 |
Opamp Technical Books 1033 N. Sycamore Ave. Los Angeles, CA 90038 WWW.OPAMP.COM 1 - 800 - 468 - 4322 8:00am-4:30pm M-F 9:00am-5:30pm Sat |
|
|---|
 |
 |
 |
 |
 |
 |
|
TITLE: AUTHOR: ISBN: |
 |
Your search found 13 books Now viewing Books 1 - 13 In stock items ship IMMEDIATELY. Other titles usually ship within 2-3 days. |
 |
|---|
| Assessing and Managing Security Risk in IT Systems: A Structured Methodology | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| SECURITY CONCEPTS Using Models Introduction: Understanding, Selecting, and Applying Models Understanding Assets Layered Security Using Models in Security Security Models for Information Systems Shortcomings of Models in Security Security in Context Reference Defining Information Security Confidentiality, Integrity, and Availability Information Attributes Intrinsic versus Imputed Value Information as an Asset The Elements of Security Security Is Security Only in Context Information as an Asset Introduction Determining Value Managing Information Resources References Understanding Threat and Its Relation to Vulnerabilities Introduction Threat Defined Analyzing Threat Assessing Physical Threats Infrastructure Threat Issues Assessing Risk Variables: The Risk Assessment Process Introduction Learning to Ask the Right Questions about Risk The Basic Elements of Risk in IT Systems Information as an Asset Defining Threat for Risk Management Defining Vulnerabilities for Risk Management Defining Safeguards for Risk Management The Risk Assessment Process THE McCUMBER CUBE METHODOLOGY The McCumber Cube Introduction The Nature of Information Critical Information Characteristics Confidentiality Integrity Availability Security Measures Technology Policy and Practice Education, Training, and Awareness (Human Factors) The Model References Determining Information States and Mapping Information Flow Introduction Information States: A Brief Historical Perspective Automated Processing: Why Cryptography Is Not Sufficient Simple State Analysis Information States in Heterogeneous Systems Boundary Definition Decomposition of Information States Developing an Information State Map Reference Decomposing the Cube for Security Enforcement Introduction A Word about Security Policy Definitions The McCumber Cube Methodology The Transmission State The Storage State The Processing State Recap of the Methodology Information State Analysis for Components and Subsystems Introduction Shortcomings of Criteria Standards for Security Assessments Applying the McCumber Cube Methodology for Product Assessments Steps for Product and Component Assessment Information Flow Mapping Cube Decomposition Based on Information States Develop Security Architecture Recap of the Methodology for Subsystems, Products, and Components References Managing the Security Life Cycle Introduction Safeguard Analysis Introduction Technology Safeguards Procedural Safeguards Human Factors Safeguards Assessing and Managing Security Risk in IT Systems Vulnerability-Safeguard Pairing Hierarchical Dependencies of Safeguards Security Policies and Procedural Safeguards Developing Comprehensive Safeguards: The Lessons of the Shogun Identifying and Applying Appropriate Safeguards Comprehensive Safeguard Management: Applying the McCumber Cube The ROI of Safeguards: Do Security Safeguards Have a Payoff? Practical Applications of McCumber Cube Analysis Introduction Applying the Model to Global and National Security Issues Programming and Software Development Using the McCumber Cube in an Organizational Information Security Program Using the McCumber Cube for Product or Subsystem Assessment Using the McCumber Cube for Safeguard Planning and Deployment Tips and Techniques for Building Your Security Program Establishing the Security Program: Defining You Avoiding the Security Cop Label Obtaining Corporate Approval and Support Creating Pearl Harbor Files Defining Your Security Policy Defining What versus How Security Policy: Development and Implementation Reference SECTION III APPENDICES Vulnerabilities Risk Assessment Metrics Diagrams and Tables Other Resources | |||||||
| AUERBACH - TAYLOR & FRANCIS - | H | ISBN: 0849322324 | PGS: 288 | List: 72.95 YOUR PRICE: 69.30 | |||
