Enterprise security: IT security solutions: concepts, practical experiences, technologies
Gespeichert in:
| Weitere Verfasser: | , |
|---|---|
| Format: | Buch |
| Sprache: | English |
| Veröffentlicht: |
Erlangen
Publicis Corporate Publishing
2006
|
| Schlagworte: | |
| Online-Zugang: | Inhaltstext Ausführliche Beschreibung Inhaltsverzeichnis |
| Beschreibung: | 262 Seiten Illustrationen, Diagramme |
| ISBN: | 389578267X |
Internformat
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV021266078 | ||
| 003 | DE-604 | ||
| 005 | 20230601 | ||
| 007 | t | ||
| 008 | 051214s2006 a||| |||| 00||| eng d | ||
| 015 | |a 05,N23,0024 |2 dnb | ||
| 016 | 7 | |a 974927880 |2 DE-101 | |
| 020 | |a 389578267X |c Gb. : ca. sfr 64.00 (freier Pr.), ca. EUR 39.90 (freier Pr.) |9 3-89578-267-X | ||
| 024 | 3 | |a 9783895782671 | |
| 035 | |a (OCoLC)63137456 | ||
| 035 | |a (DE-599)BVBBV021266078 | ||
| 040 | |a DE-604 |b ger |e rakddb | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-12 |a DE-29T |a DE-29 |a DE-1051 |a DE-355 |a DE-1102 |a DE-91G |a DE-634 |a DE-83 |a DE-Aug4 | ||
| 050 | 0 | |a QA76.9.A25 | |
| 082 | 0 | |a 005.8 |2 22 | |
| 084 | |a QP 345 |0 (DE-625)141866: |2 rvk | ||
| 084 | |a ST 276 |0 (DE-625)143642: |2 rvk | ||
| 084 | |a WIR 570f |2 stub | ||
| 084 | |a 004 |2 sdnb | ||
| 084 | |a DAT 465f |2 stub | ||
| 084 | |a WIR 546f |2 stub | ||
| 084 | |a 650 |2 sdnb | ||
| 245 | 1 | 0 | |a Enterprise security |b IT security solutions: concepts, practical experiences, technologies |c edited by Walter Fumy and Joerg Sauerbrey |
| 264 | 1 | |a Erlangen |b Publicis Corporate Publishing |c 2006 | |
| 300 | |a 262 Seiten |b Illustrationen, Diagramme | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 650 | 4 | |a Commerce électronique - Sécurité - Mesures | |
| 650 | 4 | |a Systèmes informatiques - Sécurité - Mesures | |
| 650 | 4 | |a Sécurité informatique | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Electronic commerce |x Security measures | |
| 650 | 0 | 7 | |a Computersicherheit |0 (DE-588)4274324-2 |2 gnd |9 rswk-swf |
| 650 | 0 | 7 | |a Betriebliches Informationssystem |0 (DE-588)4069386-7 |2 gnd |9 rswk-swf |
| 650 | 0 | 7 | |a Informationsmanagement |0 (DE-588)4114012-6 |2 gnd |9 rswk-swf |
| 650 | 0 | 7 | |a Datensicherung |0 (DE-588)4011144-1 |2 gnd |9 rswk-swf |
| 689 | 0 | 0 | |a Betriebliches Informationssystem |0 (DE-588)4069386-7 |D s |
| 689 | 0 | 1 | |a Computersicherheit |0 (DE-588)4274324-2 |D s |
| 689 | 0 | 2 | |a Informationsmanagement |0 (DE-588)4114012-6 |D s |
| 689 | 0 | |5 DE-604 | |
| 689 | 1 | 0 | |a Betriebliches Informationssystem |0 (DE-588)4069386-7 |D s |
| 689 | 1 | 1 | |a Datensicherung |0 (DE-588)4011144-1 |D s |
| 689 | 1 | 2 | |a Informationsmanagement |0 (DE-588)4114012-6 |D s |
| 689 | 1 | |5 DE-604 | |
| 700 | 1 | |a Fumy, Walter |d 19XX- |0 (DE-588)1291286624 |4 edt | |
| 700 | 1 | |a Sauerbrey, Jörg |d 19XX- |0 (DE-588)1291292624 |4 edt | |
| 856 | 4 | 2 | |q text/html |u http://deposit.dnb.de/cgi-bin/dokserv?id=2633106&prov=M&dok_var=1&dok_ext=htm |3 Inhaltstext |
| 856 | 4 | 2 | |q text/html |u http://books.publicis-erlangen.de/de/produkte/management/bwl/index.cfm?bookid=5839 |3 Ausführliche Beschreibung |
| 856 | 4 | 2 | |m Digitalisierung UBRegensburg |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014587261&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 999 | |a oai:aleph.bib-bvb.de:BVB01-014587261 | ||
Datensatz im Suchindex
| _version_ | 1804135043576102912 |
|---|---|
| adam_text | Contents
Introduction
1
Challenges
for
Enterprise
Security (Walter Fumy and Joerg Sauerbrey)
........16
1.1
Threats
........................................................16
1.2
Enabling New Business Opportunities
................................19
1.3
Compliance
.....................................................20
1.4
Why this Book?
