|Opamp Technical Books
1033 N. Sycamore Ave.
Los Angeles, CA 90038
1 - 800 - 468 - 4322
Your search found 7 books
Now viewing Books 1 - 7
In stock items ship IMMEDIATELY.
Other titles usually ship within 2-3 days.
|Assessing and Managing Security Risk in IT Systems: A Structured Methodology|
|SECURITY CONCEPTS Using Models Introduction: Understanding, Selecting, and Applying Models Understanding Assets Layered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in Security Security in Context Reference Defining Information Security Confidentiality, Integrity, and Availability Information Attributes Intrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources References Understanding Threat and Its Relation to Vulnerabilities Introduction Threat Defined Analyzing Threat Assessing Physical Threats Infrastructure Threat Issues Assessing Risk Variables: The Risk Assessment Process Introduction Learning to Ask the Right Questions about Risk The Basic Elements of Risk in IT Systems Information as an Asset Defining Threat for Risk Management Defining Vulnerabilities for Risk Management Defining Safeguards for Risk Management The Risk Assessment Process THE McCUMBER CUBE METHODOLOGY The McCumber Cube Introduction The Nature of Information Critical Information Characteristics Confidentiality Integrity Availability Security Measures Technology Policy and Practice Education, Training, and Awareness (Human Factors) The Model References Determining Information States and Mapping Information Flow Introduction Information States: A Brief Historical Perspective Automated Processing: Why Cryptography Is Not Sufficient Simple State Analysis Information States in Heterogeneous Systems Boundary Definition Decomposition of Information States Developing an Information State Map Reference Decomposing the Cube for Security Enforcement Introduction A Word about Security Policy Definitions The McCumber Cube Methodology The Transmission State The Storage State The Processing State Recap of the Methodology Information State Analysis for Components and Subsystems Introduction Shortcomings of Criteria Standards for Security Assessments Applying the McCumber Cube Methodology for Product Assessments Steps for Product and Component Assessment Information Flow Mapping Cube Decomposition Based on Information States Develop Security Architecture Recap of the Methodology for Subsystems, Products, and Components References Managing the Security Life Cycle Introduction Safeguard Analysis Introduction Technology Safeguards Procedural Safeguards Human Factors Safeguards Assessing and Managing Security Risk in IT Systems Vulnerability-Safeguard Pairing Hierarchical Dependencies of Safeguards Security Policies and Procedural Safeguards Developing Comprehensive Safeguards: The Lessons of the Shogun Identifying and Applying Appropriate Safeguards Comprehensive Safeguard Management: Applying the McCumber Cube The ROI of Safeguards: Do Security Safeguards Have a Payoff? Practical Applications of McCumber Cube Analysis Introduction Applying the Model to Global and National Security Issues Programming and Software Development Using the McCumber Cube in an Organizational Information Security Program Using the McCumber Cube for Product or Subsystem Assessment Using the McCumber Cube for Safeguard Planning and Deployment Tips and Techniques for Building Your Security Program Establishing the Security Program: Defining You Avoiding the Security Cop Label Obtaining Corporate Approval and Support Creating Pearl Harbor Files Defining Your Security Policy Defining What versus How Security Policy: Development and Implementation Reference SECTION III APPENDICES Vulnerabilities Risk Assessment Metrics Diagrams and Tables Other Resources|
|AUERBACH - TAYLOR & FRANCIS -||H||ISBN: 0849322324||PGS: 288||List: 72.95 YOUR PRICE: 69.30|
|INFORMATION SECURITY POLICIES, PROCEDURES & STANDARDS|