| CYBERSHOCK: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Contents: Great New Global Society; Whole Lotta Hackin Goin' On; CyberGraffiti; Who Are the Hackers?; CyberChrist at the Hacker Con - Las Vegas, Nevada, USA; Hactivism - Political Hacking; American Alien Hacks Through Customs; In Cyberspace You're Guilty Until Proven Innocent; Protecting Your Kids & Family From Hackers; Spam; Scam Spam - Fraud; Getting Anonymous; Password Hacking; Hack & Sniff; Scanning, Breaking, & Entering - Anatomy of a Friendly Hack; War Dialing - Hacking the Phones; Trojan Hacking; Hacking for $; Viruses, Hoaxes, & Other Animals; Crypto Hacking; Stenagrophy - Hiding in Plain Site; Hacking for Evidence; Denial of Service - Taking Down the Net; Schwartau to Congress - HERF This; Weapons of Mass Disruption; Hiring Hackers; Catching Hackers; Defensive Hacking - Firewalls; Corporate Anti-Hacking - It Ain't the Technology; Lying to Hackers is OK By Me; Hacking & Law Enforcement; Corporate Vigilantism - Strike Back or Lay Back?; Infrastructure is Us - National Response to Hacking; Something Other Than War; Luddite's Lament; Future of Microsoft; Messing with the Collective Mind - PsyOps; Extreme Hacking; Toaster Rebellion of '08. | |||||||
| THUNDER'S MOUTH PRESS | S | ISBN: 156025307X | PGS: 470 | List: 16.95 YOUR PRICE: 16.10 | |||
| Data Protection and Data Access: Reports from Ten Countries on Data Protection and Data Access in Social Research, with an Annotate | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| This publication deals with data protection and data access in the social sciences. The first part consists of reports from ten countries, covering country-specific legislation, and discussing problems and solutions concerning data access for research purposes. Subjects considered include practical examples of new methods to give access to machine readable data files, and the implications of privacy legislation and data protection for social science research. The second part consists of an international bibliography on the subject. The reports and bibliography form an update to the subject of data protection and data access for research at a time that overall computerization of personal information has become a reality and many countries have revised their legislation on privacy and data access. | |||||||
| ROYAL NETHERLANDS ACADEMY OF ARTS AND SC | P | ISBN: 0444857141 | PGS: 274 | List: 34.00 YOUR PRICE: 32.30 | |||
| HIGH NOON ON THE ELECTRONIC FRONTIER: Conceptual Issues in Cyberspace | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Contents: Selling Wine Without Bottles - Economy of Mind on the Global Net; Why Patents Are Bad for Software; Against Software Patents; Debunking the Software Patent Myths; So You Want to Be a Pirate?; Some "Property" Problems in a Computer Crime Prosecution; The Conscience of a Hacker; The Prisoner - Optik Goes Directly to Jail; Concerning Hackers Who Break into Computer Systems - Postscript, June 11, 1995; Congressional Testimony by Emmanuel Goldstein; How PGP Works/Why Do You Need PGP?; Crypto Rebels; Jackboots on the Infobahn; The Clipper Chip Will Block Crime; The Denning-Barlow Clipper Chip Debate; Achieving; Achieving Electronic Privacy; A Crypto Anarchist Manifesto; Introduction to BlackNet; BlackNet Worries; Censoring Cyberspace; ACLU Letter to CMU on alt.sex Newsgroups; Virtual Community Standards - BBS Obscenity Case Raises New Legal Issues; & more. | |||||||
| MIT PRESS | S | ISBN: 0262621037 | PGS: 514 | List: 38.00 YOUR PRICE: 38.00 | |||
| INFORMATION SECURITY POLICIES, PROCEDURES & STANDARDS | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Introduction Writing Mechanics and the Message Attention Spans Key Concepts Topic Sentence and Thesis Statement The Message Writing Don'ts Summary Policy Development Introduction Policy Definitions Frequently Asked Questions Polices are Not Enough What is a Policy Policy Format Policy Content Program Policy Examples Topic-Specific Policy Statements Additional Hints Topic-Specific Subjects Things to Remember Additional Examples Standards Introduction Where Does a Standard Go? Policies are not Enough What is a Standard Security Organization Assets Classification and Control Personnel Security Physical and Environmental Security Computer and Network Management Systems Access Control Business Continuity Planning Compliance Writing Procedures Introduction Definitions Writing Commandants Key Elements in Procedure Writing Procedure Checklist Getting Started Procedure Styles Creating a Procedure Summary Security Awareness Program Introduction Key Goals of an Information Security Program Key Elements of a Security Program Security Awareness Program Goals Identify Current Training Needs Security Awareness Program Development Methods Used to Convey the Awareness Message Presentation Key Elements Typical Presentation Format When to do Awareness The Information Security Message Information Security Self-Assessment Video Sources Why Manage the Process as a Project Introduction First Things