LEADER 00000cam  2200601Ii 4500 
001    ocn905696121 
003    OCoLC 
005    20160518075609.1 
006    m     o  d         
007    cr cnu|||unuuu 
008    150327s2014    enk     o     000 0 eng d 
019    923547205|a923645871|a928193723|a929142793 
020    9781849286008|q(electronic bk.) 
020    1849286000|q(electronic bk.) 
035    (OCoLC)905696121|z(OCoLC)923547205|z(OCoLC)923645871
       |z(OCoLC)928193723|z(OCoLC)929142793 
040    N$T|beng|erda|epn|cN$T|dN$T|dJSTOR|dOCLCF|dEBLCP|dCOO 
049    GTKE 
050  4 QA76.9.A25|bV53 2014 
082 04 005.8|223 
100 1  Vladimirov, Andrew A.,|eauthor. 
245 10 Assessing information security :|bstrategies, tactics, 
       logic and framework /|cA. Vladimirov, K. Gavrilenko, A. 
       Michajlowski. 
250    Second edition. 
264  1 Ely, Cambridgeshire :|bIT Governance Publishing,|c2014. 
300    1 online resource (424 pages) 
336    text|btxt|2rdacontent 
337    computer|bc|2rdamedia 
338    online resource|bcr|2rdacarrier 
504    Includes bibliographical references. 
505 0  ""Cover""; ""Title""; ""Copyright""; ""Contents""; 
       ""Introduction""; ""Chapter 1: Information Security 
       Auditing and Strategy""; ""The mindsets of ignorance""; 
       ""Defence-in-depth""; ""Compelling adversaries to adapt"";
       ""Chapter 2: Security Auditing, Governance, Policies and 
       Compliance""; ""General security policy shortcomings""; 
       ""Addressing security audits in policy statements""; ""The
       erroneous path to compliance""; ""Getting down to earth"";
       ""Chapter 3: Security Assessments Classification""; 
       ""Black, grey and white box tests""; ""Assessments 
       specialisations and actual scopes"" 
505 8  ""On technical information security assessments""""Server,
       client and network-centric tests""; ""IT security testing 
       levels and target areas""; ""'Idiosyncratic' technical 
       security tests""; ""On non-technical information security 
       audits""; ""Premises and physical security checks""; 
       ""Social engineering tests""; ""Security documentation 
       reviews""; ""Assessing security processes""; ""Chapter 4: 
       Advanced Pre-Assessment Planning""; ""The four-stage 
       framework""; ""Selecting the targets of assessment""; 
       ""Evaluating what is on offer""; ""Professional 
       certifications and education"" 
505 8  ""Publications and tools""""The auditor company history 
       and size""; ""Dealing with common assessment 
       emergencies""; ""Chapter 5: Security Audit Strategies and 
       Tactics""; ""Centres of gravity and their types""; 
       ""Identifying critical points""; ""The strategic 
       exploitation cycle""; ""External technical assessment 
       recon""; ""Social engineering recon""; ""Internal 
       technical assessment recon""; ""Technical vulnerability 
       discovery process""; ""A brief on human vulnerabilities"";
       ""The tactical exploitation cycle""; ""Front, flank, 
       simple, complex""; ""The strategies of creating gaps"" 
505 8  ""Chapter 6: Synthetic Evaluation of Risks""""Risk, 
       uncertainty and ugly Black Swans""; ""On suitable risk 
       analysis methodologies""; ""On treatment of information 
       security risks""; ""Relevant vulnerability categories""; 
       ""Gauging attacker skill""; ""Weighting vulnerability 
       impact""; ""Contemplating the vulnerability remedy""; 
       ""Defining vulnerability risk level""; ""Risks faced by 
       large components""; ""Compound risks, systempunkts and 
       attacker logic""; ""Total risk summary utilisation and 
       dissection""; ""Chapter 7: Presenting the Outcome and 
       Follow-Up Acts""; ""The report audience and style"" 
505 8  ""The report summary""""The report interpretation 
       chapter""; ""The bulk of the report""; ""Explaining the 
       overall security state""; ""Elaborating on breakdown of 
       risks""; ""Using vulnerability origin investigations""; 
       ""Post-audit assistance and follow-up hurdles""; ""Chapter
       8: Reviewing Security Assessment Failures and Auditor 
       Management Strategies""; ""Bad tactics and poor tests""; 
       ""On the assessment team ordnance""; ""Of serpents and 
       eagles""; ""ITG Resources"" 
520    Build a strategic response to cyber attacks The activities
       of the cyber criminal are both deliberate and hostile, and
       they can be compared to military operations. Many people 
       in business understand that the insights from the classics
       of military strategy are as relevant to modern commerce as
       they are to war. It is clear that organisations need to 
       develop a view of cybersecurity that goes beyond 
       technology: all staff in the organisation have a role to 
       play, and it is the senior managers who must ensure, like 
       generals marshalling their forces, that all staff know the
       cyber security policies that. 
588 0  Vendor-supplied metadata. 
650  0 Computer security. 
650  0 Information technology. 
650  0 Computer security|zUnited States. 
650  0 Data protection|zUnited States. 
650  7 COMPUTERS / Internet / Security.|2bisacsh 
650  7 COMPUTERS / Networking / Security.|2bisacsh 
650  7 COMPUTERS / Security / General.|2bisacsh 
650  7 COMPUTERS / General.|2bisacsh 
650  7 Computer security.|2fast|0(OCoLC)fst00872484 
650  7 Information technology.|2fast|0(OCoLC)fst00973089 
655  0 Electronic books. 
700 1  Gavrilenko, Konstantin,|eauthor. 
700 1  Michajlowski, Anej.,|eauthor. 
776 08 |iPrint version:|aVladimirov, Andrew|tAssessing 
       Information Security : Strategies, Tactics, Logic and 
       Framewortk|dCambridge : IT Governance Ltd,c1900
       |z9781849285995 
914    ocn905696121 
994    93|bGTK