To search this page, use Edit > Find / Replace in the toolbar or Control-F.
Offering the information you need to secure your information, systems, and sites, this online library contains the work of seasoned experts who discuss preferred software packages and models, as well as give step-by-step advice on how to maximize talent, processes, and resources to produce a positive bottom line.
 |
PKI is essential for Web services and secure electronic business transaction. Public Key Infrastructure: Building Trusted Applications and Web Services shows how to make advanced PKI technology successful in any organization. whether for internal security or Web services. It details how to develop advanced PKI technology online; lists available PKI software and its functionality; describes how to choose right operating system for PKI; dvaluates how other organizations made choices; walks through the steps of certificate management: requesting, obtaining, storing, using, and revoking a certificate; and looks into expectations for a Certificate Authority (CA) and what a CA will expect of you. | ||
 |
The Hacker's Handbook: The Strategy Behind Breaking Into and Defending Networks moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders. | ||
 |
The Practical Guide to HIPAA Privacy and Security Compliance is a one-stop resource for real-world HIPAA privacy and security advice that you can immediately apply to your organization's unique situation. This how-to reference explains what HIPAA is about, what it requires, and what you can do to achieve and maintain compliance. It describes the HIPAA Privacy and Security Rules and compliance tasks in easy-to-understand language, focusing not on technical jargon, but on what you need to do to meet requirements. | ||
 |
Strategic Information Security integrates the importance of sound security policy with the strategic goals of an organization. It provides IT professionals and management with insight into the issues surrounding the goals of protecting valuable information assets. This text reiterates that an effective information security program relies on more than policies or hardware and software, instead it hinges on having a mindset that security is a core part of the business and not just an afterthought. Armed with the content contained in this book, security specialists can redirect the discussion of security towards the terms and concepts that management understands. This increases the likelihood of obtaining the funding and managerial support that is needed to build and maintain airtight security programs. | ||
 |
Critical Incident Management presents an expert overview of the elements that organizations need to address in order to prepare for and respond to network and information security violations. Written in a concise, practical style that emphasizes key points, this guide focuses on the establishment of policies and actions that prevent the loss of critical information or damage to infrastructure.
Network Perimeter Security: Building Defense In-Depth reveals how you can evaluate the security needs of your network, develop a security policy for your company, and create a budget based upon that policy. It assists you in designing the security model, and outlines the testing process. Through the concepts and case studies presented in this book, you will learn to build a comprehensive perimeter defense architecture based upon multiple layers of protection, with expert recommendations for configuring firewalls, routers, intrusion detection system, and other security tools and network components. | |
The Investigator's Guide to Steganography provides a comprehensive look at this unique form of hidden communication from its earliest beginnings to its most modern uses. The book begins by exploring the past, providing valuable insight into how this method of communication began and evolved from ancient times to the present day. It continues with an in-depth look at the workings of digital steganography and watermarking methods, available tools on the Internet, and a review of companies who are providing cutting edge steganography and watermarking services. The third section builds on the first two by outlining and discussing real world uses of steganography from the business and entertainment to national security and terrorism. The book concludes by reviewing steganography detection methods and what can be expected in the future.
Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them. By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened, and avoid expensive and unnecessary purchases.
Securing Windows NT/2000: From Policies to Firewalls is a managerial guide and practical technical tutorial that provides viable security solutions for your organization. It presents in-depth knowledge on how, why, and where these operating systems must be tuned in order to use them securely to connect to the Internet. The book presents the steps required to define a corporate security policy, how to implement that policy, and how to structure the project plan. It also provides practical provides step-by-step instructions that guide you through performing a secure installation and in preparing the system for secure operation on the Internet using Check Point Firewall-1.
The Asset Protection and Security Management Handbook is a must for all professionals involved in the protection of assets. For those new to the security profession, the text covers the fundamental aspects of security and security management providing a firm foundation for advanced development. For the experienced security practitioner, it provides the tools necessary for developing effective solutions and responses to the growing number of challenges encountered by today's security professionals. Based on the ASIS asset protection course, the text provides information vital to security planning and operational requirements. It addresses the most commonly recognized issues in the field and explores the future of asset protection management.
Designed to be used by acquiring organizations, system integrators, manufacturers, and Common Criteria testing and certification labs, Using the Common Criteria for IT Security Evaluation explains how and why to use the Common Criteria during the acquisition, implementation or evaluation of an IT product, system, network, or services contract. The text describes the Common Criteria methodology; the major processes, steps, activities, concepts, terminology, and how the CC methodology is used throughout the life of a system. It illustrates how each category of user should
employ the methodology as well as their different roles and responsibilities.
