>--John R. Thomas, Colonel, U.S. Army, Retired Former Commander of the DoD, Global Operations and Security Center Today's e-business depends on the security of its networks and information technology infrastructure to safeguard its customers and its profits. But with rapid innovation and the emergence of new threats and new countermeasures, keeping up with security is becoming more complex than ever. Securing E-Business Systems offers a new model for developing a proactive program of security administration that works as a continuous process of identifying weaknesses and implementing…mehr
>--John R. Thomas, Colonel, U.S. Army, Retired Former Commander of the DoD, Global Operations and Security Center Today's e-business depends on the security of its networks and information technology infrastructure to safeguard its customers and its profits. But with rapid innovation and the emergence of new threats and new countermeasures, keeping up with security is becoming more complex than ever. Securing E-Business Systems offers a new model for developing a proactive program of security administration that works as a continuous process of identifying weaknesses and implementing solutions. This book offers a real, working design for managing an IT security program with the attention it truly warrants, treating security as a constant function that adapts tomeet a company's changing security needs. Topics include: * Security weaknesses * Safeguarding technologies * Countermeasure best practices * Establishing an adaptable e-business security management program * Essential elements of a corporate security management program * Functions, structure, staffing, and contracting considerations in security management * Implementing intrusion detection technology * Designing tomorrow's e-business application for secured operations * Contemporary rationales for justifying increased spending on security programs * Emerging liability issues for e-businessesHinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
TIMOTHY BRAITHWAITE has spent more than fifteen years in senior security management positions and another twenty years in executive director positions for computer and communications services organizations in both the public and private sectors. He has also worked as a private consultant. Tim has previously published The Power of IT: Maximizing Your Technology Investments and Evaluating the Year 2000 Project: A Management Guide for Determining Reasonable Care.
Inhaltsangabe
Preface xiii Chapter 1 Electronic Business Systems Security 1 Introduction 1 How Is E-Business Security Defined? 2 Can E-Business Security Be Explained More Simply? 3 Is E-Business Security Really Such a Big Deal? 3 Is E-Business Security More Important Than Other Information Technology Initiatives? 4 How Does an Organization Get Started? 5 Instead of Playing "Catch-Up," What Should an Organization Be Doing to Design E-Business Systems That Are Secure in the First Place? 7 Chapter 2 E-Business Systems and Infrastructure Support Issues 8 Introduction 8 E-Business Defined 9 A Short History of E-Business Innovations 9 The Need for Secure E-Business Systems 14 Software: The Vulnerable Underbelly of Computing 17 The Interoperability Challenge and E-Business Success 20 E-Business Security: An Exercise in Trade-Offs 23 Few Systems Are Designed to Be Secure 25 Conclusion 26 Chapter 3 Security Weaknesses in E-Business Infrastructure and "Best Practices" Security 27 Introduction 27 Fundamental Technical Security Threats 28 The Guiding Principles of Protection 38 "Best Practice" Prevention, Detection, and Countermeasures and Recovery Techniques 47 Chapter 4 Managing E-Business Systems and Security 58 Introduction 58 Part One: Misconceptions and Questionable Assumptions 60 Part Two: Managing E-Business Systems as a Corporate Asset 69 Part Three: E-Business Security Program Management 97 Chapter 5 A "Just-in-Time" Strategy for Securing the E-Business System: The Role for Security Monitoring and Incident Response 129 The Current State of E-Business Security 130 Standard Requirements of an E-Business Security Strategy 132 A New Security Strategy 133 The Crucial Role of Security Monitoring and Incident Response to the Securing of E-Business Systems 134 The Current State of Intrusion Detection Systems (IDS) 134 Defining a Cost-Effective Security Monitoring and Incident Response Capability 137 Alternatives to Building "Your Own" Security Monitoring and Incident Response Capability 138 Summary 139 Chapter 6 Designing and Delivering Secured E-Business Application Systems 140 Introduction 140 Past Development Realities 145 Contemporary Development Realities 148 Developing Secured E-Business Systems 150 Using the SDR Framework 153 Choosing a Systems Development Methodology That Is Compatible with the SDR Framework 154 Participants in the Identification of Security and Integrity Controls 154 Importance of Automated Tools 162 A Cautionary Word About New Technologies 165 Summary and Conclusions 165 Chapter 7 Justifying E-Business Security and the Security Management Program 167 Introduction 167 The "Quantifiable" Argument 169 Emerging "Nonquantifiable" Arguments 170 Benefits Justifications Must Cover Security Program Administration 175 Conclusion 177 Chapter 8 Computers, Software, Security, and Issues of Liability 178 Evolving Theories of Responsibility 178 Likely Scenarios 179 How Might a Liability Case Unfold? 