.................................................23
1.5
How to Read this Book
............................................24
Part I: Concepts and Trends
2
Information Security Management
(Sabine Kornprobst
and Roberto Pillmaier)
... 28
2.1
Goals of Information Security Management
...........................28
2.2
Starting Point
/
Current Situation
....................................30
2.3
Drivers for Information Security Management
.........................32
2.4
What s the Best Way?
.............................................35
2.5
Object-Oriented vs. Process-Oriented Approach
........................35
2.6
Strategic Comprehensive Approach
..................................36
2.7
Solutions
.......................................................37
2.8
Conclusion
.....................................................43
3
Network and System Security
(Uwe
Blacker)
...........................44
3.1
Challenges and Requirements
......................................44
3.2
Solution Components
.............................................45
3.2.1
Firewall
.....................................................46
3.2.2
Virtual Private Networks
........................................48
3.2.3
Remote LAN Access
...........................................50
3.2.4
Intrusion Detection and Prevention Systems
.........................51
3.2.5
Filtering Content: Content Security and Gateway
Antivirus.............53
3.2.6
All-in-One Communication Platforms
.............................54
3.3
Integrated Solution for Data and Voice Communication
..................55
3.4
Conclusion
.....................................................55
4
Smart Card Solutions (Axel
Pfau) ....................................57
4.1
Introduction
....................................................57
Contents
4.2
Types of
Smart
Cards
.............................................58
4.2.1
Communication with the Chip
....................................58
4.2.2
Type of Chip
.................................................59
4.3
Smart Card Infrastructure
..........................................61
4.3.1
Card Management System (CMS)
.................................61
4.3.2
Public Key Infrastructure (PKI)
...................................63
4.3.3
Smart Card Readers
............................................64
4.4
Smart Card-Enabled Applications
...................................65
4.4.1
One Card, Many Functions
......................................66
4.4.2
The Argument for Single Sign-On
.................................67
4.4.3
Return on Investment for Smart Card-Enabled Solutions
...............68
4.5
Conclusion
.....................................................69
5
Identity and Access Management
(IAM)
(Rudolf Wildgmber)
...............70
5.1
Challenges
......................................................70
5.2
Use Cases
......................................................71
5.2.1
Making a New Employee Productive Quickly
.......................71
5.2.2
Changing an Employee s Job Function
.............................72
5.2.3
Changing a User Password
......................................73
5.2.4
Authorizing an Order
...........................................73
5.2.5
Web Single Sign-On
...........................................74
5.3
Components
....................................................75
5.3.1
Directory Services
.............................................75
5.3.2
Identity Management
...........................................76
5.3.3
Access Management
...........................................79
5.4
IAM
for Heterogeneous Environments
................................81
5.5
IAM
and Regulatory Compliance
....................................82
5.6
Conclusion
.....................................................82
6 Biometrie
Authentication
(Gerd
Hrlbernig and Peter Weinzieri)
...............84
6.1
Biometrie
Systems
...............................................84
6.1.1
Types of
Biometrie
Systems
.....................................84
6.1.2
General Working Scheme of
a Biometrie
System
.....................87
6.1.3
Components of
a Biometrie
System
...............................88
6.2
Deployment of
Biometrie
Systems
...................................89
6.2.1
Requirements
.................................................89
6.2.2
Verification versus Identification Scenario
..........................90
6.2.3
Performance of
Biometrie
Systems
................................90
6.3
Biometrics Security
-
User Authentication
............................93
6.3.1
General
.....................................................93
6.3.2
Two- and Multi-Factor Authentication
.............................93
6.3.3
Combining Possession and Biometrics
.............................94
6.3.4
Fraud and Mitigation
...........................................96
Contents
6.4 Systems........................................................97
6.5 Software ......................................................100
6.6
Conclusion
....................................................102
Part
II:
Practical
Experiences
7
Risk
Management in
the
Financial Services
Industry (Roland
Müller) ..... 104
7.1
The Merger of Two
Automotive
Corporations.........................
104
7.2 Legal
Requirements for
Financial Services Providers................... 105
7.2.1
Risk Control Legislation
....................................... 105
7.2.2 Data
Protection Legislation
..................................... 105
7.2.3
Legislation Fighting Organized Crime and Terrorism
................ 106
7.3
The Decision to Use an International Standard
........................ 106
7.4
Information Security Status Evaluation
.............................. 108
7.5
Derivation of Activities
........................................... 109
7.5.1
Corporate-wide Activities
...................................... 110
7.5.2
Local Activities
..............................................