First - Identify the Sponsor Defining the Scope of Work Time Management Policies and Procedures Project Sample WBS Cost Management Planning for Quality Managing Human Resources Creating a Communications Plan Summary Mission Statement Setting the Scope Background on your Position Business Goals Versus Security Goals Computer Security Objectives Mission Statement Format Allocation of Information Security Responsibilities Mission Statement Examples Support for the Mission Statement Key Roles in Organizations Business Objectives Review Information Technology - Code of Practice for Information Security Management Scope Terms and Definitions Information Security Policy Organization Security Asset Classification and Control Personnel Security Physical and Environmental Security Systems Development and Maintenance Business Continuity Planning Compliance Review References | |||||||
| AUERBACH - CRC - TAYLOR & FRANCIS & FRAN | S | ISBN: 0849311373 | PGS: 297 | List: 97.95 YOUR PRICE: 93.05 | |||
| INTERNET SECURITY MADE EASY | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Contents: Technical Essentials for Internet Security; Connecting to the World Wide Web; First Steps Toward Internet Security; Always On, Always Vulnerable; Secure Your Business; Making Your Web Server Secure; Public Key Infrastructure; Secure Remote Access; What Do We Do? We've Been Hacked!; Cybercrime; Future of the Internet: IPv6 and WAp | |||||||
| AMACOM | S | ISBN: 0814471420 | PGS: 279 | List: 24.95 YOUR PRICE: 23.70 | |||
| Investigating Computer Crime | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Introduction Computer Search Warrant Team Case Supervisor Interview Team Sketch and Photo Team Physical Search Team Security and Arrest Team Technical Evidence Seizure and Logging Team Computer-Related Evidence Types of Computer-Related Evidence Where Computer-Related Evidence May be Found Finding Computer Evidence Examine the Evidence for Criminal Content Cautions and Considerations Legal Requirements Storage of Seized Evidence Investigative Tool Box Software Hardware Other Useful Stuff Crime Scene Investigation Evaluate the Scene in Advance Set Up Search Teams Establish a Plan of Attack Prepare the Search Warrant Execute the Warrant Secure the Scene Teams Perform their Functions Completing the Search Making a Boot Disk What is a Boot Disk? The POST Test The Boot Process What if there is a CMOS Boot Password? So, How Do I Make One? What Problems Might I Encounter? Simple Overview of Seizing a Computer Evidence Evaluation and Analysis Forms of Evidence Analysis Tools Analysis Procedures using PROFILE.BAT Other Analysis Procedures Chronological Search Form Investigating Floppies Common File Extensions Passwords and Encryption What is a Password? What is Encryption? What is the Difference Between Passwords and Encryption? What are Common Uses of Passwords? Where Do You Get a Password? How Do You Break or Bypass a Password or Encryption? How Do You Break or Bypass Encryption? PGP What is a Common Use of Encryption? Sources of Programs and Information Investigating Bulletin Boards Where Do I Start? Initiating the Investigation Tips to Avoid Traps, Snares, and Pitfalls "Elite" Acronyms Networks Network Ups and Downs Network Parts and Pieces Types of Networks Physical Connections Operating Systems So What Does this All Mean? The Bottom Line Ideal Investigative Computer Systems Desktop Portable Tools Computer Chart Media Cables Bags Software Court Procedures Expert Witnesses Pretrial Preparation Speaking to the Judge and Jury Terminology to Use in Court Resumes Equipment Search Warrants Case Law Writing a Warrant Hacker Case Prodigy Service Warrant Credit Card Warrant Search Warrant Samples Conclusion Glossary Index | |||||||
| CRC - TAYLOR & FRANCIS | H | ISBN: 0849381584 | PGS: 256 | List: 125.95 YOUR PRICE: 119.65 | |||
| Investigating Computer- Related CrimeA Handbook For Corporate Investigators | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Forward by Michael Anderson-New Technologies, Inc., Former Special Agent IRS Preface What This Book is About Who Should Read This Book THE NATURE OF CYBER CRIME Cyber Crime as We Enter the 21st Century What is Cyber Crime? How Does Today's Cyber Crime Differ From the Hacker Exploits of Yesterday? The Reality of Information Warfare in the Corporate Environment Industrial Espionage-Hackers For Hire Public Law Enforcement's Role in Cyber Crime Investigations The Role of Private Cyber Crime Investigators and Security Consultants in Investigations The Potential Impacts of Cyber Crime Data Thieves Misinformation Denial of Service Rogue Code Attacks