Coverart for item
The Resource Security Planning : An Applied Approach

Security Planning : An Applied Approach

Label
Security Planning : An Applied Approach
Title
Security Planning
Title remainder
An Applied Approach
Creator
Subject
Language
eng
Summary
This book guides readers through building an IT security plan. Offering a template, it helps readers to prioritize risks, conform to regulation, plan their defense and secure proprietary/confidential information. The process is documented in the supplemental online security workbook. Security Planning is designed for the busy IT practitioner, who does not have time to become a security expert, but needs a security plan now. It also serves to educate the reader of a broader set of concepts related to the security environment through the Introductory Concepts and Advanced sections. The book serves entry level cyber-security courses through those in advanced security planning. Exercises range from easier questions to the challenging case study. This is the first text with an optional semester-long case study: Students plan security for a doctor's office, which must adhere to HIPAA regulation. For software engineering-oriented students, a chapter on secure software development introduces security extensions to UML and use cases (with case study). The text also adopts the NSA's Center of Academic Excellence (CAE) revamped 2014 plan, addressing five mandatory and 15 Optional Knowledge Units, as well as many ACM Information Assurance and Security core and elective requirements for Computer Science
Cataloging source
MiAaPQ
Literary form
non fiction
Nature of contents
dictionaries
Security Planning : An Applied Approach
Label
Security Planning : An Applied Approach
Link
http://libproxy.rpi.edu/login?url=https://ebookcentral.proquest.com/lib/rpi/detail.action?docID=2094468
Publication
Copyright
Related Contributor
Related Location
Related Agents
Related Authorities
Related Subjects
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Color
multicolored
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Contents
  • Preface: How to Use This Book -- To the Security Instructor -- Addressing Educational Criteria -- Acknowledgments and Disclaimers -- Contents -- Part I: The Problem of Security -- Chapter 1: Security Awareness: Brave New World -- 1.1 With Security, Every Person Counts -- 1.2 Protecting Yourself -- 1.3 Criminal Attacks to an Organization -- 1.4 Questions -- References -- Chapter 2: Combatting Fraud -- 2.1 Internal Fraud -- 2.1.1 Defenses Against Internal Fraud -- 2.1.2 Recognizing Fraud -- 2.2 External Fraud -- 2.2.1 Identity Theft -- 2.2.2 Social Engineering -- 2.2.3 Receipt, Check, and Money Order Scams -- 2.3 Developing an Action Plan -- 2.4 Advanced: A Fraud Investigation -- 2.5 Questions and Problems -- 2.5.1 Health First Case Study Problems -- References -- Chapter 3: Complying with Security Regulation and Standards -- 3.1 Security Laws Affecting U.S. Organizations -- 3.1.1 State Breach Notification Laws, 2003 and Later -- 3.1.2 HIPAA/HITECH Act, 1996, 2009 -- 3.1.3 Sarbanes-Oxley Act (SOX), 2002 -- 3.1.4 Gramm-Leach-Bliley Act (GLB), 1999 -- 3.1.5 Identity Theft Red Flags Rule, 2007 -- 3.1.6 Family Educational Rights and Privacy Act (FERPA), 1974, and Other Child Protection Laws -- 3.1.6.1 Children's Online Privacy Protection Act (COPPA), 1998 -- 3.1.6.2 Children's Internet Protection Act (CIPA), 2000 -- 3.1.7 Federal Information Security Management Act (FISMA), 2002 -- 3.2 Security Industry Standards -- 3.2.1 Payment Card Industry Data Security Standard (PCI DSS) -- 3.3 Computer Abuse Laws -- 3.4 Final Considerations -- 3.5 Advanced: Understanding the Context of Law -- 3.6 Questions and Problems -- References -- Part II: Strategic Security Planning -- Chapter 4: Managing Risk -- 4.1 Risk Management Overview -- 4.1.1 Assessing Risk -- 4.2 The Ethics of Risk -- 4.3 Advanced: Financial Analysis with Business Risk