Ill
7.6
Interim results
.................................................. 112
7.6.1
Support Process
.............................................. 112
7.6.2
Work Stream Results
.......................................... 112
7.7
The Ongoing Information Security Process
........................... 114
7.8
Conclusion
.................................................... 115
8
Digital Signatures for eGovernment Applications (Joacquin Galeano)
...... 116
8.1
Introduction
................................................... 116
8.2
ACCV
-
The Certification Authority (CA)
............................ 116
8.2.1
What Can Be Done With the Certificates?
......................... 117
8.2.2
Implementation Steps
......................................... 118
8.3
Applications
................................................... 120
8.4
Some Relevant Data
............................................. 124
8.5
Conclusion
.................................................... 124
9
Identity Management for an Insurance Company
(Jürgen
Lorek)
......... 126
9.1
The Starting Point
............................................... 126
9.2
Project Setup and Goals
.......................................... 128
9.3
The New Solution
............................................... 129
9.4
Success Factors
................................................. 132
9.5
Conclusion
.................................................... 132
10
Infosec Management in a Global Enterprise
(Reinhard Schöpf)........... 134
10.1
Introduction and Motivation
...................................... 134
10.2
The Siemens PKI
.............................................. 135
10.3
The Siemens Corporate ID Card
.................................. 140
10
Contents
10.4 The Business
Case
.............................................141
10.4.1 Electronic
Identities
.......................................... 142
10.4.2 Digital
Signatures
........................................... 143
10.4.3
Increase of Security
.......................................... 144
10.5
Benchmarking
................................................. 145
10.6
Conclusion
................................................... 145
Part III: Technologies and Standards
11
Cryptographic Techniques (Walter Fumy and
Ute Rosenbaum) .............148
11.1
Goals of Cryptographic Techniques
................................148
11.1.1
Symmetric Algorithms
........................................149
11.1.2
Asymmetric Algorithms
......................................150
11.1.3
Keyless Algorithms
..........................................152
11.2
Symmetric Encryption Algorithms
.................................153
11.2.1
Stream and Block Ciphers
.....................................153
11.2.2 DES ......................................................154
11.2.3
Triple-DES
.................................................154
11.2.4
AES
......................................................154
11.2.5
Other Symmetric Ciphers
.....................................155
11.3
Asymmetric Encryption Algorithms
................................
1
56
11.3.1
RSA Encryption
............................................. 156
11.3.2
Hybrid Encryption
........................................... 157
11.4
Hash Functions
................................................ 157
11.5
Message Authentication Codes (MAC)
............................. 158
11.6
Digital Signatures
.............................................. 159
11.6.1
RSA Signatures
.............................................159
11.6.2
Discrete Logarithm-Based Signatures
............................160
11.6.3
Elliptic Curve-Based Signatures
................................160
11.7
Algorithm and Parameter Recommendations
.........................160
11.7.1
Security Levels and Moore s Law
...............................161
11.7.2
Cryptanalysis
...............................................162
11.7.3
Quantum Cryptanalysis
.......................................162
11.7.4
Key Size Recommendations
...................................163
11.8
Conclusion
...................................................166
12
Public Key Infrastructure (PKI) (Michael Munzert)
....................167
12.1
Motivation
....................................................167
12.2
Certificates
...................................................168
12.3
Users, Services and Components of a PKI
...........................171
12.3.1
PKI Users
..................................................171
12.3.2
PKI Services
...............................................172
11
Contents
12.3.3
PKI
Components
............................................ 173
12.3.4
Communication between PKI Components, PKI Users and PKI Services
176
12.4
PKI and Authentication
......................................... 177
12.5
PKI Domains
................................................. 177
12.5.1
Single Trust Domain
......................................... 177
12.5.2
Combining Trust Domains
....................................179
12.6
Deployment Considerations
-
Essential Steps for Building up a PKI
......180
12.7
Conclusion
................................................... 182
13
Smart Card Technologies
(Detlef
Houdeau)
........................... 183
13.1
The Beginning
................................................ 183
13.2
Application Segments for Smart Cards
............................. 184
13.3
Technology Drivers
............................................ 185
