| |
| |
Prologue | |
| |
| |
Acknowledgments | |
| |
| |
| |
Introduction | |
| |
| |
The Security Mind | |
| |
| |
Where Do We Start? Where Does It End? | |
| |
| |
| |
A New Look at Information Security | |
| |
| |
Security as an Art Form | |
| |
| |
What We Know About Security | |
| |
| |
Understanding the Fear Factor | |
| |
| |
How to Successfully Implement and Manage Security | |
| |
| |
| |
The Four Virtues of Security | |
| |
| |
Introduction to the Virtues | |
| |
| |
The Virtue of Daily Consideration | |
| |
| |
The Virtue of Community Effort | |
| |
| |
The Virtue of Higher Focus | |
| |
| |
The Virtue of Education | |
| |
| |
Using These Virtues | |
| |
| |
| |
The Eight Rules of Security (Components of All Security Decisions) | |
| |
| |
Introduction to the Rules | |
| |
| |
Rule of Least Privilege | |
| |
| |
Rule of Change | |
| |
| |
Rule of Trust | |
| |
| |
Rule of the Weakest Link | |
| |
| |
Rule of Separation | |
| |
| |
Rule of the Three-Fold Process | |
| |
| |
Rule of Preventative Action (Proactive Security) | |
| |
| |
Rule of Immediate and Proper Response | |
| |
| |
Incorporating the Rules | |
| |
| |
| |
Developing a Higher Security Mind | |
| |
| |
The Art of Higher Security | |
| |
| |
Thinking in Zones | |
| |
| |
Creating Chokepoints | |
| |
| |
Layering Security | |
| |
| |
Working in Stillness | |
| |
| |
Understanding Relational Security | |
| |
| |
Understanding Secretless Security | |
| |
| |
Dividing Responsibilities | |
| |
| |
Failing Securely | |
| |
| |
| |
Making Security Decisions | |
| |
| |
Using the Rules to Make a Decision | |
| |
| |
The Decision-Making Process | |
| |
| |
Example Decision | |
| |
| |
| |
Know Thy Enemy and Know Thyself | |
| |
| |
Understanding the Modern Hacker | |
| |
| |
Where Modern Vulnerabilities Exist | |
| |
| |
Modern Targets | |
| |
| |
Modern Exploits | |
| |
| |
Neglecting the Rules: A Hacker's Tale | |
| |
| |
Creating Your Own Security Profile | |
| |
| |
Becoming Invisible to Your Enemies | |
| |
| |
| |
Practical Security Assessments | |
| |
| |
The Importance of a Security Audit | |
| |
| |
Understanding Risks and Threats | |
| |
| |
The Traditional Security Assessment Model | |
| |
| |
The Relational Security Assessment Model | |
| |
| |
Relational Security Assessment Model: Risks | |
| |
| |
Relational Security Assessment Model: Controls | |
| |
| |
Relational Security Assessment Model: Tactical Audit Process | |
| |
| |
Analytical Audit Measures | |
| |
| |
Additional Audit Considerations | |
| |
| |
| |
The Security Staff | |
| |
| |
Building a Successful Security Team | |
| |
| |
Bringing in Security Consultants | |
| |
| |
Outsourcing Security Maintenance | |
| |
| |
| |
Modern Considerations | |
| |
| |
Using Standard Defenses | |
| |
| |
Open Source vs | |
| |
| |
Closed Source Security | |
| |
| |
Wireless Networks | |
| |
| |
Encryption | |
| |
| |
Virtual Private Networking | |
| |
| |
| |
The Rules in Practice | |
| |
| |
Practicing the Rules | |
| |
| |
Perimeter Defenses | |
| |
| |
Internal Defenses | |
| |
| |
Physical Defenses | |
| |
| |
Direct Object Defenses | |
| |
| |
Outbound Internet Access | |
| |
| |
Logging and Monitoring | |
| |
| |
Handling Authentication | |
| |
| |
| |
Going Forward | |
| |
| |
The Future of Information Security | |
| |
| |
| |
Tips on Keeping Up-to-Date | |
| |
| |
| |
Ideas for Training | |
| |
| |
| |
Additional Recommended Audit Practices | |
| |
| |
| |
Recommended Reading | |
| |
| |
| |
The Hidden Statistics of Information Security | |
| |
| |
Index | |