Title Information security : protecting the global enterprise / Donald L. Pipkin

Published Upper Saddle River, N.J. : Prentice Hall PTR ; London : Prentice-Hall International, [2000] ©2000

Copies

Location	Call no.	Vol.	Availability
MELB	005.8 Pip/Isp		AVAILABLE

Description xxiv, 364 pages ; 24 cm Series Hewlett-Packard professional books Hewlett-Packard professional books. Contents Prologue: The Future of Business 1 -- Business Environment is Changing -- Business Relationships are Changing -- Business Information is Changing -- Information Technology is Changing -- Information Security Must Change -- Introduction: Information Security 13 -- Information is a Business Asset -- Security is a Business Process -- Information Security is a Business Requirement -- Building an Information Security Plan -- Phase I Inspection 19 -- Defining Resources -- Assessing Threats -- Evaluating Potential Losses -- Identifying Vulnerabilities -- Assigning Safeguards -- Evaluate Current Status -- Chapter 1 Resource Inventory 27 -- Identifying Resources -- Assigning Ownership -- Determining Value -- Security Classification -- Chapter 2 Threat Assessment 35 -- Human Error -- Natural Disasters -- System Failures -- Malicious Acts -- Malicious Software -- Collateral Damage -- Chapter 3 Loss Analysis 55 -- Denial of Service -- Theft of Resources -- Deletion of Information -- Theft of Information -- Disclosure of Information -- Corruption of Information -- Theft of Software -- Theft of Hardware -- Disruption of Computer Controlled Systems -- Chapter 4 Identifying Vulnerabilities 67 -- Location of Vulnerabilities -- Known Vulnerabilities -- Security Design Flaw -- Innovative Misuses -- Incorrect Implementation -- Social Engineering -- Chapter 5 Assigning Safeguards 81 -- Avoidance -- Transference -- Mitigation -- Acceptance -- Chapter 6 Evaluation of Current Status 87 -- Assessment -- Testing -- Business Impact Analysis -- Phase II Protection 93 -- Philosophies -- Principles -- Policies -- Procedures -- Practices -- Chapter 7 Awareness 101 -- Appropriate Use -- Awareness Programs -- Design Choices -- Implementation Options -- Lack of Awareness -- Chapter 8 Access 111 -- Global Access -- Access Methods -- Access Points as Security Checkpoints -- Access Servers -- Abuse of Access -- Chapter 9 Identification 121 -- Enterprise Identification -- Issuance of Identifiers -- Scope of Use -- Administration of Identifiers -- Identity Errors -- Chapter 10 Authentication 129 -- Factors of Authentication -- Authentication Models -- Authentication Options -- Authentication Management -- Subverting Authentication -- Chapter 11 Authorization 141 -- What Authorizations Provide -- Granularity of Authorizations -- Requirements -- Design Choices -- Abuse of Authorization -- Chapter 12 Availability 149 -- Types of Outages -- Protecting all Levels -- Availability Models -- Availability Classifications -- Availability Outage -- Chapter 13 Accuracy 159 -- Information Lifecycle -- Information System Accuracy -- Methods -- Loss of Accuracy -- Chapter 14 Confidentiality 167 -- Information in the Enterprise -- Confidentiality Concerns -- Methods of Ensuring Confidentiality -- Sensitivity Classifications -- Invasion of Privacy -- Chapter 15 Accountability 175 -- Accountability Models -- Accountability Principles -- Accounting Events -- Accountability System Features -- Accountability Failures -- Chapter 16 Administration 183 -- Enterprise Information Security Administration -- Administration Process -- Areas of Administration -- Administration Errors -- Phase III Detection 191 -- Intruder Types -- Intrusion Methods -- Detection Methods -- Chapter 17 Intruder Types 193 -- Outside Intruders -- Inside Intruders -- Professional Intruder -- Chapter 18 Intrusion Methods 211 -- Technical Intrusions -- Physical Security -- Social Engineering -- Chapter 19 Intrusion Process 221 -- Reconnaissance -- Gaining Access -- Gaining Authorizations -- Achieve Goals -- Chapter 20 Intrusion Detection Methods 233 -- Profiles -- Offline Methods -- Online Methods -- Human Methods -- Phase IV Reaction 243 -- Incident Response Philosophies -- Incident Response Plan -- Chapter 21 Response8 Plan 249 -- Response Procedures -- Resources -- Legal Review -- Chapter 22 Incident Determination 255 -- Possible Indicators -- Probable Indicators -- Definite Indicators -- Predefined Situations -- Chapter 23 Incident Notification 263 -- Internal -- Computer Security Incident Organizations -- Affected Partners -- Law Enforcement -- News Media -- Chapter 24 Incident Containment 271 -- Stopping the Spread -- Regain Control -- Chapter 25 Assessing the Damage 277 -- Determining the Scope of Damage -- Determining the Length of the Incident -- Determining the Cause -- Determining the Responsible Party -- Chapter 26 Incident Recovery 283 -- Setting Priorities -- Repair the Vulnerability -- Improve the Safeguard -- Update Detection -- Restoration of Data -- Restoration of Services -- Monitor for Additional Signs of Attack -- Restoration of Confidence -- Chapter 27 Automated Response 291 -- Automated Defenses -- Gathering Counterintelligence -- Counterstrike -- Phase V Reflection 297 -- Postmortem Documentation -- Process Management -- External Follow-up -- Chapter 28 Incident Documentation 301 -- Incident Source Information -- Incident Timeline -- Technical Summary -- Executive Summary -- Chapter 29 Incident Evaluation 323 -- Identify Processes for Improvement -- Process Improvement -- Chapter 30 Public Relations 331 -- Right People -- Right Time -- Right Message -- Right Forum -- Right Attitude -- Chapter 31 Legal Prosecution 337 -- Computer Crime Laws -- Jurisdiction -- Collection of Evidence -- Successful Prosecution -- Epilogue: The Future of Business 347 -- A World without Borders -- Service-based Architecture -- Basic Business Principles -- Pervasive Security Notes Includes index Bibliography Includes bibliographical references and index Subject Computer security. Data protection. Information technology -- Security measures. LC no. 00032686 ISBN 0130173231 (paperback)

  Permalink