13.3.1
Computing Power
........................................... 185
13.3.2
Memory Size
............................................... 185
13.3.3
Security on Silicon
.......................................... 186
13.4
Interface and Speed
............................................ 188
13.4.1
Contact Interface
............................................ 188
13.4.2
Contact-less Interface
........................................ 188
13.4.3
USB Interface
.............................................. 189
13.5
Standards
.................................................... 189
13.6
Smart Card Production
.......................................... 190
13.7
Conclusion
................................................... 191
14
Identity and Access Management Technologies
(Teodor Dumitrescu
and Oliver Pfaff)
................................... 192
14.1
Fundamental Concepts
.......................................... 192
14.1.1
Identity Management
......................................... 192
14.1.2
Authentication and Single Sign-On
(SSO)........................ 193
14.1.3
Authorization
............................................... 195
14.1.4
Identity and Access Management Reference Model
................. 197
14.2
Traditional Technologies
........................................ 197
14.2.1
LDAP
..................................................... 197
14.2.2
X.500
..................................................... 200
14.2.3
Metadirectory and Provisioning
................................ 202
14.2.4 Kerberos .................................................. 204
14.2.5
Traditional Authorization Techniques
............................ 206
14.2.6
Further Initiatives
........................................... 210
14.3
Emerging Technologies
......................................... 210
14.3.1
SAML
.................................................... 210
14.3.2
Shibboleth
................................................. 211
14.3.3
Liberty-Alliance
............................................ 212
14.3.4
XACML
.................................................. 213
14.3.5
Web Services Security (WS-Security)
........................... 215
12
Contents
14.3.6 SPML.....................................................217
14.3.7 Further Initiatives............................................219
14.4 Applications
and Examples
......................................220
14.4.1
Provisioning
Windows Domain
Accounts
.........................220
14.4.2 Web-SSO
and Authorization
...................................221
14.4.3
Identity Federation
...........................................223
14.5
Conclusion
...................................................225
15
Information Security Management Systems (Steve O Reilly)
.............226
15.1
The Need for and Relevance
ofinformation
Security
..................226
15.1.1
Introduction
................................................226
15.1.2
Business Drivers for Information Security
........................227
15.1.3
Business Issues
.............................................229
15.2
Focussing on Security Critical Business Processes
....................229
15.2.1
Setting a Management System Scope
............................230
15.2.2
Scoping and Security Assurance Strategies
........................231
15.3
Establishing an Effective Information Security Structure and Culture
......232
15.3.1
Management System Development
..............................232
15.3.2
Information Security Assessment and Improvement
.................233
15.3.3
The Information Asset Register
.................................234
15.3.4
Selecting Risk Justified Controls
................................234
15.3.5
Implementing Controls
.......................................235
15.3.6
Security Documentation
......................................235
15.3.7
Security Roles and Responsibilities
.............................236
15.3.8
Information Security Management Forum
........................237
15.4
Maintaining Effective Security
....................................237
15.4.1
ISMS Maintenance
..........................................237
15.4.2
Raising Security Awareness
....................................237
15.4.3
Security Incident Reporting and Management
.....................238
15.4.4
Security Assurance Mechanisms
................................238
15.4.5
Operating the ISMS
..........................................239
15.5
Assurance in Third Parties and Outsourcing Issues
....................240
15.5.1
Typical Third Party and Outsourcing Scenarios
....................240
15.5.2
Achieving and Measuring Security Assurance
.....................243
15.6
Conclusion
...................................................244
Glossary and Abbreviations
.........................................245
References
........................................................253
Index
............................................................260
13
|
| adam_txt |
Contents
Introduction
1
Challenges
for
Enterprise
Security (Walter Fumy and Joerg Sauerbrey)
.16
1.1
Threats
.16
1.2
Enabling New Business Opportunities
.19
1.3
Compliance
.20
1.4
Why this Book?
.23
1.5
How to Read this Book
.24
Part I: Concepts and Trends
2
Information Security Management
(Sabine Kornprobst
and Roberto Pillmaier)
. 28
2.1
Goals of Information Security Management
.28
2.2
Starting Point
/
Current Situation
.30
2.3
Drivers for Information Security Management
.32
2.4
What's the Best Way?
