Mission-Critical Security Planner When Hackers Won’t Take No for an Answer

Eric Greenberg9780471211655, 0471211656

* Shows step-by-step how to complete a customized security improvement plan, including analyzing needs, justifying budgets, and selecting technology, while dramatically reducing time and cost * Includes worksheets at every stage for creating a comprehensive security plan meaningful to management and technical staff * Uses practical risk management techniques to intelligently assess and manage the network security risks facing your organization * Presents the material in a witty and lively style, backed up by solid business planning methods * Companion Web site provides all worksheets and the security planning template

---

Table of contents :
@Team LiB……Page 0
Acknowledgments……Page 4
Contents……Page 6
Introduction……Page 12
About the Author……Page 17
CHAPTER 1 Setting the Stage for
Successful Security Planning……Page 18
A Way of Thinking……Page 19
The Ultra-Planner……Page 20
The Shock-Advisor……Page 21
Identifying Risk……Page 22
The Attention Seeker……Page 23
The Curious……Page 24
Negotiating with Hackers……Page 25
Selling Security……Page 27
Authentication, Tokens, Smart Cards,
and Biometrics: An Overview……Page 28
Making the Security Sale: An Example……Page 29
Doing the Math……Page 32
Understanding Impact Analysis……Page 33
Performing Security Impact Analysis: An Example……Page 34
Counting the Cost of Security……Page 36
Establishing Maximum Impact, Cost,
and the Security Budget……Page 37
Estimating the Value of Security……Page 38
Laying the Security Foundation……Page 39
Improving Security as Part of the Business Process……Page 40
Conclusions……Page 41
Forming a Security Planning Team……Page 42
At the First Meeting……Page 44
Information……Page 46
People……Page 47
Security Life Cycle……Page 51
Choosing Technology……Page 52
Keeping a Lookout: Operations……Page 54
Activities……Page 55
Notifying Authorities……Page 61
Creating Order from Chaos: The Security Stack……Page 62
Preparing to Work with the Security Elements……Page 64
Introducing the Security Elements……Page 66
The Fundamentals……Page 67
The Wrap-up Elements……Page 85
Conclusions……Page 94
From Here to Security……Page 96
Organization of the Worksheets……Page 97
Summary……Page 107
Security Stack……Page 109
Life-Cycle Management……Page 114
Business……Page 118
Selling Security……Page 122
Summary……Page 124
Security Stack……Page 128
Life-Cycle Management……Page 133
Business……Page 136
Selling Security……Page 140
Summary……Page 143
Security Stack……Page 144
Life-Cycle Management……Page 151
Business……Page 154
Selling Security……Page 158
Summary……Page 160
Security Stack……Page 161
Life-Cycle Management……Page 164
Business……Page 167
Selling Security……Page 171
Summary……Page 173
Security Stack……Page 174
Life-Cycle Management……Page 178
Business……Page 181
Selling Security……Page 184
Summary……Page 186
Security Stack……Page 188
Life-Cycle Management……Page 192
Business……Page 195
Selling Security……Page 199
Conclusions……Page 202
CHAPTER 4 Using the Security Plan
Worksheets: The Remaining
Core and Wrap-up Elements……Page 204
Organization of the Worksheets……Page 205
Summary……Page 206
Security Stack……Page 207
Life-Cycle Management……Page 214
Business……Page 218
Selling Security……Page 221
Summary……Page 223
Security Stack……Page 225
Life-Cycle Management……Page 228
Business……Page 231
Selling Security……Page 234
Summary……Page 235
Security Stack……Page 239
Life-Cycle Management……Page 243
Business……Page 246
Selling Security……Page 250
Security Stack……Page 253
Life Cycle Management……Page 258
Business……Page 262
Selling Security……Page 265
Summary……Page 267
DRI: An Example……Page 268
Security Stack……Page 270
Life-Cycle Management……Page 273
Business……Page 276
Selling Security……Page 279
Summary……Page 281
Security Stack……Page 282
Life-Cycle Management……Page 287
Business……Page 291
Selling Security……Page 293
Summary……Page 296
Security Stack……Page 297
Life Cycle Management……Page 305
Business……Page 308
Selling Security……Page 312
Summary……Page 314
Security Stack……Page 315
Life-Cycle Management……Page 318
Business……Page 321
Selling Security……Page 324
Security Stack……Page 326
Life-Cycle Management……Page 330
Business……Page 332
Selling Security……Page 335
Interoperability and Standards……Page 338
Laws and Regulations……Page 340
Lockdown……Page 341
Lost or Stolen Items……Page 342
Managed (Outsourced) Security……Page 343
Performance……Page 344
Physical Security……Page 345
Support Interface……Page 347
Testing, Integration, and Staging……Page 349
Training……Page 350
Recovery……Page 351
Conclusions……Page 352
CHAPTER 5 Strategic Security Planning
with PKI……Page 354
PKI Primer……Page 355
Authentication and Nonrepudiation
with Digital Signatures……Page 356
Making a Business Case for PKI……Page 357
Benefits of Virtual Private Networks……Page 358
PKI Services……Page 359
Collaboration, Workflow, and Business Processes……Page 360
Software Distribution Methods……Page 361
Legislation……Page 362
Financial Services……Page 363
Legal……Page 364
Retail and Manufacturing……Page 365
Business Justification……Page 366
Scalability……Page 367
Complexity……Page 368
Physical Security……Page 369
Legislation……Page 370
Components of the Solution……Page 371
Roles and Responsibilities……Page 373
Educating Users on Internet and Digital Certificate Technologies……Page 374
Developing Digital Certificate Policies and Procedures……Page 375
OASIS Today……Page 376
Conclusions……Page 377
Practice Makes Perfect—Or at Least More Secure……Page 378
Into the Future: The Top 10 Methods of Attack……Page 381
In Closing……Page 389
For Further Reading……Page 392
Glossary……Page 396
Index……Page 418