| | Copyright |
| | About Prentice Hall Professional Technical Reference |
| | Prologue |
| | | In the Beginning… |
|
| | Acknowledgments |
| | | To the Artists |
| | | To the Peer Reviewers |
| | | Special Thanks to: |
|
| | Chapter 1. Introduction |
| | | The Security Mind |
| | | Where Do We Start? |
| | | Where Does It End? |
|
| | Chapter 2. A New Look at Information Security |
| | | Security as an Art Form |
| | | What We Know About Security |
| | | Understanding the Fear Factor |
| | | How to Successfully Implement and Manage Security |
|
| | Chapter 3. The Four Virtues of Security |
| | | Introduction to the Virtues |
| | | The Virtue of Daily Consideration |
| | | The Virtue of Community Effort |
| | | The Virtue of Higher Focus |
| | | The Virtue of Education |
| | | Using These Virtues |
|
| | Chapter 4. The Eight Rules of Security (Components of All Security Decisions) |
| | | Introduction to the Rules |
| | | Rule of Least Privilege |
| | | Rule of Change |
| | | Rule of Trust |
| | | Rule of the Weakest Link |
| | | Rule of Separation |
| | | Rule of the Three-Fold Process |
| | | Rule of Preventative Action (Proactive Security) |
| | | Rule of Immediate and Proper Response |
| | | Incorporating the Rules |
|
| | Chapter 5. Developing a Higher Security Mind |
| | | The Art of Higher Security |
| | | Thinking in Zones |
| | | Creating Chokepoints |
| | | Layering Security |
| | | Working in Stillness |
| | | Understanding Relational Security |
| | | Understanding Secretless Security |
| | | Dividing Responsibilities |
| | | Failing Securely |
|
| | Chapter 6. Making Security Decisions |
| | | Using the Rules to Make a Decision |
| | | The Decision-Making Process |
| | | Example Decision |
|
| | Chapter 7. Know Thy Enemy and Know Thyself |
| | | Understanding the Modern Hacker |
| | | Where Modern Vulnerabilities Exist |
| | | Modern Targets |
| | | Modern Exploits |
| | | Neglecting the Rules: A Hacker's Tale |
| | | Creating Your Own Security Profile |
| | | Becoming Invisible to Your Enemies |
|
| | Chapter 8. Practical Security Assessments |
| | | The Importance of a Security Audit |
| | | Understanding Risks and Threats |
| | | The Traditional Security Assessment Model |
| | | The Relational Security Assessment Model |
| | | Relational Security Assessment Model: Risks |
| | | Relational Security Assessment Model: Controls |
| | | Relational Security Assessment Model: Tactical Audit PROCESS |
| | | Analytical Audit Measures |
| | | Additional Audit Considerations |
|
| | Chapter 9. The Security Staff |
| | | Building a Successful Security Team |
| | | Bringing in Security Consultants |
| | | Outsourcing Security Maintenance |
|
| | Chapter 10. Modern Considerations |
| | | Using Standard Defenses |
| | | Open Source vs. Closed Source Security |
| | | Wireless Networks |
| | | Encryption |
| | | Virtual Private Networking |
|
| | Chapter 11. The Rules in Practice |
| | | Practicing the Rules |
| | | Perimeter Defenses |
| | | Internal Defenses |
| | | Physical Defenses |
| | | Direct Object Defenses |
| | | Outbound Internet Access |
| | | Logging and Monitoring |
| | | Handling Authentication |
|
| | Chapter 12. Going Forward |
| | | The Future of Information Security |
|
| | Appendix A. Tips on Keeping Up-to-Date |
| | | Resources for Staying Informed About Important Security Issues |
| | | Resources for Finding Information on New Vulnerabilities, Threats, and Countermeasures |
|
| | Appendix B. Ideas for Training |
| | | 25-Minute Basic Security Awareness Class |
| | | 30-Minute Internet Security for End Users Class |
|
| | Appendix C. Additional Recommended Audit Practices |
| | | Recommended Desktop/Workstation Auditing Tasks |
| | | Recommended Perimeter Auditing Tasks |
| | | Recommended Internal Auditing Tasks |
| | | Recommended Physical Auditing Tasks |
| | | Recommended Controls for Risk Control Policies |
|
| | Appendix D. Recommended Reading |
| | Appendix E. The Hidden Statistics of Information Security |
| | | Looking Up the Crime Rate |
| | | The Hidden Statistics |
| | | A Closing Thought on Statistics |
|
| | Index |