To search this page, use Edit > Find / Replace in the toolbar or Control-F.
Offering the information you need to secure your information, systems, and sites, this online library contains the work of seasoned experts who discuss preferred software packages and models, as well as give step-by-step advice on how to maximize talent, processes, and resources to produce a positive bottom line.
 |
PKI is essential for Web services and secure electronic business transaction. Public Key Infrastructure: Building Trusted Applications and Web Services shows how to make advanced PKI technology successful in any organization. whether for internal security or Web services. It details how to develop advanced PKI technology online; lists available PKI software and its functionality; describes how to choose right operating system for PKI; dvaluates how other organizations made choices; walks through the steps of certificate management: requesting, obtaining, storing, using, and revoking a certificate; and looks into expectations for a Certificate Authority (CA) and what a CA will expect of you. | ||||||||||||||
 |
The Hacker's Handbook: The Strategy Behind Breaking Into and Defending Networks moves ahead of the pack of books about digital security by revealing the technical aspects of hacking that are least understood by network administrators. This is accomplished by analyzing subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific technical components and administrative tasks, providing theoretical background that prepares network defenders for the always-changing and creative tools and techniques of intruders. | ||||||||||||||
 |
The Practical Guide to HIPAA Privacy and Security Compliance is a one-stop resource for real-world HIPAA privacy and security advice that you can immediately apply to your organization's unique situation. This how-to reference explains what HIPAA is about, what it requires, and what you can do to achieve and maintain compliance. It describes the HIPAA Privacy and Security Rules and compliance tasks in easy-to-understand language, focusing not on technical jargon, but on what you need to do to meet requirements. | ||||||||||||||
 |
Strategic Information Security integrates the importance of sound security policy with the strategic goals of an organization. It provides IT professionals and management with insight into the issues surrounding the goals of protecting valuable information assets. This text reiterates that an effective information security program relies on more than policies or hardware and software, instead it hinges on having a mindset that security is a core part of the business and not just an afterthought. Armed with the content contained in this book, security specialists can redirect the discussion of security towards the terms and concepts that management understands. This increases the likelihood of obtaining the funding and managerial support that is needed to build and maintain airtight security programs. | ||||||||||||||
 |
Critical Incident Management presents an expert overview of the elements that organizations need to address in order to prepare for and respond to network and information security violations. Written in a concise, practical style that emphasizes key points, this guide focuses on the establishment of policies and actions that prevent the loss of critical information or damage to infrastructure.
Network Perimeter Security: Building Defense In-Depth reveals how you can evaluate the security
needs of your network, develop a security policy for your company, and create a budget based upon that policy. It assists
you in designing the security model, and outlines the testing process. Through the concepts and case studies presented
in this book, you will learn to build a comprehensive perimeter defense architecture based upon multiple layers of
protection, with expert recommendations for configuring firewalls, routers, intrusion detection system, and other
security tools and network components. | 
The Investigator's Guide to Steganography provides a comprehensive look at this unique form of
hidden communication from its earliest beginnings to its most modern uses. The book begins by exploring the past,
providing valuable insight into how this method of communication began and evolved from ancient times to the present
day. It continues with an in-depth look at the workings of digital steganography and watermarking methods, available
tools on the Internet, and a review of companies who are providing cutting edge steganography and watermarking
services. The third section builds on the first two by outlining and discussing real world uses of steganography
from the business and entertainment to national security and terrorism. The book concludes by reviewing steganography
detection methods and what can be expected in the future. |
Managing a Network Vulnerability Assessment provides a formal framework for finding and eliminating network security threats, ensuring that no vulnerabilities are overlooked. This thorough overview focuses on the steps necessary to successfully manage an assessment, including the development of a scope statement, the understanding and proper use of assessment methodology, the creation of an expert assessment team, and the production of a valuable response report. The book also details what commercial, freeware, and shareware tools are available, how they work, and how to use them. By following the procedures outlined in this guide, a company can pinpoint what individual parts of their network need to be hardened, and avoid expensive and unnecessary purchases.
| 
Securing Windows NT/2000: From Policies to Firewalls
This managerial guide and practical technical tutorial provides viable security solutions for your organization. It
presents in-depth knowledge on how, why, and where these operating systems must be tuned in order to use them securely
to connect to the Internet. The book presents the steps required to define a corporate security policy, how to
implement that policy, and how to structure the project plan. It also provides practical provides step-by-step
instructions that guide you through performing a secure installation and in preparing the system for secure
operation on the Internet using Check Point Firewall-1. |
The Asset Protection and Security Management Handbook is a must for all professionals involved
in the protection of assets. For those new to the security profession, the text covers the fundamental aspects of
security and security management providing a firm foundation for advanced development. For the experienced security
practitioner, it provides the tools necessary for developing effective solutions and responses to the growing number
of challenges encountered by today's security professionals. Based on the ASIS asset protection course, the text
provides information vital to security planning and operational requirements. It addresses the most commonly
recognized issues in the field and explores the future of asset protection management.
|  Designed to be used by acquiring organizations, system integrators, manufacturers, and Common Criteria testing and
certification labs,
Using the Common Criteria for IT Security Evaluation explains how and why to use the Common
Criteria during the acquisition, implementation or evaluation of an IT product, system, network, or services contract.
The text describes the Common Criteria methodology; the major processes, steps, activities, concepts, terminology,
and how the CC methodology is used throughout the life of a system. It illustrates how each category of user should
employ the methodology as well as their different roles and responsibilities. |
The Total CISSP Exam Prep Book: Practice Questions, Answers, and Test Taking Tips and Techniques
starts with a review of each of the ten domains and provides 25 sample questions with answers and references for each.
