2.2 External Fraud 40 2.2.1 Identity Theft 41 2.2.2 Social Engineering 42 2.2.3 Receipt, Check, and Money Order Scams 46 2.3 Developing an Action Plan 47 2.4 Advanced: A Fraud Investigation 47 2.5 Questions and Problems 49 2.5.1 Health First Case Study Problems 51 References 51 Chapter 3: Complying with Security Regulation and Standards 53 3.1 Security Laws Affecting U.S. Organizations 53 3.1.1 State Breach Notification Laws, 2003 and Later 54 3.1.2 HIPAA/HITECH Act, 1996, 2009 56 3.1.3 Sarbanes–Oxley Act (SOX), 2002 57 3.1.4 Gramm–Leach–Bliley Act (GLB), 1999 60 3.1.5 Identity Theft Red Flags Rule, 2007 60 3.1.6 Family Educational Rights and Privacy Act (FERPA), 1974, and Other Child Protection Laws 61 3.1.6.1 Children’s Online Privacy Protection Act (COPPA), 1998 61 3.1.6.2 Children’s Internet Protection Act (CIPA), 2000 62 3.1.7 Federal Information Security Management Act (FISMA), 2002 62 3.2 Security Industry Standards 64 3.2.1 Payment Card Industry Data Security Standard (PCI DSS) 64 3.3 Computer Abuse Laws 66 3.4 Final Considerations 67 3.5 Advanced: Understanding the Context of Law 68 3.6 Questions and Problems 69 References 71 Part II: Strategic Security Planning 73 Chapter 4: Managing Risk 74 4.1 Risk Management Overview 75 4.1.1 Assessing Risk 77 4.2 The Ethics of Risk 90 4.3 Advanced: Financial Analysis with Business Risk 91 4.4 Advanced: Risk for Larger Organizations 93 4.5 Questions and Problems 94 4.5.1 Health First Case Study Problems 95 References 95 Chapter 5: Addressing Business Impact Analysis and Business Continuity 97 5.1 Analyzing Business Impact 97 5.2 Planning for Business Continuity 101 5.2.1 Recovery Sites 101 5.2.2 High-Availability Solutions 103 5.2.3 Cloud Services 104 5.3 Disk Backup and Recovery 106 5.4 Preparing for IT Disaster Recovery 108 5.5 Advanced: Business Continuity for Mature Organizations 109 5.6 Advanced: Considering Big Data Distributed File Systems 111 5.7 Questions 112 5.7.1 Health First Case Study Problems 113 References 114 Chapter 6: Governing: Policy, Maturity Models and Planning 115 6.1 Documenting Security: Policies, Standards, Procedures and Guidelines 115 6.2 Maturing the Organization via Capability Maturity Models and COBIT 117 6.3 Strategic, Tactical and Operational Planning 119 6.4 Allocating Security Roles and Responsibilities 121 6.5 Questions 123 6.5.1 Health First Case Study Problems 124 References 124 Part III: Tactical Security Planning 125 III.1 Important Tactical Concepts 125 Chapter 7: Designing Information Security 127 7.1 Important Concepts and Roles 127 7.2 Design: Classifying Data for CIA 129 7.3 Selecting Technology and Implementation Options 133 7.3.1 Authentication: Login or Identification 133 7.3.1.1 Biometric Systems 134 7.3.2 Access Control: Permissions 134 7.3.3 Logs: Accountability 136 7.4 Audit 137 7.5 Advanced: Administration of Information Security 137 7.6 Advanced: Designing Specialized Information Security 139 7.6.1 Big Data: Data Warehouses 139 7.6.2 Designing Highly Secure Environments 140 7.6.2.1 Bell and La Padula Model (BLP) 141 7.7 Questions 143 7.7.1 Health First Case Study Problems 144 References 144 Chapter 8: Planning for Network Security 146 8.1 Important Concepts 146 8.1.1 How Crackers Attack 147 8.1.2 Filtering Packets to Restrict Network Access 148 8.2 Defining Network Services 149 8.2.1 Step 1: Determine Services: What, Who, Where? 149 8.2.2 Step 2: Determine Sensitivity of Services 150 8.2.3 Step 3: Allocate Network Zones 152 8.2.4 Step 4: Define Controls 152 8.3 Defining Controls 154 8.3.1 Confidentiality Controls 154 8.3.2 Authenticity and Non-repudiation 158 8.3.3 Integrity Controls 159 8.3.4 Anti-hacker Controls 160 8.4 Defining the Network Architecture 162 8.4.1 Step 5: Draw the Network Diagram 164 8.5 Advanced: How It Works 165 8.6 Questions 167 8.6.1 Health First Case Study Problems 169 References 169 Chapter 9: Designing Physical Security 170 9.1 Selecting Availability Controls 172 9.2 Selecting Confidentiality/Integrity Controls 174 9.2.1 Building Entry Controls 174 9.2.2 Room Entry Controls 175 9.2.3 Computer and Document Access Control 175 9.2.4 The Public Uses Computers 177 9.2.5 The Public and Point