|Introduction Writing Mechanics and the Message Attention Spans Key Concepts Topic Sentence and Thesis Statement The Message Writing Don'ts Summary Policy Development Introduction Policy Definitions Frequently Asked Questions Polices are Not Enough What is a Policy Policy Format Policy Content Program Policy Examples Topic-Specific Policy Statements Additional Hints Topic-Specific Subjects Things to Remember Additional Examples Standards Introduction Where Does a Standard Go? Policies are not Enough What is a Standard Security Organization Assets Classification and Control Personnel Security Physical and Environmental Security Computer and Network Management Systems Access Control Business Continuity Planning Compliance Writing Procedures Introduction Definitions Writing Commandants Key Elements in Procedure Writing Procedure Checklist Getting Started Procedure Styles Creating a Procedure Summary Security Awareness Program Introduction Key Goals of an Information Security Program Key Elements of a Security Program Security Awareness Program Goals Identify Current Training Needs Security Awareness Program Development Methods Used to Convey the Awareness Message Presentation Key Elements Typical Presentation Format When to do Awareness The Information Security Message Information Security Self-Assessment Video Sources Why Manage the Process as a Project Introduction First Things First - Identify the Sponsor Defining the Scope of Work Time Management Policies and Procedures Project Sample WBS Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Mission Statement Setting the Scope Background on your Position Business Goals Versus Security Goals Computer Security Objectives Mission Statement Format Allocation of Information Security Responsibilities Mission Statement Examples Support for the Mission Statement Key Roles in Organizations Business Objectives Review Information Technology - Code of Practice for Information Security Management Scope Terms and Definitions Information Security Policy Organization Security Asset Classification and Control Personnel Security Physical and Environmental Security Systems Development and Maintenance Business Continuity Planning Compliance Review References|
|AUERBACH - CRC - TAYLOR & FRANCIS & FRAN||S||ISBN: 0849311373||PGS: 297||List: 97.95 YOUR PRICE: 93.05|
|Investigating Computer Crime|
|Introduction Computer Search Warrant Team Case Supervisor Interview Team Sketch and Photo Team Physical Search Team Security and Arrest Team Technical Evidence Seizure and Logging Team Computer-Related Evidence Types of Computer-Related Evidence Where Computer-Related Evidence May be Found Finding Computer Evidence Examine the Evidence for Criminal Content Cautions and Considerations Legal Requirements Storage of Seized Evidence Investigative Tool Box Software Hardware Other Useful Stuff Crime Scene Investigation Evaluate the Scene in Advance Set Up Search Teams Establish a Plan of Attack Prepare the Search Warrant Execute the Warrant Secure the Scene Teams Perform their Functions Completing the Search Making a Boot Disk What is a Boot Disk? The POST Test The Boot Process What if there is a CMOS Boot Password? So, How Do I Make One? What Problems Might I Encounter? Simple Overview of Seizing a Computer Evidence Evaluation and Analysis Forms of Evidence Analysis Tools Analysis Procedures using PROFILE.BAT Other Analysis Procedures Chronological Search Form Investigating Floppies Common File Extensions Passwords and Encryption What is a Password? What is Encryption? What is the Difference Between Passwords and Encryption? What are Common Uses of Passwords? Where Do You Get a Password? How Do You Break or Bypass a Password or Encryption? How Do You Break or Bypass Encryption? PGP What is a Common Use of Encryption? Sources of Programs and Information Investigating Bulletin Boards Where Do I Start? Initiating the Investigation Tips to Avoid Traps, Snares, and Pitfalls "Elite" Acronyms Networks Network Ups and Downs Network Parts and Pieces Types of Networks Physical Connections Operating Systems So What Does this All Mean? The Bottom Line Ideal Investigative Computer Systems Desktop Portable Tools Computer Chart Media Cables Bags Software Court Procedures Expert Witnesses Pretrial Preparation Speaking to the Judge and Jury Terminology to Use in Court Resumes Equipment Search Warrants Case Law Writing a Warrant Hacker Case Prodigy Service Warrant Credit Card Warrant Search Warrant Samples Conclusion Glossary Index|
|CRC - TAYLOR & FRANCIS||H||ISBN: 0849381584||PGS: 256||List: 125.95 YOUR PRICE: 119.65|
|Investigating Computer- Related CrimeA Handbook For Corporate Investigators|