.35
2.5
Object-Oriented vs. Process-Oriented Approach
.35
2.6
Strategic Comprehensive Approach
.36
2.7
Solutions
.37
2.8
Conclusion
.43
3
Network and System Security
(Uwe
Blacker)
.44
3.1
Challenges and Requirements
.44
3.2
Solution Components
.45
3.2.1
Firewall
.46
3.2.2
Virtual Private Networks
.48
3.2.3
Remote LAN Access
.50
3.2.4
Intrusion Detection and Prevention Systems
.51
3.2.5
Filtering Content: Content Security and Gateway
Antivirus.53
3.2.6
All-in-One Communication Platforms
.54
3.3
Integrated Solution for Data and Voice Communication
.55
3.4
Conclusion
.55
4
Smart Card Solutions (Axel
Pfau) .57
4.1
Introduction
.57
Contents
4.2
Types of
Smart
Cards
.58
4.2.1
Communication with the Chip
.58
4.2.2
Type of Chip
.59
4.3
Smart Card Infrastructure
.61
4.3.1
Card Management System (CMS)
.61
4.3.2
Public Key Infrastructure (PKI)
.63
4.3.3
Smart Card Readers
.64
4.4
Smart Card-Enabled Applications
.65
4.4.1
One Card, Many Functions
.66
4.4.2
The Argument for Single Sign-On
.67
4.4.3
Return on Investment for Smart Card-Enabled Solutions
.68
4.5
Conclusion
.69
5
Identity and Access Management
(IAM)
(Rudolf Wildgmber)
.70
5.1
Challenges
.70
5.2
Use Cases
.71
5.2.1
Making a New Employee Productive Quickly
.71
5.2.2
Changing an Employee's Job Function
.72
5.2.3
Changing a User Password
.73
5.2.4
Authorizing an Order
.73
5.2.5
Web Single Sign-On
.74
5.3
Components
.75
5.3.1
Directory Services
.75
5.3.2
Identity Management
.76
5.3.3
Access Management
.79
5.4
IAM
for Heterogeneous Environments
.81
5.5
IAM
and Regulatory Compliance
.82
5.6
Conclusion
.82
6 Biometrie
Authentication
(Gerd
Hrlbernig and Peter Weinzieri)
.84
6.1
Biometrie
Systems
.84
6.1.1
Types of
Biometrie
Systems
.84
6.1.2
General Working Scheme of
a Biometrie
System
.87
6.1.3
Components of
a Biometrie
System
.88
6.2
Deployment of
Biometrie
Systems
.89
6.2.1
Requirements
.89
6.2.2
Verification versus Identification Scenario
.90
6.2.3
Performance of
Biometrie
Systems
.90
6.3
Biometrics Security
-
User Authentication
.93
6.3.1
General
.93
6.3.2
Two- and Multi-Factor Authentication
.93
6.3.3
Combining Possession and Biometrics
.94
6.3.4
Fraud and Mitigation
.96
Contents
6.4 Systems.97
6.5 Software .100
6.6
Conclusion
.102
Part
II:
Practical
Experiences
7
Risk
Management in
the
Financial Services
Industry (Roland
Müller) . 104
7.1
The Merger of Two
Automotive
Corporations.
104
7.2 Legal
Requirements for
Financial Services Providers. 105
7.2.1
Risk Control Legislation
. 105
7.2.2 Data
Protection Legislation
. 105
7.2.3
Legislation Fighting Organized Crime and Terrorism
. 106
7.3
The Decision to Use an International Standard
. 106
7.4
Information Security Status Evaluation
. 108
7.5
Derivation of Activities
. 109
7.5.1
Corporate-wide Activities
. 110
7.5.2
Local Activities
.
Ill
7.6
Interim results
. 112
7.6.1
Support Process
. 112
7.6.2
Work Stream Results
. 112
7.7
The Ongoing Information Security Process
. 114
7.8
Conclusion
. 115
8
Digital Signatures for eGovernment Applications (Joacquin Galeano)
. 116
8.1
Introduction
. 116
8.2
ACCV
-
The Certification Authority (CA)
. 116
8.2.1
What Can Be Done With the Certificates?
. 117
8.2.2
Implementation Steps
. 118
8.3
Applications
. 120
8.4
Some Relevant Data
. 124
8.5
Conclusion
. 124
9
Identity Management for an Insurance Company
(Jürgen
Lorek)
. 126
9.1
The Starting Point
. 126
9.2
Project Setup and Goals
. 128
9.3
The New Solution
. 129
9.4
Success Factors
. 132
9.5
Conclusion
. 132
10
Infosec Management in a Global Enterprise
(Reinhard Schöpf). 134
10.1
Introduction and Motivation
. 134
10.2
The Siemens PKI
. 135
10.3
The Siemens Corporate ID Card
. 140
10
Contents
10.4 The Business
Case
.141
10.4.1 Electronic
Identities
. 142
10.4.2 Digital
Signatures
. 143
10.4.3
Increase of Security
. 144
10.5
Benchmarking
. 145
10.6
Conclusion
. 145
Part III: Technologies and Standards
11
Cryptographic Techniques (Walter Fumy and
Ute Rosenbaum) .148
11.1
Goals of Cryptographic Techniques
.148
11.1.1
Symmetric Algorithms
.149
11.1.2
Asymmetric Algorithms
.150
11.1.3
Keyless Algorithms
.152
11.2
Symmetric Encryption Algorithms
.153
11.2.1
Stream and Block Ciphers
.153
11.2.2 DES .154
11.2.3
Triple-DES
.154
11.2.4
AES
.154
11.2.5
Other Symmetric Ciphers
.155
11.3
Asymmetric Encryption Algorithms
.
