A Practical Guide to Security Assessments
by Sudhanshu Kairab
A Practical Guide to Security Assessments is a process-focused approach that presents a structured methodology for conducting assessments. The key element of the methodology is an understanding of business goals and processes, and how security measures are aligned with business risks. The guide also emphasizes that resulting security recommendations should be cost-effective and commensurate with the security risk. The methodology described serves as a foundation for building and maintaining an information security program.
In addition to the methodology, the book includes an Appendix that contains questionnaires that can be modified and used to conduct security assessments.
This guide is for security professionals who can immediately apply the methodology on the job, and also benefits management who can use the methodology to better understand information security and identify areas for improvement.
by Owen Poole
Open Source Security Tools
by Tony Howlett
Few frontline system administrators can afford to spend all day worrying about security. But in this age of widespread virus infections, worms, and digital attacks, no one can afford to neglect network defenses.
Written with the harried IT manager in mind, Open Source Security Tools is a practical, hands-on introduction to open source security tools. Seasoned security expert Tony Howlett has reviewed the overwhelming assortment of these free and low-cost solutions to provide you with the “best of breed” for all major areas of information security.
Inside, you’ll find everything from how to harden Linux and Windows systems to how to investigate breaches with Sleuth Kit, Autopsy Forensic Browser, and Forensic Tool Kit. For each security task described, the author reviews the best open source tools and how to use them and also provides a case study and sample implementation. Covered tasks include:
- Installing an open source firewall using Ipchains, Iptables, Turtle firewall, or Smoothwall
- Scanning ports and testing for vulnerabilities using Nmap, Nlog, Nmap for Windows, Nessus,and NessusWX
- Using sniffers and network-intrusion systems, including Tcpdump, Ethereal, Windump, Snort(tm), and Snort(tm) for Windows
- Tracking and analyzing collected data with Swatch, ACID, and NCC
- Encrypting communications with PGP, GnuPG, SSH, and Free S/WAN
This handy reference also tackles the emerging field of wireless security and covers tools such as Kismet Wireless, Airsnort, and Netstumber.
Whether you’re a Windows system administrator or a network administrator, you will come away with an understanding of how open source security tools can help protect your organization and further your own career.
Information Security Risk Assessment Toolkit
by Mark Talabis, Jason Martin
In order to protect company’s information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. Information Security Risk Assessment Toolkit gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders.
- Based on authors’ experiences of real-world assessments, reports, and presentations
- Focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment
- Includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment
Security Risk Management
by Evan Wheeler
Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks.
This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program.
This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs.
- Named a 2011 Best Governance and ISMS Book by InfoSec Reviews
- Includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment
- Explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk
- Presents a roadmap for designing and implementing a security risk management program
The Practical Guide to HIPAA Privacy and Security Compliance
by Rebecca Herold, Kevin Beaver
Following in the footsteps of its bestselling predecessor, The Practical Guide to HIPAA Privacy and Security Compliance, Second Edition is a one-stop, up-to-date resource on Health Insurance Portability and Accountability Act (HIPAA) privacy and security, including details on the HITECH Act, the 2013 Omnibus Rule, and the pending rules. Updated and revised with several new sections, this edition defines what HIPAA is, what it requires, and what you need to do to achieve compliance.
The book provides an easy-to-understand overview of HIPAA privacy and security rules and compliance tasks. Supplying authoritative insights into real-world HIPAA privacy and security issues, it summarizes the analysis, training, and technology needed to properly plan and implement privacy and security policies, training, and an overall program to manage information risks. Instead of focusing on technical jargon, the book spells out what your organization must do to achieve and maintain compliance requirements on an ongoing basis.
Security Risk Assessment
by John M. White
Security Risk Assessment is the most up-to-date and comprehensive resource available on how to conduct a thorough security assessment for any organization.
A good security assessment is a fact-finding process that determines an organization’s state of security protection. It exposes vulnerabilities, determines the potential for losses, and devises a plan to address these security concerns. While most security professionals have heard of a security assessment, many do not know how to conduct one, how it’s used, or how to evaluate what they have found.
Security Risk Assessment offers security professionals step-by-step guidance for conducting a complete risk assessment. It provides a template draw from, giving security professionals the tools needed to conduct an assessment using the most current approaches, theories, and best practices.
- Discusses practical and proven techniques for effectively conducting security assessments
- Includes interview guides, checklists, and sample reports
- Accessibly written for security professionals with different levels of experience conducting security assessments
Information Technology Risk Management in Enterprise Environments
by Jake Kouns, Daniel Minoli
- Discusses all types of corporate risks and practical means ofdefending against them.
- Security is currently identified as a critical area ofInformation Technology management by a majority of government,commercial, and industrial organizations.
- Offers an effective risk management program, which is the mostcritical function of an information security program.
Strategic Security Management
by Karim Vellani
Strategic Security Management supports data driven security that is measurable, quantifiable and practical. Written for security professionals and other professionals responsible for making security decisions as well as for security management and criminal justice students, this text provides a fresh perspective on the risk assessment process. It also provides food for thought on protecting an organization’s assets, giving decision makers the foundation needed to climb the next step up the corporate ladder.
Strategic Security Management fills a definitive need for guidelines on security best practices. The book also explores the process of in-depth security analysis for decision making, and provides the reader with the framework needed to apply security concepts to specific scenarios. Advanced threat, vulnerability, and risk assessment techniques are presented as the basis for security strategies. These concepts are related back to establishing effective security programs, including program implementation, management, and evaluation. The book also covers metric-based security resource allocation of countermeasures, including security procedures, personnel, and electronic measures.
Strategic Security Management contains contributions by many renowned security experts, such as Nick Vellani, Karl Langhorst, Brian Gouin, James Clark, Norman Bates, and Charles Sennewald.
- Provides clear direction on how to meet new business demands on the security professional
- Guides the security professional in using hard data to drive a security strategy, and follows through with the means to measure success of the program
- Covers threat assessment, vulnerability assessment, and risk assessment – and highlights the differences, advantages, and disadvantages of each