Viruses, Trojan Horses and Worms Logic Bombs Responding to Rogue Code Attacks Protection of Extended Mission Critical Computer Systems Surgical Strikes and Shotgun Blasts Symptoms of a Surgical Strike Masquerading Case Study: The Case of the Cyber Surgeon Symptoms of Shotgun Blasts "Up Yours"-Mailbombs Data Floods INVESTIGATING CYBER CRIME A Framework for Conducting an Investigation of a Computer Security Incident Managing Intrusions Why We Need an Investigative Framework What Should an Investigative Framework Provide? Drawbacks for the Corporate Investigator A Generalized Investigative Framework for Corporate Investigators Look for the Hidden Flaw The Human Aspects of Cyber Crime Investigation Motive, Means and Opportunity The Difference Between "Evidence" and "Proof" Look for the Logical Error Vanity Analyzing the Remnants of a Computer Security Incident What We Mean by a "Computer Security Incident" We Never Get the Call Soon Enough Cyber Forensic Analysis-Computer Crimes Involving Networks Computer Forensic Analysis-Computer Crimes at the Computer Software Forensic Analysis-Who Wrote the Code? The Limitations of System Logs The Logs May Tell the Tale-But There are No Logs Multiple Log Analysis Launching an Investigation Securing the Virtual Crime Scene Collecting and Preserving Evidence Interrogating and Interviewing Suspects and Witnesses Developing and Testing an Intrusion Hypothesis Investigating Alternative Explanations You May Never Catch the Culprit Damage Control and Containment Determining if a Crime Has Taken Place Statistically, You Probably Don't Have a Crime Believe Your Indications What Constitutes Evidence? Using Tools to Verify That a Crime Has Occurred Unix Crash Dump Analysis Recovering Data From Damaged Disks Examining Logs-Special Tools Can Help Clues From Witness Interviews Maintaining Crime Scene Integrity Until You Make a Determination Case Study: The Case of the CAD/CAM Cad Case Study: The Case of the Client-Server Handling the Crime in Progress Intrusions-The Intruder is Still On-Line Should You Trap, Shut Down or Scare Off the Intruder? Trap and Trace Techniques Legal Issues in Trap and Trace Stinging-Goat Files and Honey Pots "It Never Happened"-Cover-Ups are Common Case Study: The Case of the Innocent Intruder The Importance of Well Documented Evidence Maintaining a Chain of Custody Politically Incorrect-Understanding Why People Cover Up for a Cyber Crook Involving the Authorities Who Has Jurisdiction? What Happens When You Involve Law Enforcement Agencies? Making the Decision When an Investigation Can't Continue When and Why Should You Stop an Investigation? Legal Liability and Fiduciary Duty Political Issues PREPARING FOR CYBER CRIME Building a Corporate Cyber "SWAT Team" Why Do Organizations Need a Cyber SWAT Team? What Does a Cyber SWAT Team Do? Who Belongs on a Cyber SWAT Team? Training Investigative Teams Privacy and Computer Crime The Importance of Formal Policies Who Owns the E-mail? The Disk Belongs to the Organization, But What About the Data? The "Privacy Act"(s) Wiretap Laws USING THE FORENSIC UTILITIES Preface To This Section-How the Section is Organized Preserving Evidence-First Steps "Marking" Evidence With an MD5 Hash and M-Crypt Taking a Hard Disk Inventory with FileList Using SafeBack 2.0 To Take an Image of a Fixed Disk Searching For Hidden Information The Intelligent Filter IP Filter GetSlack GetFree SeeJunk Text Search Pro Using the Norton Utilities Handling Floppy Disks AnaDisk Copying Floppies to a Work Disk Disks Within Disks | |||||||
| CRC - TAYLOR & FRANCIS | H | ISBN: 0849322189 | PGS: 328 | List: 146.95 YOUR PRICE: 139.60 | |||
| MANAGING A NETWORK VULNERABILITY ASSESSMENT | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Introduction Information Security Lifecycle Network Vulnerability Assessment Do I Need to be a Technical Expert to Run an NVA? What Level of Skill Is Needed? Which Specific Skills Are Needed? Can One Person Run an NVA? Introduction to Vulnerability Assessment Goals of Vulnerability Assessment How Many Trees Should Die to Generate This Type of Report? What Are Vulnerabilities? Classes of Vulnerabilities Elements of a Good Vulnerability Assessment Project Scoping General Scoping Practices Developing the Project Overview Statement Developing the Project Scope Project Scope Document Project Scope Change Summary Assessing Current Network Concerns Network Vulnerability Assessment Timeline Network Vulnerability Assessment Team (NVAT) Threats to Computer Systems Other Concerns Additional Threats Prioritizing Risks and Threats Other Considerations Checklists Summary Network Vulnerability