1
56
11.3.1
RSA Encryption
. 156
11.3.2
Hybrid Encryption
. 157
11.4
Hash Functions
. 157
11.5
Message Authentication Codes (MAC)
. 158
11.6
Digital Signatures
. 159
11.6.1
RSA Signatures
.159
11.6.2
Discrete Logarithm-Based Signatures
.160
11.6.3
Elliptic Curve-Based Signatures
.160
11.7
Algorithm and Parameter Recommendations
.160
11.7.1
Security Levels and Moore's Law
.161
11.7.2
Cryptanalysis
.162
11.7.3
Quantum Cryptanalysis
.162
11.7.4
Key Size Recommendations
.163
11.8
Conclusion
.166
12
Public Key Infrastructure (PKI) (Michael Munzert)
.167
12.1
Motivation
.167
12.2
Certificates
.168
12.3
Users, Services and Components of a PKI
.171
12.3.1
PKI Users
.171
12.3.2
PKI Services
.172
11
Contents
12.3.3
PKI
Components
. 173
12.3.4
Communication between PKI Components, PKI Users and PKI Services
176
12.4
PKI and Authentication
. 177
12.5
PKI Domains
. 177
12.5.1
Single Trust Domain
. 177
12.5.2
Combining Trust Domains
.179
12.6
Deployment Considerations
-
Essential Steps for Building up a PKI
.180
12.7
Conclusion
. 182
13
Smart Card Technologies
(Detlef
Houdeau)
. 183
13.1
The Beginning
. 183
13.2
Application Segments for Smart Cards
. 184
13.3
Technology Drivers
. 185
13.3.1
Computing Power
. 185
13.3.2
Memory Size
. 185
13.3.3
Security on Silicon
. 186
13.4
Interface and Speed
. 188
13.4.1
Contact Interface
. 188
13.4.2
Contact-less Interface
. 188
13.4.3
USB Interface
. 189
13.5
Standards
. 189
13.6
Smart Card Production
. 190
13.7
Conclusion
. 191
14
Identity and Access Management Technologies
(Teodor Dumitrescu
and Oliver Pfaff)
. 192
14.1
Fundamental Concepts
. 192
14.1.1
Identity Management
. 192
14.1.2
Authentication and Single Sign-On
(SSO). 193
14.1.3
Authorization
. 195
14.1.4
Identity and Access Management Reference Model
. 197
14.2
Traditional Technologies
. 197
14.2.1
LDAP
. 197
14.2.2
X.500
. 200
14.2.3
Metadirectory and Provisioning
. 202
14.2.4 Kerberos . 204
14.2.5
Traditional Authorization Techniques
. 206
14.2.6
Further Initiatives
. 210
14.3
Emerging Technologies
. 210
14.3.1
SAML
. 210
14.3.2
Shibboleth
. 211
14.3.3
Liberty-Alliance
. 212
14.3.4
XACML
. 213
14.3.5
Web Services Security (WS-Security)
. 215
12
Contents
14.3.6 SPML.217
14.3.7 Further Initiatives.219
14.4 Applications
and Examples
.220
14.4.1
Provisioning
Windows Domain
Accounts
.220
14.4.2 Web-SSO
and Authorization
.221
14.4.3
Identity Federation
.223
14.5
Conclusion
.225
15
Information Security Management Systems (Steve O'Reilly)
.226
15.1
The Need for and Relevance
ofinformation
Security
.226
15.1.1
Introduction
.226
15.1.2
Business Drivers for Information Security
.227
15.1.3
Business Issues
.229
15.2
Focussing on Security Critical Business Processes
.229
15.2.1
Setting a Management System Scope
.230
15.2.2
Scoping and Security Assurance Strategies
.231
15.3
Establishing an Effective Information Security Structure and Culture
.232
15.3.1
Management System Development
.232
15.3.2
Information Security Assessment and Improvement
.233
15.3.3
The Information Asset Register
.234
15.3.4
Selecting Risk Justified Controls
.234
15.3.5
Implementing Controls
.235
15.3.6
Security Documentation
.235
15.3.7
Security Roles and Responsibilities
.236
15.3.8
Information Security Management Forum
.237
15.4
Maintaining Effective Security
.237
15.4.1
ISMS Maintenance
.237
15.4.2
Raising Security Awareness
.237
15.4.3
Security Incident Reporting and Management
.238
15.4.4
Security Assurance Mechanisms
.238
15.4.5
Operating the ISMS
.239
15.5
Assurance in Third Parties and Outsourcing Issues
.240
15.5.1
Typical Third Party and Outsourcing Scenarios
.240
15.5.2
Achieving and Measuring Security Assurance
.243
15.6
Conclusion
.244
Glossary and Abbreviations
.245
References
.253
Index
.260
13 |
| any_adam_object | 1 |
| any_adam_object_boolean | 1 |
| author2 | Fumy, Walter 19XX- Sauerbrey, Jörg 19XX- |
| author2_role | edt edt |
| author2_variant | w f wf j s js |
| author_GND | (DE-588)1291286624 (DE-588)1291292624 |
| author_facet | Fumy, Walter 19XX- Sauerbrey, Jörg 19XX- |
| building | Verbundindex |
| bvnumber | BV021266078 |
| callnumber-first | Q - Science |
| callnumber-label | QA76 |
| callnumber-raw | QA76.9.A25 |
| callnumber-search | QA76.9.A25 |
| callnumber-sort | QA 276.9 A25 |
| callnumber-subject | QA - Mathematics |
| classification_rvk | QP 345 ST 276 |
| classification_tum | WIR 570f DAT 465f WIR 546f |
| ctrlnum | (OCoLC)63137456 (DE-599)BVBBV021266078 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik Wirtschaftswissenschaften |
