Assessing Information Security : Strategies, Tactics, Logic and Framewortk
Andrew. Vladimirov
Bok Engelsk 2015 · Electronic books.
| Utgitt | Ely : : IT Governance Ltd, , 2015.
|
|---|---|
| Omfang | 1 online resource (424 p.)
|
| Utgave | 2nd ed.
|
| Opplysninger | Description based upon print version of record.. - Cover; Title; Copyright; Contents; Introduction; Chapter 1: Information Security Auditing and Strategy; The mindsets of ignorance; Defence-in-depth; Compelling adversaries to adapt; Chapter 2: Security Auditing, Governance, Policies and Compliance; General security policy shortcomings; Addressing security audits in policy statements; The erroneous path to compliance; Getting down to earth; Chapter 3: Security Assessments Classification; Black, grey and white box tests; Assessments specialisations and actual scopes; On technical information security assessments. - Chapter 5: Security Audit Strategies and TacticsCentres of gravity and their types; Identifying critical points; The strategic exploitation cycle; External technical assessment recon; Social engineering recon; Internal technical assessment recon; Technical vulnerability discovery process; A brief on human vulnerabilities; The tactical exploitation cycle; Front, flank, simple, complex; The strategies of creating gaps; Chapter 6: Synthetic Evaluation of Risks; Risk, uncertainty and ugly Black Swans; On suitable risk analysis methodologies; On treatment of information security risks. - Post-audit assistance and follow-up hurdlesChapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies; Bad tactics and poor tests; On the assessment team ordnance; Of serpents and eagles; ITG Resources. - Relevant vulnerability categoriesGauging attacker skill; Weighting vulnerability impact; Contemplating the vulnerability remedy; Defining vulnerability risk level; Risks faced by large components; Compound risks, systempunkts and attacker logic; Total risk summary utilisation and dissection; Chapter 7: Presenting the Outcome and Follow-Up Acts; The report audience and style; The report summary; The report interpretation chapter; The bulk of the report; Explaining the overall security state; Elaborating on breakdown of risks; Using vulnerability origin investigations. - Server, client and network-centric testsIT security testing levels and target areas; 'Idiosyncratic' technical security tests; On non-technical information security audits; Premises and physical security checks; Social engineering tests; Security documentation reviews; Assessing security processes; Chapter 4: Advanced Pre-Assessment Planning; The four-stage framework; Selecting the targets of assessment; Evaluating what is on offer; Professional certifications and education; Publications and tools; The auditor company history and size; Dealing with common assessment emergencies. - Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2013. The authors explain how to use principles of military strategy to defend against cyber attacks, enabling organisations to have a more structured response to malicious intrusions. It explains the priorities for robust cyber security, helping readers to decide which security measures will be the most effective, ultimately helping them to integrate cyber security into your organisation's normal o
|
| Emner | |
| Sjanger | |
| Dewey | |
| ISBN | 1-84928-600-0
|