of Sales Devices 178 9.3 Questions and Problems 179 9.3.1 Health First Case Study Problems 180 References 181 Chapter 10: Organizing Personnel Security 182 10.1 Controlling Employee Threats 183 10.1.1 Preventive Controls 184 10.1.2 Detective (and Deterrence) Controls 185 10.1.3 Corrective Controls 186 10.2 Training for Security 186 10.3 Tools to Manage Security 189 10.3.1 Configuration Management and Change Control 189 10.3.2 Service Level Agreements 190 10.4 Questions and Problems 190 10.4.1 Health First Case Study Problems 191 References 192 Chapter 11: Planning for Incident Response 193 11.1 Important Statistics and Concepts 194 11.2 Developing an Incident Response Plan 195 11.2.1 Preparation Stage 196 11.2.2 Identification Stage 200 11.2.3 Containment and Escalation Stage 202 11.2.4 Analysis and Eradication Stage 202 11.2.5 Notification and Ex-Post Response Stages 204 11.2.6 Recovery and Lessons Learned Stages 204 11.3 Preparing for Incident Response 205 11.4 Advanced: Computer Investigation and Forensics 206 11.4.1 The Judicial Procedure 209 11.5 Questions and Problems 210 11.5.1 Health First Case Study Problems 212 References 212 Part IV: Measure, Test and Audit 214 Chapter 12: Defining Security Metrics 215 12.1 Considering Business-Driven Metrics 216 12.2 Implementing Technology-Driven Metrics 218 12.3 Questions and Problems 223 12.3.1 Health First Case Study Problems 224 References 224 Chapter 13: Performing an Audit or Security Test 225 13.1 Testing Internally and Simple Audits 226 13.1.1 Gathering Information, Planning the Audit 228 13.1.2 Reviewing Internal Controls 231 13.1.3 Performing Compliance and Substantive Tests 232 13.1.4 Preparing and Presenting the Report 233 13.2 Example: PCI DSS Audits and Report on Compliance 235 13.3 Professional and External Auditing 236 13.3.1 Audit Resources 236 13.3.2 Sampling 236 13.3.3 Evidence and Conclusions 239 13.3.4 Variations in Audit Types 240 13.4 Questions and Problems 240 13.4.1 Health First Case Study Problems 242 References 242 Chapter 14: Complying with HIPAA and HITECH 243 14.1 Introduction and Vocabulary 245 14.2 HITECH Breach Notification 247 14.3 HIPAA Privacy Rule 248 14.3.1 Patient Rights 248 14.3.2 Disclosures 249 14.4 HIPAA Security Rule 250 14.4.1 Administrative Requirements 251 14.4.2 Physical Security 252 14.4.3 Technical Controls 252 14.5 Questions and Problems 259 14.5.1 Health First Case Study Problems 260 References 261 Chapter 15: Developing Secure Software 262 15.1 Important Concepts: Attacks to Software 263 15.1.1 Service Oriented Architectures and the Web 263 15.2 Requirements 265 15.2.1 Specify Reliability 274 15.3 Analysis/Design 275 15.3.1 Static Model 275 15.3.2 Dynamic Model 278 15.4 Coding 281 15.4.1 Sanitize Input and Output! 281 15.4.2 Never Expose Internal Data Structures 282 15.4.3 Minimize Access 283 15.4.4 Use Tried-and-True Security Algorithms 283 15.4.5 Validate and Control the Configuration 284 15.4.6 Managing Exceptions 284 15.4.7 Use Safe Coding Practices 285 15.5 Testing 285 15.5.1 Testing Websites 287 15.6 Deployment, Operations, Maintenance and Disposal 287 15.7 Secure Development Life Cycle 288 15.8 Secure Agile Development 289 15.9 Questions and Problems 290 15.9.1 Health First Case Study Problems 292 References 293 Front Matter....Pages i-xiv Front Matter....Pages 1-1 Security Awareness: Brave New World....Pages 3-18 Combatting Fraud....Pages 19-38 Complying with Security Regulation and Standards....Pages 39-58 Front Matter....Pages 59-59 Managing Risk....Pages 61-83 Addressing Business Impact Analysis and Business Continuity....Pages 85-102 Governing: Policy, Maturity Models and Planning....Pages 103-112 Front Matter....Pages 113-114 Designing Information Security....Pages 115-133 Planning for Network Security....Pages 135-158 Designing Physical Security....Pages 159-170 Organizing Personnel Security....Pages 171-181 Planning for Incident Response....Pages 183-203 Front Matter....Pages 205-205 Defining Security Metrics....Pages 207-216 Performing an Audit or Security Test....Pages 217-234 Complying with HIPAA and HITECH....Pages 235-253 Developing Secure Software....Pages 255-287

قیمت نهایی

۴۴٬۰۰۰ تومان