| discipline_str_mv | Informatik Wirtschaftswissenschaften |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>02886nam a2200649 c 4500</leader><controlfield tag="001">BV021266078</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20230601 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">051214s2006 a||| |||| 00||| eng d</controlfield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">05,N23,0024</subfield><subfield code="2">dnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">974927880</subfield><subfield code="2">DE-101</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">389578267X</subfield><subfield code="c">Gb. : ca. sfr 64.00 (freier Pr.), ca. EUR 39.90 (freier Pr.)</subfield><subfield code="9">3-89578-267-X</subfield></datafield><datafield tag="024" ind1="3" ind2=" "><subfield code="a">9783895782671</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)63137456</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV021266078</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rakddb</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-12</subfield><subfield code="a">DE-29T</subfield><subfield code="a">DE-29</subfield><subfield code="a">DE-1051</subfield><subfield code="a">DE-355</subfield><subfield code="a">DE-1102</subfield><subfield code="a">DE-91G</subfield><subfield code="a">DE-634</subfield><subfield code="a">DE-83</subfield><subfield code="a">DE-Aug4</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">QA76.9.A25</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">QP 345</subfield><subfield code="0">(DE-625)141866:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 276</subfield><subfield code="0">(DE-625)143642:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">WIR 570f</subfield><subfield code="2">stub</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">004</subfield><subfield code="2">sdnb</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">DAT 465f</subfield><subfield code="2">stub</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">WIR 546f</subfield><subfield code="2">stub</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">650</subfield><subfield code="2">sdnb</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Enterprise security</subfield><subfield code="b">IT security solutions: concepts, practical experiences, technologies</subfield><subfield code="c">edited by Walter Fumy and Joerg Sauerbrey</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Erlangen</subfield><subfield code="b">Publicis Corporate Publishing</subfield><subfield code="c">2006</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">262 Seiten</subfield><subfield code="b">Illustrationen, Diagramme</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Commerce électronique - Sécurité - Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Systèmes informatiques - Sécurité - Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Sécurité informatique</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Electronic commerce</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Betriebliches Informationssystem</subfield><subfield code="0">(DE-588)4069386-7</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Informationsmanagement</subfield><subfield code="0">(DE-588)4114012-6</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Betriebliches Informationssystem</subfield><subfield code="0">(DE-588)4069386-7</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="2"><subfield code="a">Informationsmanagement</subfield><subfield code="0">(DE-588)4114012-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="689" ind1="1" ind2="0"><subfield code="a">Betriebliches Informationssystem</subfield><subfield code="0">(DE-588)4069386-7</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="1" ind2="1"><subfield code="a">Datensicherung</subfield><subfield code="0">(DE-588)4011144-1</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="1" ind2="2"><subfield code="a">Informationsmanagement</subfield><subfield code="0">(DE-588)4114012-6</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="1" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Fumy, Walter</subfield><subfield code="d">19XX-</subfield><subfield code="0">(DE-588)1291286624</subfield><subfield code="4">edt</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Sauerbrey, Jörg</subfield><subfield code="d">19XX-</subfield><subfield code="0">(DE-588)1291292624</subfield><subfield code="4">edt</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="q">text/html</subfield><subfield code="u">http://deposit.dnb.de/cgi-bin/dokserv?id=2633106&prov=M&dok_var=1&dok_ext=htm</subfield><subfield code="3">Inhaltstext</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="q">text/html</subfield><subfield code="u">http://books.publicis-erlangen.de/de/produkte/management/bwl/index.cfm?bookid=5839</subfield><subfield code="3">Ausführliche Beschreibung</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UBRegensburg</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014587261&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-014587261</subfield></datafield></record></collection> |
