|
| |
|
EBooks » Security
 The Business Case for Network Security: Advocacy, Governance, and ROI addresses the needs of networking professionals and business executives who seek to assess their organization’s risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board. Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow financial modeling exercises to be performed easily. An essential IT security-investing tool written from a business management perspective, The Business Case for Network Security: Advocacy, Governance, and ROI helps you determine the effective ROP for your business.  Here's the book you need to prepare for the CISSP exam from (ISC)2. Written by a team of experienced security experts who know exactly what it takes to pass the test, this Study Guide provides: Assessment testing to focus and direct your studies In-depth coverage of official test domains Hundreds of challenging practice questions in the book. Authoritative coverage of all test domains, including: Access Control Systems & Methodology Applications & Systems Development Business Continuity Planning Cryptography Law, Investigation & Ethics Operations Security Physical Security Security Architecture & Models Security Management Practices Telecommunications, Network & Internet Security.
Someone said they wanted a CISSP book.
 Penetration testing--in which professional, "white hat" hackers attempt to break through an organization's security defenses--has become a key defense weapon in today's information systems security arsenal. Through penetration testing, I.T. and security professionals can take action to prevent true "black hat" hackers from compromising systems and exploiting proprietary information. Hack I.T. introduces penetration testing and its vital role in an overall network security plan. You will learn about the roles and responsibilities of a penetration testing professional, the motivation and strategies of the underground hacking community, and potential system vulnerabilities, along with corresponding avenues of attack. Most importantly, the book provides a framework for performing penetration testing and offers step-by-step descriptions of each stage in the process. The latest information on the necessary hardware for performing penetration testing, as well as an extensive reference on the available security tools, is included. Comprehensive in scope Hack I.T. provides in one convenient resource the background, strategies, techniques, and tools you need to test and protect your system--before the real hackers attack. Specific topics covered in this book include: - Hacking myths
- Potential drawbacks of penetration testing
- Announced versus unannounced testing
- Application-level holes and defenses
- Penetration through the Internet, including zone transfer, sniffing, and port scanning
- War dialing
- Enumerating NT systems to expose security holes
- Social engineering methods
- Unix-specific vulnerabilities, such as RPC and buffer overflow attacks
- The Windows NT Resource kit
- Port scanners and discovery tools
- Sniffers and password crackers
- Web testing tools
- Remote control tools
- Firewalls and intrusion detection systems
- Numerous DoS attacks and tools
This offbeat, non-technical book looks at what hackers do, how they do it, and how you can protect yourself. The third edition of this bestseller adopts the same informative, irreverent, and entertaining style that made the first two editions a huge success. Thoroughly updated, this edition also covers rootkits, spyware, web bugs, identity theft, hacktivism, wireless hacking (wardriving), biometrics, and firewalls. By Wallace Wang
Publisher: No Starch Press
May 2003
ISBN: 1-59327-000-3
 Human factors and usability issues have traditionally played a limited role in security research and secure systems development. Security experts have largely ignored usability issues--both because they often failed to recognize the importance of human factors and because they lacked the expertise to address them.
But there is a growing recognition that today's security problems can be solved only by addressing issues of usability and human factors. Increasingly, well-publicized security breaches are attributed to human errors that might have been prevented through more usable software. Indeed, the world's future cyber-security depends upon the deployment of security technology that can be broadly used by untrained computer users.
Still, many people believe there is an inherent tradeoff between computer security and usability. It's true that a computer without passwords is usable, but not very secure. A computer that makes you authenticate every five minutes with a password and a fresh drop of blood might be very secure, but nobody would use it. Clearly, people need computers, and if they can't use one that's secure, they'll use one that isn't. Unfortunately, unsecured systems aren't usable for long, either. They get hacked, compromised, and otherwise rendered useless
|
| |
|