  • 4.4 Advanced: Risk for Larger Organizations -- 4.5 Questions and Problems -- 4.5.1 Health First Case Study Problems -- References -- Chapter 5: Addressing Business Impact Analysis and Business Continuity -- 5.1 Analyzing Business Impact -- 5.2 Planning for Business Continuity -- 5.2.1 Recovery Sites -- 5.2.2 High-Availability Solutions -- 5.2.3 Cloud Services -- 5.3 Disk Backup and Recovery -- 5.4 Preparing for IT Disaster Recovery -- 5.5 Advanced: Business Continuity for Mature Organizations -- 5.6 Advanced: Considering Big Data Distributed File Systems -- 5.7 Questions -- 5.7.1 Health First Case Study Problems -- References -- Chapter 6: Governing: Policy, Maturity Models and Planning -- 6.1 Documenting Security: Policies, Standards, Procedures and Guidelines -- 6.2 Maturing the Organization via Capability Maturity Models and COBIT -- 6.3 Strategic, Tactical and Operational Planning -- 6.4 Allocating Security Roles and Responsibilities -- 6.5 Questions -- 6.5.1 Health First Case Study Problems -- References -- Part III: Tactical Security Planning -- III.1 Important Tactical Concepts -- Chapter 7: Designing Information Security -- 7.1 Important Concepts and Roles -- 7.2 Design: Classifying Data for CIA -- 7.3 Selecting Technology and Implementation Options -- 7.3.1 Authentication: Login or Identification -- 7.3.1.1 Biometric Systems -- 7.3.2 Access Control: Permissions -- 7.3.3 Logs: Accountability -- 7.4 Audit -- 7.5 Advanced: Administration of Information Security -- 7.6 Advanced: Designing Specialized Information Security -- 7.6.1 Big Data: Data Warehouses -- 7.6.2 Designing Highly Secure Environments -- 7.6.2.1 Bell and La Padula Model (BLP) -- 7.7 Questions -- 7.7.1 Health First Case Study Problems -- References -- Chapter 8: Planning for Network Security -- 8.1 Important Concepts -- 8.1.1 How Crackers Attack
  • 8.1.2 Filtering Packets to Restrict Network Access -- 8.2 Defining Network Services -- 8.2.1 Step 1: Determine Services: What, Who, Where? -- 8.2.2 Step 2: Determine Sensitivity of Services -- 8.2.3 Step 3: Allocate Network Zones -- 8.2.4 Step 4: Define Controls -- 8.3 Defining Controls -- 8.3.1 Confidentiality Controls -- 8.3.2 Authenticity and Non-repudiation -- 8.3.3 Integrity Controls -- 8.3.4 Anti-hacker Controls -- 8.4 Defining the Network Architecture -- 8.4.1 Step 5: Draw the Network Diagram -- 8.5 Advanced: How It Works -- 8.6 Questions -- 8.6.1 Health First Case Study Problems -- References -- Chapter 9: Designing Physical Security -- 9.1 Selecting Availability Controls -- 9.2 Selecting Confidentiality/Integrity Controls -- 9.2.1 Building Entry Controls -- 9.2.2 Room Entry Controls -- 9.2.3 Computer and Document Access Control -- 9.2.4 The Public Uses Computers -- 9.2.5 The Public and Point of Sales Devices -- 9.3 Questions and Problems -- 9.3.1 Health First Case Study Problems -- References -- Chapter 10: Organizing Personnel Security -- 10.1 Controlling Employee Threats -- 10.1.1 Preventive Controls -- 10.1.2 Detective (and Deterrence) Controls -- 10.1.3 Corrective Controls -- 