Timothy Braithwaite

Securing E-Business

• Gebundenes Buch

Produktbeschreibung

The essential guide to e-business security for managers and IT professionals
Securing E-Business Systems provides business managers and executives with an overview of the components of an effective e-business infrastructure, the areas of greatest risk, and best practices safeguards. It outlines a security strategy that allows the identification of new vulnerabilities, assists in rapid safeguard deployment, and provides for continuous safeguard evaluation and modification. The book thoroughly outlines a proactive and evolving security strategy and provides a methodology for ensuring that applications are designed with security in mind. It discusses emerging liabilities issues and includes security best practices, guidelines, and sample policies. This is the bible of e-business security.
Timothy Braithwaite (Columbus, MD) is Deputy Director of Information Assurance Programs for Titan Corporation. He has managed data centers, software projects, systems planning, and budgeting organizations, and has extensive experience in project and acquisition management. He is also the author of Y2K Lessons Learned (Wiley: 0-471-37308-7).

Produktdetails

• Verlag: Wiley & Sons
• 1. Auflage
• Seitenzahl: 288
• Erscheinungstermin: 17. April 2002
• Englisch
• Abmessung: 240mm x 161mm x 20mm
• Gewicht: 584g
• ISBN-13: 9780471072980
• ISBN-10: 0471072982
• Artikelnr.: 10531273

Autorenporträt

TIMOTHY BRAITHWAITE has spent more than fifteen years in senior security management positions and another twenty years in executive director positions for computer and communications services organizations in both the public and private sectors. He has also worked as a private consultant. Tim has previously published The Power of IT: Maximizing Your Technology Investments and Evaluating the Year 2000 Project: A Management Guide for Determining Reasonable Care (Wiley).

Inhaltsangabe

Preface. Chapter 1 Electronic Business Systems Security. Introduction. How
Is E-Business Security Defined? Can E-Business Security Be Explained More
Simply? Is E-Business Security Really Such a Big Deal? Is E-Business
Security More Important Than Other Information Technology Initiatives? How
Does an Organization Get Started? Instead of Playing "Catch-Up," What
Should an Organization Be Doing to Design E-Business Systems That Are
Secure in the First Place? Chapter 2 E-Business Systems and Infrastructure
Support Issues. Introduction. E-Business Defined. A Short History of
E-Business Innovations. The Need for Secure E-Business Systems. Software:
The Vulnerable Underbelly of Computing. The Interoperability Challenge and
E-Business Success. E-Business Security: An Exercise in Trade-Offs. Few
Systems Are Designed to Be Secure. Conclusion. Chapter 3 Security
Weaknesses in E-Business Infrastructure and "Best Practices" Security.
Introduction. Fundamental Technical Security Threats. The Guiding
Principles of Protection. "Best Practice" Prevention, Detection, and
Countermeasures and Recovery Techniques. x Chapter 4 Managing E-Business
Systems and Security. Introduction. Part One: Misconceptions and
Questionable Assumptions. Part Two: Managing E-Business Systems as a
Corporate Asset. Part Three: E-Business Security Program Management.
Chapter 5 A "Just-in-Time" Strategy for Securing the E-Business System: The
Role for Security Monitoring and Incident Response. The Current State of
E-Business Security. Standard Requirements of an E-Business Security
Strategy. A New Security Strategy. The Crucial Role of Security Monitoring
and Incident Response to the Securing of E-Business Systems. The Current
State of Intrusion Detection Systems (IDS). Defining a Cost-Effective
Security Monitoring and Incident Response Capability. Alternatives to
Building "Your Own" Security Monitoring and Incident Response Capability.
Summary. Chapter 6 Designing and Delivering Secured E-Business Application
Systems. Introduction. Past Development Realities. Contemporary Development
Realities. Developing Secured E-Business Systems. Using the SDR Framework.
Choosing a Systems Development Methodology That Is Compatible with the SDR
Framework. Participants in the Identification of Security and Integrity
Controls. Importance of Automated Tools. A Cautionary Word About New
Technologies. Summary and Conclusions. Chapter 7 Justifying E-Business
Security and the Security Management Program. Introduction. The
"Quantifiable" Argument. Emerging "Nonquantifiable" Arguments. Benefits
Justifications Must Cover Security Program Administration. Conclusion.
Chapter 8 Computers, Software, Security, and Issues of Liability. Evolving
Theories of Responsibility. Likely Scenarios. How Might a Liability Case
Unfold? Questions to Be Asked to Ensure That Reasonable Care Has Been Taken
in Developing a Secure E-Business System. Chapter 9 The National Critical
Infrastructure Protection (CIP) Initiative. The Problem of Dependency.
Critical Infrastructure Protection (CIP) Purpose, Directives,
Organizations, and Relationships. Frequently Asked Questions About the
IT-ISAC. Critical Information Infrastructure Protection Issues that Need
Resolution. Appendix A: Y2K Lessons Learned and Their Importance for
E-Business Security. Appendix B: Systems Development Review Framework for
E-Business Development Projects. Appendix C: A Corporate Plan of Action for
Securing E-Business Systems (Sample). Appendix D: E-Business Risk
Management Review Model Instructions for Use. Appendix E: Resources Guide.
Index.

Rezensionen

"...to be recommended as a as an IT security handbook..." (Information Age, August 2002)

"...covers the full gamut of security threats..." (Infoconomy, 5 September 2002)

"...a timely and valuable introduction to the fourth generation of cellular networks...(Infoconomy, 1 August 2002)