|Forward by Michael Anderson-New Technologies, Inc., Former Special Agent IRS Preface What This Book is About Who Should Read This Book THE NATURE OF CYBER CRIME Cyber Crime as We Enter the 21st Century What is Cyber Crime? How Does Today's Cyber Crime Differ From the Hacker Exploits of Yesterday? The Reality of Information Warfare in the Corporate Environment Industrial Espionage-Hackers For Hire Public Law Enforcement's Role in Cyber Crime Investigations The Role of Private Cyber Crime Investigators and Security Consultants in Investigations The Potential Impacts of Cyber Crime Data Thieves Misinformation Denial of Service Rogue Code Attacks Viruses, Trojan Horses and Worms Logic Bombs Responding to Rogue Code Attacks Protection of Extended Mission Critical Computer Systems Surgical Strikes and Shotgun Blasts Symptoms of a Surgical Strike Masquerading Case Study: The Case of the Cyber Surgeon Symptoms of Shotgun Blasts "Up Yours"-Mailbombs Data Floods INVESTIGATING CYBER CRIME A Framework for Conducting an Investigation of a Computer Security Incident Managing Intrusions Why We Need an Investigative Framework What Should an Investigative Framework Provide? Drawbacks for the Corporate Investigator A Generalized Investigative Framework for Corporate Investigators Look for the Hidden Flaw The Human Aspects of Cyber Crime Investigation Motive, Means and Opportunity The Difference Between "Evidence" and "Proof" Look for the Logical Error Vanity Analyzing the Remnants of a Computer Security Incident What We Mean by a "Computer Security Incident" We Never Get the Call Soon Enough Cyber Forensic Analysis-Computer Crimes Involving Networks Computer Forensic Analysis-Computer Crimes at the Computer Software Forensic Analysis-Who Wrote the Code? The Limitations of System Logs The Logs May Tell the Tale-But There are No Logs Multiple Log Analysis Launching an Investigation Securing the Virtual Crime Scene Collecting and Preserving Evidence Interrogating and Interviewing Suspects and Witnesses Developing and Testing an Intrusion Hypothesis Investigating Alternative Explanations You May Never Catch the Culprit Damage Control and Containment Determining if a Crime Has Taken Place Statistically, You Probably Don't Have a Crime Believe Your Indications What Constitutes Evidence? Using Tools to Verify That a Crime Has Occurred Unix Crash Dump Analysis Recovering Data From Damaged Disks Examining Logs-Special Tools Can Help Clues From Witness Interviews Maintaining Crime Scene Integrity Until You Make a Determination Case Study: The Case of the CAD/CAM Cad Case Study: The Case of the Client-Server Handling the Crime in Progress Intrusions-The Intruder is Still On-Line Should You Trap, Shut Down or Scare Off the Intruder? Trap and Trace Techniques Legal Issues in Trap and Trace Stinging-Goat Files and Honey Pots "It Never Happened"-Cover-Ups are Common Case Study: The Case of the Innocent Intruder The Importance of Well Documented Evidence Maintaining a Chain of Custody Politically Incorrect-Understanding Why People Cover Up for a Cyber Crook Involving the Authorities Who Has Jurisdiction? What Happens When You Involve Law Enforcement Agencies? Making the Decision When an Investigation Can't Continue When and Why Should You Stop an Investigation? Legal Liability and Fiduciary Duty Political Issues PREPARING FOR CYBER CRIME Building a Corporate Cyber "SWAT Team" Why Do Organizations Need a Cyber SWAT Team? What Does a Cyber SWAT Team Do? Who Belongs on a Cyber SWAT Team? Training Investigative Teams Privacy and Computer Crime The Importance of Formal Policies Who Owns the E-mail? The Disk Belongs to the Organization, But What About the Data? The "Privacy Act"(s) Wiretap Laws USING THE FORENSIC UTILITIES Preface To This Section-How the Section is Organized Preserving Evidence-First Steps "Marking" Evidence With an MD5 Hash and M-Crypt Taking a Hard Disk Inventory with FileList Using SafeBack 2.0 To Take an Image of a Fixed Disk Searching For Hidden Information The Intelligent Filter IP Filter GetSlack GetFree SeeJunk Text Search Pro Using the Norton Utilities Handling Floppy Disks AnaDisk Copying Floppies to a Work Disk Disks Within Disks|
|CRC - TAYLOR & FRANCIS||H||ISBN: 0849322189||PGS: 328||List: 146.95 YOUR PRICE: 139.60|
|MANAGING A NETWORK VULNERABILITY ASSESSMENT|