10.2 Training for Security -- 10.3 Tools to Manage Security -- 10.3.1 Configuration Management and Change Control -- 10.3.2 Service Level Agreements -- 10.4 Questions and Problems -- 10.4.1 Health First Case Study Problems -- References -- Chapter 11: Planning for Incident Response -- 11.1 Important Statistics and Concepts -- 11.2 Developing an Incident Response Plan -- 11.2.1 Preparation Stage -- 11.2.2 Identification Stage -- 11.2.3 Containment and Escalation Stage -- 11.2.4 Analysis and Eradication Stage -- 11.2.5 Notification and Ex-Post Response Stages -- 11.2.6 Recovery and Lessons Learned Stages -- 11.3 Preparing for Incident Response
  • 11.4 Advanced: Computer Investigation and Forensics -- 11.4.1 The Judicial Procedure -- 11.5 Questions and Problems -- 11.5.1 Health First Case Study Problems -- References -- Part IV: Measure, Test and Audit -- Chapter 12: Defining Security Metrics -- 12.1 Considering Business-Driven Metrics -- 12.2 Implementing Technology-Driven Metrics -- 12.3 Questions and Problems -- 12.3.1 Health First Case Study Problems -- References -- Chapter 13: Performing an Audit or Security Test -- 13.1 Testing Internally and Simple Audits -- 13.1.1 Gathering Information, Planning the Audit -- 13.1.2 Reviewing Internal Controls -- 13.1.3 Performing Compliance and Substantive Tests -- 13.1.4 Preparing and Presenting the Report -- 13.2 Example: PCI DSS Audits and Report on Compliance -- 13.3 Professional and External Auditing -- 13.3.1 Audit Resources -- 13.3.2 Sampling -- 13.3.3 Evidence and Conclusions -- 13.3.4 Variations in Audit Types -- 13.4 Questions and Problems -- 13.4.1 Health First Case Study Problems -- References -- Chapter 14: Complying with HIPAA and HITECH -- 14.1 Introduction and Vocabulary -- 14.2 HITECH Breach Notification -- 14.3 HIPAA Privacy Rule -- 14.3.1 Patient Rights -- 14.3.2 Disclosures -- 14.4 HIPAA Security Rule -- 14.4.1 Administrative Requirements -- 14.4.2 Physical Security -- 14.4.3 Technical Controls -- 14.5 Questions and Problems -- 14.5.1 Health First Case Study Problems -- References -- Chapter 15: Developing Secure Software -- 15.1 Important Concepts: Attacks to Software -- 15.1.1 Service Oriented Architectures and the Web -- 15.2 Requirements -- 15.2.1 Specify Reliability -- 15.3 Analysis/Design -- 15.3.1 Static Model -- 15.3.2 Dynamic Model -- 15.4 Coding -- 15.4.1 Sanitize Input and Output! -- 15.4.2 Never Expose Internal Data Structures -- 15.4.3 Minimize Access -- 15.4.4 Use Tried-and-True Security Algorithms
  • 15.4.5 Validate and Control the Configuration -- 15.4.6 Managing Exceptions -- 15.4.7 Use Safe Coding Practices -- 15.5 Testing -- 15.5.1 Testing Websites -- 15.6 Deployment, Operations, Maintenance and Disposal -- 15.7 Secure Development Life Cycle -- 15.8 Secure Agile Development -- 15.9 Questions and Problems -- 15.9.1 Health First Case Study Problems -- References
http://library.link/vocab/cover_art
https://contentcafe2.btol.com/ContentCafe/Jacket.aspx?Return=1&Type=S&Value=9783319160276&userID=ebsco-test&password=ebsco-test
Dimensions
unknown
http://library.link/vocab/discovery_link
{'f': 'http://opac.lib.rpi.edu/record=b4383019'}
Extent
1 online resource (294 pages)
Form of item
online
Isbn
9783319160276
Media category
computer
Media MARC source
rdamedia
Media type code
c
Sound
unknown sound
Specific material designation
remote

Library Locations

    • Folsom LibraryBorrow it
      110 8th St, Troy, NY, 12180, US
      42.729766 -73.682577
Processing Feedback ...