| Description |
1 online resource (424 pages) |
| Contents |
Cover -- Title -- Copyright -- Contents -- Introduction -- Chapter 1: Information Security Auditing and Strategy -- The mindsets of ignorance -- Defence-in-depth -- Compelling adversaries to adapt -- Chapter 2: Security Auditing, Governance, Policies and Compliance -- General security policy shortcomings -- Addressing security audits in policy statements -- The erroneous path to compliance -- Getting down to earth -- Chapter 3: Security Assessments Classification -- Black, grey and white box tests -- Assessments specialisations and actual scopes |
|
On technical information security assessmentsServer, client and network-centric tests -- IT security testing levels and target areas -- 'Idiosyncratic' technical security tests -- On non-technical information security audits -- Premises and physical security checks -- Social engineering tests -- Security documentation reviews -- Assessing security processes -- Chapter 4: Advanced Pre-Assessment Planning -- The four-stage framework -- Selecting the targets of assessment -- Evaluating what is on offer -- Professional certifications and education |
|
Publications and toolsThe auditor company history and size -- Dealing with common assessment emergencies -- Chapter 5: Security Audit Strategies and Tactics -- Centres of gravity and their types -- Identifying critical points -- The strategic exploitation cycle -- External technical assessment recon -- Social engineering recon -- Internal technical assessment recon -- Technical vulnerability discovery process -- A brief on human vulnerabilities -- The tactical exploitation cycle -- Front, flank, simple, complex -- The strategies of creating gaps |
|
Chapter 6: Synthetic Evaluation of RisksRisk, uncertainty and ugly Black Swans -- On suitable risk analysis methodologies -- On treatment of information security risks -- Relevant vulnerability categories -- Gauging attacker skill -- Weighting vulnerability impact -- Contemplating the vulnerability remedy -- Defining vulnerability risk level -- Risks faced by large components -- Compound risks, systempunkts and attacker logic -- Total risk summary utilisation and dissection -- Chapter 7: Presenting the Outcome and Follow-Up Acts -- The report audience and style |
|
The report summaryThe report interpretation chapter -- The bulk of the report -- Explaining the overall security state -- Elaborating on breakdown of risks -- Using vulnerability origin investigations -- Post-audit assistance and follow-up hurdles -- Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies -- Bad tactics and poor tests -- On the assessment team ordnance -- Of serpents and eagles -- ITG Resources |
| Summary |
Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that |
| Bibliography |
Includes bibliographical references |
| Notes |
Vendor-supplied metadata |
| Subject |
Computer security
|
|
Information technology.
|
|
Computer Security
|
|
information technology.
|
|
COMPUTERS -- Internet -- Security.
|
|
COMPUTERS -- Networking -- Security.
|
|
COMPUTERS -- Security -- General.
|
|
COMPUTERS -- General.
|
|
Computer security
|
|
Information technology
|
| Form |
Electronic book
|
| Author |
Gavrilenko, Konstantin, author
|
|
Michajlowski, Anej, author
|
| ISBN |
9781849286008 |
|
1849286000 |
|
