IT Security Risking the Corporation

Name: IT Security Risking the Corporation
Availability: OutOfStock
ISBN: 9780131011120

ISBN-10: 013101112X

ISBN-13: 9780131011120

Edition: 2003

Authors: Linda McCarthy

List price: $34.99

30 day, 100% satisfaction guarantee!

Out of stock

We're sorry. This item is currently unavailable.

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Security is more about people and policies than about techie details. Linda McCarthy'sIT Security: Crimes and Misdemeanors gives you more than the title promises. It is not only a collection of enlightening case studies based on real security audits, but the author also gives a brief and to-the-point analysis of the real risks in the way systems are installed, configured, supported and managed. The book deliberately does not go into technical details, so anyone who is interested in network security will find it easy to read. Discusses and documents the importance of a security policy, the impact of organizational politics, and includes actual transcripts of break-ins and checklists of…

Book details

List price: $34.99
Copyright year: 2003
Publisher: Prentice Hall PTR
Publication date: 2/24/2003
Binding: Paperback
Pages: 272
Size: 6.75" wide x 9.00" long x 0.75" tall
Weight: 1.144
Language: English



Foreword


Acknowledgments


About the Author


Introduction



Responding to Attacks


Incident-Response Nightmare



Unauthorized Access



Problem Fixed



Security Is Breached Again



Escalating the Incident



Too Late to Gain Evidence



Who Was the Bad Guy?


Summary: Attacks from the Inside


Let's Not Go There...


Focus on Prevention


Prepare for the Worst


React Quickly and Decisively


Follow Up


Checklist


Final Words



Out-of-the-Box Security


Deal with Security Later



False Sense of Security


Two Years Later: Noticed the Attack


+ Two Weeks: The Hacker's Back


+ Three Weeks: Fixing Security


The Saga Continues: The Network Remains at Risk


Summary: Would You Hire This ISP?


Let's Not Go There...


Know Your Risks


Avoid Out-of-the-Box Installations


Test Your Network


Know the People Who Know Your Data


Assign or Acquire Adequate Funding for Security


Don't Export Read/Write Permissions to the World


Remove Old Accounts


Test Passwords


Apply Security Patches


Follow Policies and Procedures


Work with Experts


Use Training


Checklist


Final Words



Executive Support


Executive Commitment



Unsecured Systems


A Year Later: Unauthorized Access Continues


Summary: Take an Active Approach


Let's Not Go There...


Commit to Security from the Top Down


Don't Delegate Security


Keep Levels of Management to a Minimum


Report Back to Executive Management


Set Security as a Corporate Goal


Provide or Take Training as Required


Make Sure That All Managers Understand Security


Communicate to Management Clearly


Checklist


Final Words



Network Access


Partner Connections



Security Architecture


A Few Weeks Later: Security Installation Policy


The Next Day: Who's Responsible for Security


Over the Next 29 Days: A Hacker Gains Control


+ One Month: An Unscheduled Security Test



Network Maps Tell a Lot



Unenforced Policies


The Last Audit Day: Taking Responsibility for Security


Summary: Keep the Competition Out


Let's Not Go There...


Use Standard Architecture Designs


Track External Connections


Take Responsibility for Your Territory


Require Approval for External Connections


Enforce Policies and Procedures


Disable Unnecessary Services


Stress the Importance of Training


Follow Through


Don't Connect Unsecured Systems to the Internet


Checklist


Final Words



Security Training


Overlooking Training


Initial Contact: Security Testing



Gathering Facts



Testing the Systems



Leaving Security Training out of the Budget


Summary: Make Sure You Fund Training


Let's Not Go There...


Educate Executive Management


Protect the Security Training Budget


Make Security a Management Requirement


Make Training a System Administrator Requirement


Attend Security Seminars


Have Brown-Bag Lunches


Disseminate Security Information


Join Security Lists


Write White Papers


Write for Newsletters


Develop Tools into Products


Checklist


Final Words



Unplanned Security


Transition Plan



Testing Security


Understanding Risk



Physical Security



Getting Past Physical Controls



Unauthorized Access



Personal Information at Risk


Summary: Plan Outsourcing Carefully


Let's Not Go There...


Assess Risks


Classify Systems


Forbid Out-of-the-Box Installations


Don't Be Too Trusting


Learn from the Past


Target Budget Cuts


Conduct Security Testing


Hold Management Accountable


Don't Set Yourself Up


Include Training in Budgets


Keep Score


Checklist


Final Words



Maintaining Security


Responsible for Security



Keeping The Bad Guys Out



Firewall Administrator


Temporary Security


Management and Security


Being Serious about Supporting Security


My Last Day: Attitudes Can Tell A Lot


Summary: Ask Not What Your Company's Security Can Do for You


Let's Not Go There...


Define Roles and Responsibilities


Develop Firewall Policies and Procedures


Feed Your Firewall


Read Your Audit Logs


Use Detection Software


Respond Quickly!


Require Proof of Security


Conduct Audits


Get Educated


Checklist


Final Words



Internal Network Security


Unsafe Network


In the Beginning: Bypassing the Corporate Network



Collecting Evidence



System Administrators Versus the Security Team


Who Owns Security


Transferring Responsibility


Summary: Security Is the Casualty of War


Let's Not Go There...


Put Someone in Charge of Policies and Procedures


Delineate Cross-Organizational Security Support


Don't Wait for Miracles


Question Processes


Know When to Cry "Uncle"


Be Responsible


Checklist


Final Words



Outsourcing Security


Forget Security?



Taking a Look at Security Controls



Network Connections


Amazing Security Mistakes


Untrained and Inexperienced Support



Does Management Understand?


Summary: Outsourced Systems Must Be Secured


Let's Not Go There...


Conduct Security Assessments


Do It Right


Do It Regularly


Fix the Problems You Find


Don't Use the Sink-or-Swim Approach


Checklist


Final Words



Unsecure Email


Email or See Mail?


Personal Data Accessed


Summary: You Have the Right to Waive Your Right to Privacy


Let's Not Go There...


Use Encryption!


Encourage Your Company to Encrypt


Add Encryption to Your Security Budget


Watch for Other Email Hazards


Final Words



Looking Back: What's Next?


Risking the Corporation


Legal Duties to Protect Information and Networks


Business Initiatives and Corporate Goals


Threats Require Action



A Hacker's Walk Through the Network


A Hacker's Profile


The Real Hackers


About Those Tools


Walking with the Hacker


What the Hacker Was Doing...


Conclusion



A People and Products to Know


Acronyms


Glossary


Index