The best damn IT security management book period
The security field evolves rapidly becoming broader and more complex each year. The common thread tying the field together is the discipline of management. The Best Damn Security Manager's Handbook Period has comprehensive coverage of all management issues facing IT and security professionals a...
| Otros Autores: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Burlingont, Mass. : Oxford :
Syngress ; Elsevier Science
c2007.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627502906719 |
Tabla de Contenidos:
- Front Cover; The Best Damn IT Security Management Book Period; Copyright Page; About the Authors; Contents; Part 1: From Vulnerability to Patch; Chapter 1: Windows of Vulnerability; Introduction; What Are Vulnerabilities?; Understanding the Risks Posed by Vulnerabilities; Summary; Chapter 3: Vulnerability Assessment Tools; Introduction; Features of a Good Vulnerability Assessment Tool; Using a Vulnerability Assessment Tool; Step 1: Identify the Hosts on Your Network; Step 2: Classify the Hosts into Asset Groups; Step 3: Create an Audit Policy; Step 4: Launch the Scan
- Step 5: Analyze the ReportsStep 6: Remediate Where Necessary; Summary; Chapter 4: Vulnerability Assessment: Step One; Introduction; Know Your Network; Classifying Your Assets; I Thought This Was a Vulnerability Assessment Chapter; Summary; Chapter 5: Vulnerability Assessment: Step Two; Introduction; An Effective Scanning Program; Scanning Your Network; When to Scan; Summary; Chapter 6: Going Further; Introduction; Types of Penetration Tests; Scenario: An Internal Network Attack; Client Network; Step 1: Information Gathering; Operating System Detection; Discovering Open Ports and Enumerating
- Step 2: Determine VulnerabilitiesSetting Up the VA; Interpreting the VA Results; Penetration Testing; Step 3: Attack and Penetrate; Uploading Our Data; Attack and Penetrate; Searching the Web Server for Information; Discovering Web Services; Vulnerability Assessment versus a Penetration Test; Tips for Deciding between Conducting a VA or a Penetration Test; Internal versus External; Summary; Chapter 7: Vulnerability Management; Introduction; The Vulnerability Management Plan; The Six Stages of Vulnerability Management; Stage One: Identify; Stage Two: Assess; Stage Three: Remediate
- Stage Four: ReportStage Five: Improve; Stage Six: Monitor; Governance (What the Auditors Want to Know); Measuring the Performance of a Vulnerability Management Program; Common Problems with Vulnerability Management; Summary; Chapter 8: Vulnerability Management Tools; Introduction; The Perfect Tool in a Perfect World; Evaluating Vulnerability Management Tools; Commercial Vulnerability Management Tools; eEye Digital Security; Symantec (BindView); Attachmate (NetIQ); StillSecure; McAfee; Open Source and Free Vulnerability Management Tools; Asset Management, Workflow, and Knowledgebase
- Host DiscoveryVulnerability Scanning and Configuration Scanning; Configuration and Patch Scanning; Vulnerability Notification; Security Information Management; Managed Vulnerability Services; Summary; Chapter 9: Vulnerability and Configuration Management; Introduction; Patch Management; System Inventories; System Classification; System Baselines; Creating a Baseline; Baseline Example; The Common Vulnerability Scoring System; Building a Patch Test Lab; Establish a Patch Test Lab with ""Sacrificial Systems""; Virtualization; Environmental Simulation; Patch Distribution and Deployment
- Logging and Reporting
