Inside Network Security Assessment: Guarding Your IT Infrastructure

ISBN: 0672328097
EAN: 2147483647

Year: 2003
Pages: 138

Authors: Michael Gregg, David Kim

BUY ON AMAZON

Introduction to Assessing Network Vulnerabilities

• Introduction to Assessing Network Vulnerabilities
• What Security Is and Isnt
• Process for Assessing Risk
• Four Ways in Which You Can Respond to Risk
• Network Vulnerability Assessment

Foundations and Principles of Security

• Foundations and Principles of Security
• Basic Security Principles
• Security Requires Information Classification
• The Policy Framework
• The Role Authentication, Authorization, and Accountability Play in a Secure Organization
• Encryption
• Security and the Employee (Social Engineering)

Why Risk Assessment

• Why Risk Assessment
• Risk Terminology
• Laws, Mandates, and Regulations
• Risk Assessment Best Practices
• Understanding the IT Security Process
• The Goals and Objectives of a Risk Assessment

Risk-Assessment Methodologies

• Risk-Assessment Methodologies
• Risk-Assessment Terminology
• Quantitative and Qualitative Risk-Assessment Approaches
• Best Practices for Quantitative and Qualitative Risk Assessment
• Choosing the Best Risk-Assessment Approach
• Common Risk-Assessment Methodologies and Templates

Scoping the Project

• Scoping the Project
• Defining the Scope of the Assessment
• Reviewing Critical Systems and Information
• Compiling the Needed Documentation
• Making Sure You Are Ready to Begin

Understanding the Attacker

• Understanding the Attacker
• Who Are the Attackers?
• What Do Attackers Do?
• Reducing the Risk of an Attack
• How to Respond to an Attack

Performing the Assessment

• Performing the Assessment
• Introducing the Assessment Process
• Level I Assessments
• Level II Assessments
• Level III Assessments

Tools Used for Assessments and Evaluations

• Tools Used for Assessments and Evaluations
• A Brief History of Security Tools
• Putting Together a Toolkit
• Determining What Tools to Use

Preparing the Final Report

• Preparing the Final Report
• Preparing for Analysis
• Ranking Your Findings
• Building the Final Report
• Contents of a Good Report
• Determining the Next Step
• Audit and Compliance

Post-Assessment Activities

• Post-Assessment Activities
• IT Security Architecture and Framework
• Roles, Responsibilities, and Accountabilities
• Security Incident Response Team (SIRT)
• Vulnerability Management
• Training IT Staff and End Users

Appendix A. Security Assessment Resources

• Security Standards
• General Security Websites
• Security Tool Websites

Appendix B. Security Assessment Forms

• Information Request Form
• Document Tracking Form
• Critical Systems and Information Forms
• Level II Assessment Forms

Appendix C. Security Assessment Sample Report

• Appendix C. Security Assessment Sample Report
• Notice
• Executive Summary
• Statement of Work
• Analysis
• Recommendations
• Conclusions

Appendix D. Dealing with Consultants and Outside Vendors

• Appendix D. Dealing with Consultants and Outside Vendors
• Procurement Terminology
• Typical RFP Procurement Steps
• Procurement Best Practices

Appendix E. SIRT Team Report Format Template

• Appendix E. SIRT Team Report Format Template
• SIRT Incident Report