Assessing Information Security Strategies, Tactics, Logic and Framewortk
Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best-practice advice available in the latest version of ISO 27001:2013. The authors explain how to use principles of military strategy to defend against cyber attacks, e...
| Autor principal: | |
|---|---|
| Otros Autores: | , |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Ely :
IT Governance Ltd
2015.
|
| Edición: | 2nd ed |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009630029106719 |
Tabla de Contenidos:
- Cover; Title; Copyright; Contents; Introduction; Chapter 1: Information Security Auditing and Strategy; The mindsets of ignorance; Defence-in-depth; Compelling adversaries to adapt; Chapter 2: Security Auditing, Governance, Policies and Compliance; General security policy shortcomings; Addressing security audits in policy statements; The erroneous path to compliance; Getting down to earth; Chapter 3: Security Assessments Classification; Black, grey and white box tests; Assessments specialisations and actual scopes; On technical information security assessments
- Server, client and network-centric testsIT security testing levels and target areas; 'Idiosyncratic' technical security tests; On non-technical information security audits; Premises and physical security checks; Social engineering tests; Security documentation reviews; Assessing security processes; Chapter 4: Advanced Pre-Assessment Planning; The four-stage framework; Selecting the targets of assessment; Evaluating what is on offer; Professional certifications and education; Publications and tools; The auditor company history and size; Dealing with common assessment emergencies
- Chapter 5: Security Audit Strategies and TacticsCentres of gravity and their types; Identifying critical points; The strategic exploitation cycle; External technical assessment recon; Social engineering recon; Internal technical assessment recon; Technical vulnerability discovery process; A brief on human vulnerabilities; The tactical exploitation cycle; Front, flank, simple, complex; The strategies of creating gaps; Chapter 6: Synthetic Evaluation of Risks; Risk, uncertainty and ugly Black Swans; On suitable risk analysis methodologies; On treatment of information security risks
- Relevant vulnerability categoriesGauging attacker skill; Weighting vulnerability impact; Contemplating the vulnerability remedy; Defining vulnerability risk level; Risks faced by large components; Compound risks, systempunkts and attacker logic; Total risk summary utilisation and dissection; Chapter 7: Presenting the Outcome and Follow-Up Acts; The report audience and style; The report summary; The report interpretation chapter; The bulk of the report; Explaining the overall security state; Elaborating on breakdown of risks; Using vulnerability origin investigations
- Post-audit assistance and follow-up hurdlesChapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies; Bad tactics and poor tests; On the assessment team ordnance; Of serpents and eagles; ITG Resources
