E-Book, Englisch, 337 Seiten
Speed Asset Protection through Security Awareness
Erscheinungsjahr 2012
ISBN: 978-1-4665-5141-1
Verlag: Taylor & Francis
Format: EPUB
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
E-Book, Englisch, 337 Seiten
ISBN: 978-1-4665-5141-1
Verlag: Taylor & Francis
Format: EPUB
Kopierschutz: Adobe DRM (»Systemvoraussetzungen)
Supplying a high-level overview of how to protect your company’s physical and intangible assets, Asset Protection through Security Awareness explains the best ways to enlist the assistance of your employees as the first line of defense in safeguarding company assets and mitigating security risks. The author reviews key topics surrounding computer security—including privacy, access controls, and risk management—to help fill the gaps that might exist between management and the technicians securing your network systems.
In an accessible style that requires no previous networking or programming experience, the book delivers a practical approach to asset protection. It specifies the roles of managers and employees in creating a company-wide culture of security awareness and provides step-by-step instruction on how to build an effective security awareness team. Each chapter examines a separate security issue and provides a brief overview of how to address that issue. It includes tools and checklists to help you address:
- Visual, digital, and auditory data security
- Credit card compliance (PCI), password management, and social engineering
- User authentication methods
- Computer and network forensics
- Physical security and continuity planning
- Privacy concerns and privacy-related regulation
This concise security management primer facilitates the up-to-date understanding required to protect your digital and physical assets, including customer data, networking equipment, and employee information. Providing you with powerful tools of diplomacy, this text will help you win the support of your employees and empower them to be effective gatekeepers of your company’s most valued assets and trade secrets.
Zielgruppe
IT managers and staff; IT trainers.
Autoren/Hrsg.
Weitere Infos & Material
Introduction: What Is Information Security?
Creating a Culture of Security Awareness
Protecting Corporate Assets
Protective Measures
A Culture of Security Awareness
Remaining Dynamic
Overview of Security Awareness Categories
Overview
Industry Standards
Privacy Concerns
Password Management
Credit Card Compliance (PCI)
General File Management
Examples of Security Regulations and Laws
Who Is an IS Professional?
Introduction
Empowering Security Professionals
Top-Down Approach
Diplomacy
The People Portion of Information Security
The IS Specialist
Diplomacy—The IS Professional’s Best Friend
End Users Are Great Network Monitors
The End User’s Diplomatic Responsibility
Privacy Concerns
What Is Privacy?
Why Does Privacy Matter?
Types of Private Data
Keeping Files Private
Privacy-Related Regulations and Laws
Privacy Policies
Interdepartmental Security
Interdepartmental Security
Risk Management
Risk Management and Asset Protection
Risk Management
Social Engineering
What Is Social Engineering?
Psychology of Social Engineering
Social Engineering Information Gathering Methods
Incident Detection and Response
What Is an Incident?
Incident Detection
Incident Response
Computer Security Incident Response Teams
Preparedness Is Key
Physical Security
Human-Caused Incidents
Physical Security Measures
Weather/Natural Disasters
PCI Compliance
Category 1. Protect and Maintain a Secure Network
Category 2: Protect Cardholder Data
Category 3: Maintain a Vulnerability Management Program
Category 4: Implement Strong Access Control Measures
Category 5: Regularly Monitor and Test Networks
Category 6: Maintain an Information Security Policy
A Good Place to Start
Business Continuity Planning
Evaluation of Critical Systems and Resources
Prioritization of Critical Systems and Resources
Identify Threats Posed to Critical Systems and Resources
Assign Business Continuity Responsibilities
Develop the Continuity Planning Policy Statement
Implement Business Continuity Plan
Maintain the Plan
Train According to Business Continuity Plan Objectives
User Authentication Methods
User Authentication
Cryptosystems
Public Key Infrastructure
Web of Trust
Computer and Network Forensics
Acquire
Authenticate
Analyze
Malware
Introduction
Viruses
Worms
Keyloggers
Rootkits
Spyware
Adware
Trojan Horses
Types of Antivirus Programs
Detecting and Removing Viruses
Recommended Antivirus Programs
Software Updates
Crafting a Security Policy
Planning Versus Reactionary Response (Or—Why It’s Important to Have a Security Plan)
Don’t Wait to Plan
Standards, Policies, Procedures, and Controls
Accessibility, Supportability, and Clarity
Assessing the Organization’s Network Infrastructure
Security Policy Structure Outline
Distribution of the Policy
Performing Security Analyses and Audits
The Necessity
Audit Committees
Preaudit Considerations
Defining Security Rules
Performing a Risk Assessment
Build the Security Architecture
How Frequently Should Audits Be Performed?
Access Control
Accountability
Identification and Authentication
Different Access Control Methodologies
Security Checklists
Checklist for Creating a Security Policy
Network Inventory Checklist
Physical Security Checklist
Index
