Cargando…

Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures /

Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider.

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Contos, Brian T.
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Rockland, Mass. : Syngress, �2006.
Temas:
Acceso en línea:Texto completo
Tabla de Contenidos:
  • Part I: Background on Cyber Crime, Insider Threats, and ESM
  • Chapter One: Cyber Crime and Cyber Criminals
  • About this Chapter
  • Computer Dependence and Internet Growth
  • The Shrinking Vulnerability Threat Window
  • Motivations for Cyber Criminal Activity
  • o Black Markets
  • Hacker
  • Script Kiddies
  • Solitary Cyber Criminals and Exploit Writers for Hire
  • Organized Crime
  • Identity Thieves (Impersonation Fraudsters)
  • Competitors
  • Activist Groups, Nation-State Threats, and Terrorists
  • Activists
  • Nation-State Threats
  • o China
  • o France
  • o Russia
  • o United Kingdom
  • o United States
  • Terrorists
  • Insiders
  • Tools of the Trade
  • o Application-Layer Exploits
  • o Botnets
  • o Buffer Overflows
  • o Code Packing
  • o Denial-of-service (DoS) Attacks
  • o More Aggressive and Sophisticated Malware
  • o Non-wired Attacks and Mobile Devices
  • o Password-cracking
  • o Phishing
  • o Reconnaissance and Googledorks
  • o Rootkits and Keyloggers
  • o Social Engineering Attacks
  • o Voice over IP (VoIP) Attacks
  • o Zero-Day Exploits
  • Summary Points
  • Chapter Two: Insider Threats
  • Understanding Who the Insider Is
  • Psychology of Insider Identification
  • Insider Threat Examples from the Media
  • Insider Threats from a Human Perspective
  • o A Word on Policies
  • Insider Threats from a Business Perspective
  • o Risk
  • Insider Threats from a Technical Perspective
  • o Need-to-know
  • o Least Privileges
  • o Separation of Duties
  • o Strong Authentication
  • o Access Controls
  • o Incident Detection and Incident Management
  • Summary Points
  • Chapter Three: Enterprise Security Management (ESM)
  • ESM in a Nutshell
  • Key ESM Feature Requirements
  • o Event Collection
  • o Normalization
  • o Categorization
  • o Asset Information
  • o Vulnerability Information
  • o Zoning and Global Positioning System Data
  • o Active Lists
  • o Actors
  • o Data Content
  • o Correlation
  • o Prioritization
  • o Event and Response Time Reduction
  • o Anomaly Detection
  • o Pattern Discovery
  • o Alerting
  • o Case Management
  • o Real-Time Analysis and Forensic Investigation
  • o Visualization
  • o High-level Dashboards
  • o Detailed Visualization
  • o Reporting
  • o Remediation
  • Return On Investment (ROI) and Return On Security Investment (ROSI)
  • Alternatives to ESM
  • o Do Nothing
  • o Custom In-house Solutions
  • o Outsourcing and Co-sourcing
  • ? Co-sourcing examples:
  • Summary Points
  • Part II: Real Life Case Studies
  • Chapter Four: Imbalanced SecurityA Singaporean Data Center
  • Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization
  • Chapter Six: Insider with a ConscienceAn Austrian Retailer
  • Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S.
  • Chapter Eight: Outbreak from WithinA Financial Organization in the U.K.
  • Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil
  • Chapter Ten: Rapid RemediationA University in the United States
  • Chapter Eleven: Suspicious ActivityA Consulting Company in Spain
  • Chapter Twelve: Insiders Abridged
  • Malicious use of Medical Records
  • Hosting Pirated Software
  • Pod-Slurping
  • Auctioning State Property
  • Writing Code for another Company
  • Outsourced Insiders
  • Smuggling Gold in Rattus Norvegicus
  • Part III: The Extensibility of ESM
  • Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM
  • Disclaimer
  • Monitoring and disclosure
  • Provider Protection Exception
  • Consent Exception
  • Computer Trespasser Exception
  • Court Order Exception
  • Best Practices
  • Canadian Best Evidence Rule
  • Summary Points
  • Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM
  • A Primer on Sarbanes-Oxley
  • Section 302: Corporate Responsibility for Financial Reports
  • Section 404: Management Assessment of Internal Controls
  • Separation of Duties
  • Monitoring Interaction with Financial Processes
  • Detecting Changes in Controls over Financial Systems
  • Section 409: Real-time Issuer Disclosures
  • Summary Points
  • Chapter Fifteen: Incident Management with ESM
  • Incident Management Basics
  • Improved Risk Management
  • Improved Compliance
  • Reduced Costs
  • Current Challenges
  • o Process
  • o Organization
  • o Technology
  • Building an Incident Management Program
  • o Defining Risk
  • Five Steps to Risk Definition for Incident Management
  • o Process
  • o Training
  • o Stakeholder Involvement
  • o Remediation
  • o Documentation
  • Reporting and Metrics
  • Summary Points
  • Chapter Sixteen: Insider Threat Questions and Answers
  • Introduction
  • Insider Threat Recap
  • Question One
  • Employees
  • o The Hiring Process
  • o Reviews
  • o Awareness
  • o NIST 800-50
  • o Policies
  • o Standards
  • o Security Memorandum Example
  • Question Two
  • Prevention
  • Question Three Asset Inventories
  • Question Four Log Collection
  • o Security Application Logs
  • o Operating System Log
  • o Web Server Logs
  • o NIST 800-92
  • Question Five Log Analysis
  • Question Six
  • Specialized Insider Content
  • Question Seven Physical and Logical Security Convergence
  • Question Eight IT Governance
  • o NIST 800-53
  • o Network Account Deletion maps to NIST 800-53 section AC-2
  • o Vulnerability Scanning maps to NIST 800-53 section RA-5
  • o Asset Creation maps to NIST 800-53 section CM-4
  • o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14
  • o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7
  • Question Nine
  • Incident Response
  • Question 10 Must Haves
  • Appendix AExamples of Cyber Crime Prosecutions.