The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques starts with a review of each of the ten domains and provides 25 sample questions with answers and references for each. It discusses successful approaches for preparing for the exam based on experiences of those who have recently passed the exam. It then provides two complete 250 questions practice exams with answers. Explanations are provided to clarify why the correct answers are correct, and why the incorrect answers are incorrect.
Intended for those interested in the construction and operation of an IA or Information Security (InfoSec) program, Building a Global Information Assurance Program describes the key building blocks of an IA development effort. The text presents a systems development life cycle (SDLC) methodology specifically tailored for an IA program. This process is a structured, cradle-to-grave approach to IA program development, from program planning and design to implementation, support, and phase out. It provides a proven series of steps and tasks that you can follow to build quality IA programs faster, at lower costs, and with less risk.
Privacy Papers: Managing Technology, Consumer, Employee, and Legislative Actions is a book for C-level executives, IT managers, HR managers, security officers, privacy officers, and legal professionals. It covers all aspects of technology and legislation that enable privacy and also those that place it at risk. This how-to guide presents sample policies for employee training, awareness, and acceptable use; covers why companies must protect data and how to do it; describes the technology that makes information more private; and lists and summarizes major federal and international privacy legislation.
Secure Internet Practices: Best Practices for Securing Systems in the Internet and e-Business Age
presents an overview of security programs, policies, goals, life cycle development issues, infrastructure, and architecture aimed at enabling readers to effectively implement security at their organization. In addition to discussing general issues and solutions, the book provides concrete examples and templates for crafting or revamping your security program in the form of an Enterprise-Wide Security Program Modal, and an Information Security Policy Framework. Although rich in technical expertise, this is not strictly a handbook of Internet technologies, but a guide that is equally useful to business, finance, and manufacturing.
Building an Information Security Awareness Program takes you step-by-step through the methodology for developing, distributing, and monitoring an information security awareness program. It includes detailed instructions on how to communicate the message and describes how to efficiently use outside sources to optimize the impact of a small staff. The author stresses the importance of security and the entire organizations' role and responsibility in protecting it. He also presents the material in a fashion that makes it easy for non-technical staff members to grasp the concepts.
A Practical Guide to Security Engineering and Information Assurance is a comprehensive, practical guide to security engineering this book provides insight into the broader realm of information assurance (IA). It explains real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system. The author provides step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations.
Securing e-Business Applications and Communications provides everything you need to know to build a secure E-Commerce web site from the ground up. Written with heterogeneous networks in mind, it includes implementation examples for Unix (Solaris and Linux), Windows NT 4.0, and Windows 2000. Numerous coding examples illustrate how to use the most current technologies from Microsoft, Sun, and others to support secure transactions. It also explores the most popular Web servers, the technologies that drive them, and a number of commercial utilities you can be use to manage them remotely.
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management covers writing policies, writing procedures, and writing standards, and how to integrate them into a comprehensive document for managing information security. Uses BS 7799 and ISO 17799 standards as the foundation for the content. Includes examples of existing documents and checklists to help the critique these documents.
A Technical Guide to IPSec Virtual Private Networks provides a technical explanation of a very complicated and misunderstood technology in terms that will allow the most novice of individuals to understand the inner workings of IPSec. It details the suite of IP Security protocols and their interaction with users, systems, and devices. It includes in-depth descriptions of the various IPSec communications and key management protocols that provide the foundation of secure communications. Includes multiple examples of implementations and real world experience and their comparison to the standards that make up IPSec.
Information Security Policies and Procedures: A Practitioner's Guide, Second Edition, developed by corporate information security guru Tom Peltier, and successfully implemented at numerous Fortune 500 companies, Information Security Policy and Procedures will substantially reduce the time and cost usually associated with developing corporate security policies and procedures. In an easy-to-use modular format, it supplies you with everything you need to produce a comprehensive set of policies and procedures, custom-tailored to your organization-quickly, cheaply, and without all the friction and frustration.
Effective Use of Teams in IT Audits, the latest supplement to Standard for Auditing Computer Applications, presents four approaches to ensure that you use teams effectively.
A Standard for Auditing Computer Applications is a step-by-step guide to auditing financial and operational applications systems for internal auditors.
Business Resumption Planning is a reference that answers to the most frequently asked questions about data center recovery, communications recovery, and general business operations recovery. Included with the handbook are complete forms and checklists on diskette that can be used to produce a detailed, custom disaster recovery plan.
Call Center Continuity Planning shows you how to plan for continuity through disasters large and small -- everything from power outages and hurricanes to unexpected peaks in inbound call volume that might threaten to swamp your call-takers.
