Skip to content
You are not logged in |Login  
Limit search to available items
Book Cover
Author Vladimirov, Andrew A., author.

Title Assessing information security : strategies, tactics, logic and framework / A. Vladimirov, K. Gavrilenko, A. Michajlowski.

Publication Info. Ely, Cambridgeshire : IT Governance Publishing, 2014.


Location Call No. Status
 Rocky Hill - Downloadable Materials  EBSCO Ebook    Downloadable
Rocky Hill cardholders click here to access this title from EBSCO
Edition Second edition.
Description 1 online resource (424 pages)
Note Vendor-supplied metadata.
Contents ""Cover""; ""Title""; ""Copyright""; ""Contents""; ""Introduction""; ""Chapter 1: Information Security Auditing and Strategy""; ""The mindsets of ignorance""; ""Defence-in-depth""; ""Compelling adversaries to adapt""; ""Chapter 2: Security Auditing, Governance, Policies and Compliance""; ""General security policy shortcomings""; ""Addressing security audits in policy statements""; ""The erroneous path to compliance""; ""Getting down to earth""; ""Chapter 3: Security Assessments Classification""; ""Black, grey and white box tests""; ""Assessments specialisations and actual scopes""
""On technical information security assessments""""Server, client and network-centric tests""; ""IT security testing levels and target areas""; ""'Idiosyncratic' technical security tests""; ""On non-technical information security audits""; ""Premises and physical security checks""; ""Social engineering tests""; ""Security documentation reviews""; ""Assessing security processes""; ""Chapter 4: Advanced Pre-Assessment Planning""; ""The four-stage framework""; ""Selecting the targets of assessment""; ""Evaluating what is on offer""; ""Professional certifications and education""
""Publications and tools""""The auditor company history and size""; ""Dealing with common assessment emergencies""; ""Chapter 5: Security Audit Strategies and Tactics""; ""Centres of gravity and their types""; ""Identifying critical points""; ""The strategic exploitation cycle""; ""External technical assessment recon""; ""Social engineering recon""; ""Internal technical assessment recon""; ""Technical vulnerability discovery process""; ""A brief on human vulnerabilities""; ""The tactical exploitation cycle""; ""Front, flank, simple, complex""; ""The strategies of creating gaps""
""Chapter 6: Synthetic Evaluation of Risks""""Risk, uncertainty and ugly Black Swans""; ""On suitable risk analysis methodologies""; ""On treatment of information security risks""; ""Relevant vulnerability categories""; ""Gauging attacker skill""; ""Weighting vulnerability impact""; ""Contemplating the vulnerability remedy""; ""Defining vulnerability risk level""; ""Risks faced by large components""; ""Compound risks, systempunkts and attacker logic""; ""Total risk summary utilisation and dissection""; ""Chapter 7: Presenting the Outcome and Follow-Up Acts""; ""The report audience and style""
""The report summary""""The report interpretation chapter""; ""The bulk of the report""; ""Explaining the overall security state""; ""Elaborating on breakdown of risks""; ""Using vulnerability origin investigations""; ""Post-audit assistance and follow-up hurdles""; ""Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies""; ""Bad tactics and poor tests""; ""On the assessment team ordnance""; ""Of serpents and eagles""; ""ITG Resources""
Summary Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that.
Bibliography Includes bibliographical references.
Subject COMPUTERS / Internet / Security.
COMPUTERS / Networking / Security.
COMPUTERS / Security / General.
Computer security.
Information technology.
COMPUTERS / General.
Computer security. (OCoLC)fst00872484
Information technology. (OCoLC)fst00973089
Computer security -- United States.
Data protection -- United States.
Genre/Form Electronic books.
Added Author Gavrilenko, Konstantin, author.
Michajlowski, Anej., author.
Other Form: Print version: Vladimirov, Andrew Assessing Information Security : Strategies, Tactics, Logic and Framewortk Cambridge : IT Governance Ltd,c1900 9781849285995
ISBN 9781849286008 (electronic bk.)
1849286000 (electronic bk.)
Add a Review