It discusses successful approaches for preparing for the exam based on experiences of those who have recently passed
the exam. It then provides two complete 250 questions practice exams with answers. Explanations are provided to clarify
why the correct answers are correct, and why the incorrect answers are incorrect. | |
Intended for those interested in the construction and operation of an IA or Information Security (InfoSec) program,
Building a Global Information Assurance Program describes the key building blocks of an IA development effort. The text presents a systems development
life cycle (SDLC) methodology specifically tailored for an IA program. This process is a structured, cradle-to-grave
approach to IA program development, from program planning and design to implementation, support, and phase out. It
provides a proven series of steps and tasks that you can follow to build quality IA programs faster, at lower costs,
and with less risk.
Privacy Papers: Managing Technology, Consumer, Employee, and Legislative Actions is a book for
C-level executives, IT managers, HR managers, security officers, privacy officers, and legal professionals. It
covers all aspects of technology and legislation that enable privacy and also those that place it at risk.
This how-to guide presents sample policies for employee training, awareness, and acceptable use; covers why
companies must protect data and how to do it; describes the technology that makes information more private; and
lists and summarizes major federal and international privacy legislation.
Secure Internet Practices: Best Practices for Securing Systems in the Internet and e-Business Age
presents an overview of security programs, policies, goals, life cycle development issues, infrastructure, and architecture aimed at enabling readers to effectively implement security at their organization. In addition to discussing general issues and solutions, the book provides concrete examples and templates for crafting or revamping your security program in the form of an Enterprise-Wide Security Program Modal, and an Information Security Policy Framework. Although rich in technical expertise, this is not strictly a handbook of Internet technologies, but a guide that is equally useful to business, finance, and manufacturing.
Building an Information Security Awareness Program
This takes you step-by-step through the
methodology for developing, distributing, and monitoring an information security awareness
program. It includes detailed instructions on how to communicate the message and describes
how to efficiently use outside sources to optimize the impact of a small staff. The author
stresses the importance of security and the entire organizations' role and responsibility
in protecting it. He also presents the material in a fashion that makes it easy for
non-technical staff members to grasp the concepts.
Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes
This is a comprehensive, highly usable, and clearly organized field manual of the issues, tools, and control
techniques that audit, law enforcement, and infosecurity professionals need to know to successfully investigate
illegal activities perpetrated through the use of information technology. With the "ready-made" audit routines
included in the appendix, the reader can immediately implement field audits. The step-by-step design allows
the reader to gain comprehension of how the routines are developed, and how they can be applied in an
audit/investigative situation. For more, go to to authors' Web site.
A Practical Guide to Security Engineering and Information Assurance
is a comprehensive, practical guide to security engineering this book provides insight into the broader realm of information assurance (IA). It explains real-world strategies applicable to all systems, from small systems supporting a home-based business to those of a multinational corporation, government agency, or critical infrastructure system. The author provides step-by-step, in-depth processes for defining information security and assurance goals, performing vulnerability and threat analysis, implementing and verifying the effectiveness of threat control measures, and conducting accident and incident investigations.
Securing e-Business Applications and Communications
Here's everything you need to know to build a secure E-Commerce web site from the ground up.
Written with heterogeneous networks in mind, it includes implementation examples for
Unix (Solaris and Linux), Windows NT 4.0, and Windows 2000. Numerous coding examples
illustrate how to use the most current technologies from Microsoft, Sun, and others to
support secure transactions. It also explores the most popular web servers, the
technologies that drive them, and a number of commercial utilities that can be used
to manage them remotely.
Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management
Covers writing policies, writing procedures, and writing standards, and how to integrate them into a comprehensive document for managing information security. Uses BS 7799 and ISO 17799 standards as the foundation for the content. Includes examples of existing documents and checklists to help the critique these documents.
A Technical Guide to IPSec Virtual Private Networks provides a
technical explanation of a very complicated and misunderstood technology in terms that
will allow the most novice of individuals to understand the inner workings of IPSec. It
details the suite of IP Security protocols and their interaction with users, systems, and
devices. It includes in-depth descriptions of the various IPSec communications and key
management protocols that provide the foundation of secure communications. Includes
multiple examples of implementations and real world experience and their comparison to
the standards that make up IPSec.
Information Security Policies and Procedures: A Practitioner's Guide, Second Edition, developed by corporate
information security guru Tom Peltier, and successfully implemented at numerous
Fortune 500 companies, Information Security Policy and Procedures will
substantially reduce the time and cost usually associated with developing corporate
security policies and procedures. In an easy-to-use modular format, it supplies you with
everything you need to produce a comprehensive set of policies and procedures,
custom-tailored to your organization-quickly, cheaply, and without all the friction
and frustration.
Effective Use of Teams in IT Audits, the latest supplement to
Standard for Auditing Computer Applications, presents four
approaches to ensure that you use teams effectively.
A Standard for Auditing Computer Applications is a step-by-step guide to auditing financial and operational applications systems for internal auditors.
Business Resumption Planning is a reference that answers to the most frequently asked questions about data center recovery, communications recovery, and general business operations recovery. Included with the handbook are complete forms and checklists on diskette that can be used to produce a detailed, custom disaster recovery plan.
Call Center Continuity Planning shows you how to plan for continuity through disasters large and small -- everything from power outages and hurricanes to unexpected peaks in inbound call volume that might threaten to swamp your call-takers.