| id | DE-604.BV021266078 |
| illustrated | Illustrated |
| index_date | 2024-07-02T13:43:14Z |
| indexdate | 2024-07-09T20:34:14Z |
| institution | BVB |
| isbn | 389578267X |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-014587261 |
| oclc_num | 63137456 |
| open_access_boolean | |
| owner | DE-12 DE-29T DE-29 DE-1051 DE-355 DE-BY-UBR DE-1102 DE-91G DE-BY-TUM DE-634 DE-83 DE-Aug4 |
| owner_facet | DE-12 DE-29T DE-29 DE-1051 DE-355 DE-BY-UBR DE-1102 DE-91G DE-BY-TUM DE-634 DE-83 DE-Aug4 |
| physical | 262 Seiten Illustrationen, Diagramme |
| publishDate | 2006 |
| publishDateSearch | 2006 |
| publishDateSort | 2006 |
| publisher | Publicis Corporate Publishing |
| record_format | marc |
| spelling | Enterprise security IT security solutions: concepts, practical experiences, technologies edited by Walter Fumy and Joerg Sauerbrey Erlangen Publicis Corporate Publishing 2006 262 Seiten Illustrationen, Diagramme txt rdacontent n rdamedia nc rdacarrier Commerce électronique - Sécurité - Mesures Systèmes informatiques - Sécurité - Mesures Sécurité informatique Computer security Electronic commerce Security measures Computersicherheit (DE-588)4274324-2 gnd rswk-swf Betriebliches Informationssystem (DE-588)4069386-7 gnd rswk-swf Informationsmanagement (DE-588)4114012-6 gnd rswk-swf Datensicherung (DE-588)4011144-1 gnd rswk-swf Betriebliches Informationssystem (DE-588)4069386-7 s Computersicherheit (DE-588)4274324-2 s Informationsmanagement (DE-588)4114012-6 s DE-604 Datensicherung (DE-588)4011144-1 s Fumy, Walter 19XX- (DE-588)1291286624 edt Sauerbrey, Jörg 19XX- (DE-588)1291292624 edt text/html http://deposit.dnb.de/cgi-bin/dokserv?id=2633106&prov=M&dok_var=1&dok_ext=htm Inhaltstext text/html http://books.publicis-erlangen.de/de/produkte/management/bwl/index.cfm?bookid=5839 Ausführliche Beschreibung Digitalisierung UBRegensburg application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014587261&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
| spellingShingle | Enterprise security IT security solutions: concepts, practical experiences, technologies Commerce électronique - Sécurité - Mesures Systèmes informatiques - Sécurité - Mesures Sécurité informatique Computer security Electronic commerce Security measures Computersicherheit (DE-588)4274324-2 gnd Betriebliches Informationssystem (DE-588)4069386-7 gnd Informationsmanagement (DE-588)4114012-6 gnd Datensicherung (DE-588)4011144-1 gnd |
| subject_GND | (DE-588)4274324-2 (DE-588)4069386-7 (DE-588)4114012-6 (DE-588)4011144-1 |
| title | Enterprise security IT security solutions: concepts, practical experiences, technologies |
| title_auth | Enterprise security IT security solutions: concepts, practical experiences, technologies |
| title_exact_search | Enterprise security IT security solutions: concepts, practical experiences, technologies |
| title_exact_search_txtP | Enterprise security IT security solutions: concepts, practical experiences, technologies |
| title_full | Enterprise security IT security solutions: concepts, practical experiences, technologies edited by Walter Fumy and Joerg Sauerbrey |
| title_fullStr | Enterprise security IT security solutions: concepts, practical experiences, technologies edited by Walter Fumy and Joerg Sauerbrey |
| title_full_unstemmed | Enterprise security IT security solutions: concepts, practical experiences, technologies edited by Walter Fumy and Joerg Sauerbrey |
| title_short | Enterprise security |
| title_sort | enterprise security it security solutions concepts practical experiences technologies |
| title_sub | IT security solutions: concepts, practical experiences, technologies |
| topic | Commerce électronique - Sécurité - Mesures Systèmes informatiques - Sécurité - Mesures Sécurité informatique Computer security Electronic commerce Security measures Computersicherheit (DE-588)4274324-2 gnd Betriebliches Informationssystem (DE-588)4069386-7 gnd Informationsmanagement (DE-588)4114012-6 gnd Datensicherung (DE-588)4011144-1 gnd |
| topic_facet | Commerce électronique - Sécurité - Mesures Systèmes informatiques - Sécurité - Mesures Sécurité informatique Computer security Electronic commerce Security measures Computersicherheit Betriebliches Informationssystem Informationsmanagement Datensicherung |
| url | http://deposit.dnb.de/cgi-bin/dokserv?id=2633106&prov=M&dok_var=1&dok_ext=htm http://books.publicis-erlangen.de/de/produkte/management/bwl/index.cfm?bookid=5839 http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=014587261&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT fumywalter enterprisesecurityitsecuritysolutionsconceptspracticalexperiencestechnologies AT sauerbreyjorg enterprisesecurityitsecuritysolutionsconceptspracticalexperiencestechnologies |