|Introduction Information Security Lifecycle Network Vulnerability Assessment Do I Need to be a Technical Expert to Run an NVA? What Level of Skill Is Needed? Which Specific Skills Are Needed? Can One Person Run an NVA? Introduction to Vulnerability Assessment Goals of Vulnerability Assessment How Many Trees Should Die to Generate This Type of Report? What Are Vulnerabilities? Classes of Vulnerabilities Elements of a Good Vulnerability Assessment Project Scoping General Scoping Practices Developing the Project Overview Statement Developing the Project Scope Project Scope Document Project Scope Change Summary Assessing Current Network Concerns Network Vulnerability Assessment Timeline Network Vulnerability Assessment Team (NVAT) Threats to Computer Systems Other Concerns Additional Threats Prioritizing Risks and Threats Other Considerations Checklists Summary Network Vulnerability Assessment Methodology Methodology Purpose Definitions Justification Philosophy Top-Down Examination Bottom-Up Examination Network Vulnerability Assessment Methodology The NVA Process (Step-by-Step) Summary Policy Review (Top-Down) Methodology Definitions Policy Review Elements Summary Technical (Bottom-Up) Step 1: Site Survey Step 2: Develop a Test Plan Step 3: Building the Toolkit Step 4: Conduct the Assessment Step 5: Analysis Step 6: Documentation Summary Network Vulnerability Assessment Sample Report Table of Executive Summary Body of the NVA Report Summary Summary Appendixes ISO17799 Self-Assessment Checklist Window NT Server 4.0 Checklist Network Vulnerability Assessment Checklist Pre-NVA Checklist Sample NVA Report NIST Special Publications Glossary of Terms|
|AUERBACH - CRC - TAYLOR & FRANCIS & FRAN||S||ISBN: 0849312701||PGS: 291||List: 81.95 YOUR PRICE: 77.85|
|Secure Computers and Networks: Analysis, Design, and Implementation|
|Fundamentals of Computer Security Risk Assessment and Mitigation Developing Secure Computer Systems Security Models User Authentications Access and Information Flow Controls Auditing and Intrusion Detection Damage Control and Assessment Database Security Network Security Secure Electronic Commerce World Wide Web Security Firewalls Cryptography Malicious Code Security Standards Case Studies Appendices: Information Warfare; UNIX Security Index|
|CRC - TAYLOR & FRANCIS||H||ISBN: 0849318688||PGS: 392||List: 146.95 YOUR PRICE: 139.60|
|SECURE INTERNET PRACTICES: Best Practices for Securing Systems in the Internet and E-Business Age|
|INTRODUCTION Brief History of the Internet Size and Growth of the Internet Implications for Security Business Uses of the Internet Security in the Internet and E-Commerce Age A Formula for Quantifying Risk Conclusion THE INFORMATION SECURITY PROGRAM The Present Information Systems Environment A Risk Construct Information Risk Management Enterprise-Wide Information Security Program Elements: Framework, Organization, Technology, and Process Creating a Successful Security Program Building the Security Program Conclusion DEVELOPING AN INFORMATION SECURITY POLICY The Impact of the Internet Characteristics of Good Information Security Policy METASeS Information Security Policy Framework Policy Interpretation Information Security Policy Life Cycle Assessing Policy Needs Developing Information Security Policy Implementing and Deploying Policy Maintaining Information Security Policy WEB AND E-COMMERCE SECURITY Chapter Components Information Security Goals Web and e-Commerce Security Architecture The Process of Formulating Architecture Types of Architecture System Development Life Cycle Methodology Underlying Infrastructure Components Conclusion Appendix A: Sample Excerpt from an Information Security Program Gap Analysis Appendix B: Excerpts from Technology Standards and Configuration Guides Publications Appendix C: Resources for Information Security and Policy Appendix D: Examples of Processes and Procedures Appendix E: Trends in Security Spending Glossary Index|
|AUERBACH - CRC - TAYLOR & FRANCIS & FRAN||S||ISBN: 0849312396||PGS: 205||List: 99.95 YOUR PRICE: 94.95|
Your search found 7 books
Now viewing Books 1 - 7
In stock items ship IMMEDIATELY.
Other titles usually ship within 2-3 days.
OPAMP Technical Books
1033 N. Sycamore Avenue
Los Angeles, California 90038 USA
800-468-4322 / 323-464-4322 FAX 323-464-0977
Copyright © 1997-2007 Opamp Technical Books, Inc.