Table of content | Inside the Security Mind: Making the Tough Decisions



•	Table of Contents
•	Index

Inside the Security Mind: Making the Tough Decisions
By Kevin Day

Publisher	: Prentice Hall PTR
Pub Date	: February 20, 2003
ISBN	: 0-13-111829-3
Pages	: 336

About Prentice Hall Professional Technical Reference

Prologue

In the Beginning…

Acknowledgments

To the Artists

To the Peer Reviewers

Special Thanks to:

Chapter 1. Introduction

The Security Mind

Where Do We Start?

Where Does It End?

Chapter 2. A New Look at Information Security

Security as an Art Form

What We Know About Security

Understanding the Fear Factor

How to Successfully Implement and Manage Security

Chapter 3. The Four Virtues of Security

Introduction to the Virtues

The Virtue of Daily Consideration

The Virtue of Community Effort

The Virtue of Higher Focus

The Virtue of Education

Using These Virtues

Chapter 4. The Eight Rules of Security (Components of All Security Decisions)

Introduction to the Rules

Rule of Least Privilege

Rule of Change

Rule of Trust

Rule of the Weakest Link

Rule of Separation

Rule of the Three-Fold Process

Rule of Preventative Action (Proactive Security)

Rule of Immediate and Proper Response

Incorporating the Rules

Chapter 5. Developing a Higher Security Mind

The Art of Higher Security

Thinking in Zones

Creating Chokepoints

Layering Security

Working in Stillness

Understanding Relational Security

Understanding Secretless Security

Dividing Responsibilities

Failing Securely

Chapter 6. Making Security Decisions

Using the Rules to Make a Decision

The Decision-Making Process

Example Decision

Chapter 7. Know Thy Enemy and Know Thyself

Understanding the Modern Hacker

Where Modern Vulnerabilities Exist

Modern Targets

Modern Exploits

Neglecting the Rules: A Hacker's Tale

Creating Your Own Security Profile

Becoming Invisible to Your Enemies

Chapter 8. Practical Security Assessments

The Importance of a Security Audit

Understanding Risks and Threats

The Traditional Security Assessment Model

The Relational Security Assessment Model

Relational Security Assessment Model: Risks

Relational Security Assessment Model: Controls

Relational Security Assessment Model: Tactical Audit PROCESS

Analytical Audit Measures

Additional Audit Considerations

Chapter 9. The Security Staff

Building a Successful Security Team

Bringing in Security Consultants

Outsourcing Security Maintenance

Chapter 10. Modern Considerations

Using Standard Defenses

Open Source vs. Closed Source Security

Wireless Networks

Encryption

Virtual Private Networking

Chapter 11. The Rules in Practice

Practicing the Rules

Perimeter Defenses

Internal Defenses

Physical Defenses

Direct Object Defenses

Outbound Internet Access

Logging and Monitoring

Handling Authentication

Chapter 12. Going Forward

The Future of Information Security

Appendix A. Tips on Keeping Up-to-Date

Resources for Staying Informed About Important Security Issues

Resources for Finding Information on New Vulnerabilities, Threats, and Countermeasures

Appendix B. Ideas for Training

25-Minute Basic Security Awareness Class

30-Minute Internet Security for End Users Class

Appendix C. Additional Recommended Audit Practices

Recommended Desktop/Workstation Auditing Tasks

Recommended Perimeter Auditing Tasks

Recommended Internal Auditing Tasks

Recommended Physical Auditing Tasks

Recommended Controls for Risk Control Policies

Appendix D. Recommended Reading

Appendix E. The Hidden Statistics of Information Security

Looking Up the Crime Rate

The Hidden Statistics

A Closing Thought on Statistics

Index