180 Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E-Business System 182 Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative 187 The Problem of Dependency 187 Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships 188 Frequently Asked Questions About the IT-ISAC 190 Critical Information Infrastructure Protection Issues that Need Resolution 192 Appendix A: Y2K Lessons Learned and Their Importance for E-Business Security 194 Appendix B: Systems Development Review Framework for E-Business Development Projects 208 Appendix C: A Corporate Plan of Action for Securing E-Business Systems (Sample) 229 Appendix D: E-Business Risk Management Review Model Instructions for Use 251 Appendix E: Resources Guide 262 Index 267
Preface xiii Chapter 1 Electronic Business Systems Security 1 Introduction 1 How Is E-Business Security Defined? 2 Can E-Business Security Be Explained More Simply? 3 Is E-Business Security Really Such a Big Deal? 3 Is E-Business Security More Important Than Other Information Technology Initiatives? 4 How Does an Organization Get Started? 5 Instead of Playing "Catch-Up," What Should an Organization Be Doing to Design E-Business Systems That Are Secure in the First Place? 7 Chapter 2 E-Business Systems and Infrastructure Support Issues 8 Introduction 8 E-Business Defined 9 A Short History of E-Business Innovations 9 The Need for Secure E-Business Systems 14 Software: The Vulnerable Underbelly of Computing 17 The Interoperability Challenge and E-Business Success 20 E-Business Security: An Exercise in Trade-Offs 23 Few Systems Are Designed to Be Secure 25 Conclusion 26 Chapter 3 Security Weaknesses in E-Business Infrastructure and "Best Practices" Security 27 Introduction 27 Fundamental Technical Security Threats 28 The Guiding Principles of Protection 38 "Best Practice" Prevention, Detection, and Countermeasures and Recovery Techniques 47 Chapter 4 Managing E-Business Systems and Security 58 Introduction 58 Part One: Misconceptions and Questionable Assumptions 60 Part Two: Managing E-Business Systems as a Corporate Asset 69 Part Three: E-Business Security Program Management 97 Chapter 5 A "Just-in-Time" Strategy for Securing the E-Business System: The Role for Security Monitoring and Incident Response 129 The Current State of E-Business Security 130 Standard Requirements of an E-Business Security Strategy 132 A New Security Strategy 133 The Crucial Role of Security Monitoring and Incident Response to the Securing of E-Business Systems 134 The Current State of Intrusion Detection Systems (IDS) 134 Defining a Cost-Effective Security Monitoring and Incident Response Capability 137 Alternatives to Building "Your Own" Security Monitoring and Incident Response Capability 138 Summary 139 Chapter 6 Designing and Delivering Secured E-Business Application Systems 140 Introduction 140 Past Development Realities 145 Contemporary Development Realities 148 Developing Secured E-Business Systems 150 Using the SDR Framework 153 Choosing a Systems Development Methodology That Is Compatible with the SDR Framework 154 Participants in the Identification of Security and Integrity Controls 154 Importance of Automated Tools 162 A Cautionary Word About New Technologies 165 Summary and Conclusions 165 Chapter 7 Justifying E-Business Security and the Security Management Program 167 Introduction 167 The "Quantifiable" Argument 169 Emerging "Nonquantifiable" Arguments 170 Benefits Justifications Must Cover Security Program Administration 175 Conclusion 177 Chapter 8 Computers, Software, Security, and Issues of Liability 178 Evolving Theories of Responsibility 178 Likely Scenarios 179 How Might a Liability Case Unfold? 180 Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E-Business System 182 Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative 187 The Problem of Dependency 187 Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships 188 Frequently Asked Questions About the IT-ISAC 190 Critical Information Infrastructure Protection Issues that Need Resolution 192 Appendix A: Y2K Lessons Learned and Their Importance for E-Business Security 194 Appendix B: Systems Development Review Framework for E-Business Development Projects 208 Appendix C: A Corporate Plan of Action for Securing E-Business Systems (Sample) 229 Appendix D: E-Business Risk Management Review Model Instructions for Use 251 Appendix E: Resources Guide 262 Index 267
Es gelten unsere Allgemeinen Geschäftsbedingungen: www.buecher.de/agb
Impressum
www.buecher.de ist ein Internetauftritt der buecher.de internetstores GmbH
Geschäftsführung: Monica Sawhney | Roland Kölbl | Günter Hilger
Sitz der Gesellschaft: Batheyer Straße 115 - 117, 58099 Hagen
Postanschrift: Bürgermeister-Wegele-Str. 12, 86167 Augsburg
Amtsgericht Hagen HRB 13257
Steuernummer: 321/5800/1497
USt-IdNr: DE450055826