Assessment Methodology Methodology Purpose Definitions Justification Philosophy Top-Down Examination Bottom-Up Examination Network Vulnerability Assessment Methodology The NVA Process (Step-by-Step) Summary Policy Review (Top-Down) Methodology Definitions Policy Review Elements Summary Technical (Bottom-Up) Step 1: Site Survey Step 2: Develop a Test Plan Step 3: Building the Toolkit Step 4: Conduct the Assessment Step 5: Analysis Step 6: Documentation Summary Network Vulnerability Assessment Sample Report Table of Executive Summary Body of the NVA Report Summary Summary Appendixes ISO17799 Self-Assessment Checklist Window NT Server 4.0 Checklist Network Vulnerability Assessment Checklist Pre-NVA Checklist Sample NVA Report NIST Special Publications Glossary of Terms | |||||||
| AUERBACH - CRC - TAYLOR & FRANCIS & FRAN | S | ISBN: 0849312701 | PGS: 291 | List: 81.95 YOUR PRICE: 77.85 | |||
| NAKED CYBERSPACE. 2ND ED | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Contents: Sec 1: Personal Records in Cyberspace; Section 2: How Personal Records Are Used; Types of personal Records; Section 4: Where Can I Find More Information | |||||||
| CYBERAGE BOOKS | S | ISBN: 0910965501 | PGS: 587 | List: 29.95 YOUR PRICE: 28.45 | |||
| Secure Computers and Networks: Analysis, Design, and Implementation | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| Fundamentals of Computer Security Risk Assessment and Mitigation Developing Secure Computer Systems Security Models User Authentications Access and Information Flow Controls Auditing and Intrusion Detection Damage Control and Assessment Database Security Network Security Secure Electronic Commerce World Wide Web Security Firewalls Cryptography Malicious Code Security Standards Case Studies Appendices: Information Warfare; UNIX Security Index | |||||||
| CRC - TAYLOR & FRANCIS | H | ISBN: 0849318688 | PGS: 392 | List: 146.95 YOUR PRICE: 139.60 | |||
| SECURE INTERNET PRACTICES: Best Practices for Securing Systems in the Internet and E-Business Age | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| INTRODUCTION Brief History of the Internet Size and Growth of the Internet Implications for Security Business Uses of the Internet Security in the Internet and E-Commerce Age A Formula for Quantifying Risk Conclusion THE INFORMATION SECURITY PROGRAM The Present Information Systems Environment A Risk Construct Information Risk Management Enterprise-Wide Information Security Program Elements: Framework, Organization, Technology, and Process Creating a Successful Security Program Building the Security Program Conclusion DEVELOPING AN INFORMATION SECURITY POLICY The Impact of the Internet Characteristics of Good Information Security Policy METASeS Information Security Policy Framework Policy Interpretation Information Security Policy Life Cycle Assessing Policy Needs Developing Information Security Policy Implementing and Deploying Policy Maintaining Information Security Policy WEB AND E-COMMERCE SECURITY Chapter Components Information Security Goals Web and e-Commerce Security Architecture The Process of Formulating Architecture Types of Architecture System Development Life Cycle Methodology Underlying Infrastructure Components Conclusion Appendix A: Sample Excerpt from an Information Security Program Gap Analysis Appendix B: Excerpts from Technology Standards and Configuration Guides Publications Appendix C: Resources for Information Security and Policy Appendix D: Examples of Processes and Procedures Appendix E: Trends in Security Spending Glossary Index | |||||||
| AUERBACH - CRC - TAYLOR & FRANCIS & FRAN | S | ISBN: 0849312396 | PGS: 205 | List: 99.95 YOUR PRICE: 94.95 | |||
| STRATEGIC WARFARE IN CYBERSPACE | |||||||
|---|---|---|---|---|---|---|---|
| |||||||
| CONTENTS: Delineating Strategic Informtion Warfare: Key Concepts, Boundaries, & Operating Environment; Understanding the Conduct of Strategic Information Warfare; Establishing Organizational Technological Capacity for Strategic Information Warfare; Development of U.S. Strategic Airpower, 1919-1945: Challenges, Executing, & Lessons; US & Strategic Information Warfare, 1991-1999: Confronting the Emergence of Another Form of Warfare; Conclusion. | |||||||
| MIT | H | ISBN: 0262182092 | PGS: 517 | List: 49.95 YOUR PRICE: 47.45 | |||
|
|
Your search found 13 books Now viewing Books 1 - 13 In stock items ship IMMEDIATELY. Other titles usually ship within 2-3 days. |
|
|---|
|
|
|
|
|
|
OPAMP Technical Books
1033 N. Sycamore Avenue
Los Angeles, California 90038 USA
800-468-4322 / 323-464-4322 FAX 323-464-0977
Copyright © 1997-2007 Opamp Technical Books, Inc.