Cargando…

Assessing information security : strategies, tactics, logic and framework /

Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they ar...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Vladimirov, Andrew A. (Autor), Gavrilenko, Konstantin (Autor), Michajlowski, Anej (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Ely, Cambridgeshire : IT Governance Publishing, 2014.
Edición:Second edition.
Temas:
Acceso en línea:Texto completo

MARC

LEADER 00000cam a2200000 i 4500
001 JSTOR_ocn905696121
003 OCoLC
005 20231005004200.0
006 m o d
007 cr cnu|||unuuu
008 150327s2014 enk ob 000 0 eng d
040 |a N$T  |b eng  |e rda  |e pn  |c N$T  |d N$T  |d JSTOR  |d OCLCF  |d EBLCP  |d COO  |d ICA  |d DEBSZ  |d AGLDB  |d LIV  |d MERUC  |d OCLCQ  |d IOG  |d OCLCO  |d OCLCA  |d OCLCQ  |d VTS  |d OCLCQ  |d LVT  |d STF  |d AU@  |d OCLCQ  |d K6U  |d OCLCO  |d OCLCQ  |d OCLCO 
019 |a 923547205  |a 923645871  |a 928193723  |a 929142793 
020 |a 9781849286008  |q (electronic bk.) 
020 |a 1849286000  |q (electronic bk.) 
020 |z 9781849285995 
029 1 |a DEBBG  |b BV043958780 
029 1 |a DEBSZ  |b 481289798 
035 |a (OCoLC)905696121  |z (OCoLC)923547205  |z (OCoLC)923645871  |z (OCoLC)928193723  |z (OCoLC)929142793 
037 |a 22573/ctt14gss9n  |b JSTOR 
050 4 |a QA76.9.A25  |b V53 2014 
072 7 |a COM  |x 060040  |2 bisacsh 
072 7 |a COM  |x 043050  |2 bisacsh 
072 7 |a COM  |x 053000  |2 bisacsh 
072 7 |a COM000000  |2 bisacsh 
072 7 |a COM053000  |2 bisacsh 
082 0 4 |a 005.8  |2 23 
049 |a UAMI 
100 1 |a Vladimirov, Andrew A.,  |e author. 
245 1 0 |a Assessing information security :  |b strategies, tactics, logic and framework /  |c A. Vladimirov, K. Gavrilenko, A. Michajlowski. 
250 |a Second edition. 
264 1 |a Ely, Cambridgeshire :  |b IT Governance Publishing,  |c 2014. 
300 |a 1 online resource (424 pages) 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
588 0 |a Vendor-supplied metadata. 
505 0 |a Cover -- Title -- Copyright -- Contents -- Introduction -- Chapter 1: Information Security Auditing and Strategy -- The mindsets of ignorance -- Defence-in-depth -- Compelling adversaries to adapt -- Chapter 2: Security Auditing, Governance, Policies and Compliance -- General security policy shortcomings -- Addressing security audits in policy statements -- The erroneous path to compliance -- Getting down to earth -- Chapter 3: Security Assessments Classification -- Black, grey and white box tests -- Assessments specialisations and actual scopes 
505 8 |a On technical information security assessmentsServer, client and network-centric tests -- IT security testing levels and target areas -- 'Idiosyncratic' technical security tests -- On non-technical information security audits -- Premises and physical security checks -- Social engineering tests -- Security documentation reviews -- Assessing security processes -- Chapter 4: Advanced Pre-Assessment Planning -- The four-stage framework -- Selecting the targets of assessment -- Evaluating what is on offer -- Professional certifications and education 
505 8 |a Publications and toolsThe auditor company history and size -- Dealing with common assessment emergencies -- Chapter 5: Security Audit Strategies and Tactics -- Centres of gravity and their types -- Identifying critical points -- The strategic exploitation cycle -- External technical assessment recon -- Social engineering recon -- Internal technical assessment recon -- Technical vulnerability discovery process -- A brief on human vulnerabilities -- The tactical exploitation cycle -- Front, flank, simple, complex -- The strategies of creating gaps 
505 8 |a Chapter 6: Synthetic Evaluation of RisksRisk, uncertainty and ugly Black Swans -- On suitable risk analysis methodologies -- On treatment of information security risks -- Relevant vulnerability categories -- Gauging attacker skill -- Weighting vulnerability impact -- Contemplating the vulnerability remedy -- Defining vulnerability risk level -- Risks faced by large components -- Compound risks, systempunkts and attacker logic -- Total risk summary utilisation and dissection -- Chapter 7: Presenting the Outcome and Follow-Up Acts -- The report audience and style 
505 8 |a The report summaryThe report interpretation chapter -- The bulk of the report -- Explaining the overall security state -- Elaborating on breakdown of risks -- Using vulnerability origin investigations -- Post-audit assistance and follow-up hurdles -- Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies -- Bad tactics and poor tests -- On the assessment team ordnance -- Of serpents and eagles -- ITG Resources 
520 |a Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that. 
504 |a Includes bibliographical references. 
590 |a JSTOR  |b Books at JSTOR All Purchased 
590 |a JSTOR  |b Books at JSTOR Demand Driven Acquisitions (DDA) 
590 |a JSTOR  |b Books at JSTOR Evidence Based Acquisitions 
650 0 |a Computer security. 
650 0 |a Information technology. 
650 2 |a Computer Security 
650 6 |a Sécurité informatique. 
650 6 |a Technologie de l'information. 
650 7 |a information technology.  |2 aat 
650 7 |a COMPUTERS  |x Internet  |x Security.  |2 bisacsh 
650 7 |a COMPUTERS  |x Networking  |x Security.  |2 bisacsh 
650 7 |a COMPUTERS  |x Security  |x General.  |2 bisacsh 
650 7 |a COMPUTERS  |x General.  |2 bisacsh 
650 7 |a Computer security  |2 fast 
650 7 |a Information technology  |2 fast 
700 1 |a Gavrilenko, Konstantin,  |e author. 
700 1 |a Michajlowski, Anej,  |e author. 
776 0 8 |i Print version:  |a Vladimirov, Andrew.  |t Assessing Information Security : Strategies, Tactics, Logic and Framewortk.  |d Cambridge : IT Governance Ltd, ©1900  |z 9781849285995 
856 4 0 |u https://jstor.uam.elogim.com/stable/10.2307/j.ctt14jxsjw  |z Texto completo 
938 |a ProQuest Ebook Central  |b EBLB  |n EBL3015820 
938 |a EBSCOhost  |b EBSC  |n 957891 
994 |a 92  |b IZTAP