Enemy at the water cooler: real-life stories of insider threats and Enterprise Security Management countermeasures
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Rockland, Mass.
Syngress
©2006
|
| Schlagworte: | |
| Online-Zugang: | FAW01 FAW02 Volltext |
| Beschreibung: | Title from Web page (viewed Feb. 28, 2007) Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider Includes bibliographical references and index Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- - o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- - o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- - Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- - Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- - Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions |
| Beschreibung: | 1 Online-Ressource (xxii, 262 pages) |
| ISBN: | 0080477607 1597491292 9780080477602 9781597491297 |
Internformat
MARC
| LEADER | 00000nmm a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV043043887 | ||
| 003 | DE-604 | ||
| 005 | 00000000000000.0 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 151123s2006 |||| o||u| ||||||eng d | ||
| 020 | |a 0080477607 |c electronic bk. |9 0-08-047760-7 | ||
| 020 | |a 1597491292 |9 1-59749-129-2 | ||
| 020 | |a 9780080477602 |c electronic bk. |9 978-0-08-047760-2 | ||
| 020 | |a 9781597491297 |9 978-1-59749-129-7 | ||
| 035 | |a (OCoLC)183748860 | ||
| 035 | |a (DE-599)BVBBV043043887 | ||
| 040 | |a DE-604 |b ger |e aacr | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-1046 |a DE-1047 | ||
| 082 | 0 | |a 005.8 |2 22 | |
| 100 | 1 | |a Contos, Brian T. |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Enemy at the water cooler |b real-life stories of insider threats and Enterprise Security Management countermeasures |c Brian T. Contos |
| 264 | 1 | |a Rockland, Mass. |b Syngress |c ©2006 | |
| 300 | |a 1 Online-Ressource (xxii, 262 pages) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 500 | |a Title from Web page (viewed Feb. 28, 2007) | ||
| 500 | |a Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider | ||
| 500 | |a Includes bibliographical references and index | ||
| 500 | |a Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- | ||
| 500 | |a - o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- | ||
| 500 | |a - o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- | ||
| 500 | |a - Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- | ||
| 500 | |a - Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- | ||
| 500 | |a - Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions | ||
| 650 | 4 | |a Computer networks / Security measures | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Computer hackers | |
| 650 | 7 | |a COMPUTERS / Internet / Security |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / Networking / Security |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / Security / General |2 bisacsh | |
| 650 | 7 | |a Computer networks / Security measures |2 blmlsh | |
| 650 | 7 | |a Computer security |2 blmlsh | |
| 650 | 7 | |a Computer hackers |2 blmlsh | |
| 650 | 7 | |a Hackers |2 fast | |
| 650 | 7 | |a Computer networks / Security measures |2 fast | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 4 | |a Computer networks |x Security measures | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Hackers | |
| 856 | 4 | 0 | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=196374 |x Aggregator |3 Volltext |
| 912 | |a ZDB-4-EBA | ||
| 999 | |a oai:aleph.bib-bvb.de:BVB01-028468425 | ||
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=196374 |l FAW01 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=196374 |l FAW02 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1804175409098522624 |
|---|---|
| any_adam_object | |
| author | Contos, Brian T. |
| author_facet | Contos, Brian T. |
| author_role | aut |
| author_sort | Contos, Brian T. |
| author_variant | b t c bt btc |
| building | Verbundindex |
| bvnumber | BV043043887 |
| collection | ZDB-4-EBA |
| ctrlnum | (OCoLC)183748860 (DE-599)BVBBV043043887 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>08233nmm a2200637zc 4500</leader><controlfield tag="001">BV043043887</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">151123s2006 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0080477607</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">0-08-047760-7</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1597491292</subfield><subfield code="9">1-59749-129-2</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780080477602</subfield><subfield code="c">electronic bk.</subfield><subfield code="9">978-0-08-047760-2</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781597491297</subfield><subfield code="9">978-1-59749-129-7</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)183748860</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV043043887</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1046</subfield><subfield code="a">DE-1047</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Contos, Brian T.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Enemy at the water cooler</subfield><subfield code="b">real-life stories of insider threats and Enterprise Security Management countermeasures</subfield><subfield code="c">Brian T. Contos</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Rockland, Mass.</subfield><subfield code="b">Syngress</subfield><subfield code="c">©2006</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (xxii, 262 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Title from Web page (viewed Feb. 28, 2007)</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- </subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a"> - Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks / Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer hackers</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Internet / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Networking / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Security / General</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks / Security measures</subfield><subfield code="2">blmlsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">blmlsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer hackers</subfield><subfield code="2">blmlsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Hackers</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks / Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Hackers</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=196374</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-028468425</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=196374</subfield><subfield code="l">FAW01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=196374</subfield><subfield code="l">FAW02</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| id | DE-604.BV043043887 |
| illustrated | Not Illustrated |
| indexdate | 2024-07-10T07:15:49Z |
| institution | BVB |
| isbn | 0080477607 1597491292 9780080477602 9781597491297 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-028468425 |
| oclc_num | 183748860 |
| open_access_boolean | |
| owner | DE-1046 DE-1047 |
| owner_facet | DE-1046 DE-1047 |
| physical | 1 Online-Ressource (xxii, 262 pages) |
| psigel | ZDB-4-EBA ZDB-4-EBA FAW_PDA_EBA |
| publishDate | 2006 |
| publishDateSearch | 2006 |
| publishDateSort | 2006 |
| publisher | Syngress |
| record_format | marc |
| spelling | Contos, Brian T. Verfasser aut Enemy at the water cooler real-life stories of insider threats and Enterprise Security Management countermeasures Brian T. Contos Rockland, Mass. Syngress ©2006 1 Online-Ressource (xxii, 262 pages) txt rdacontent c rdamedia cr rdacarrier Title from Web page (viewed Feb. 28, 2007) Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider Includes bibliographical references and index Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- - o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- - o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- - Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- - Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- - Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions Computer networks / Security measures Computer security Computer hackers COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh Computer networks / Security measures blmlsh Computer security blmlsh Computer hackers blmlsh Hackers fast Computer networks / Security measures fast Computer security fast Computer networks Security measures Hackers http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=196374 Aggregator Volltext |
| spellingShingle | Contos, Brian T. Enemy at the water cooler real-life stories of insider threats and Enterprise Security Management countermeasures Computer networks / Security measures Computer security Computer hackers COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh Computer networks / Security measures blmlsh Computer security blmlsh Computer hackers blmlsh Hackers fast Computer networks / Security measures fast Computer security fast Computer networks Security measures Hackers |
| title | Enemy at the water cooler real-life stories of insider threats and Enterprise Security Management countermeasures |
| title_auth | Enemy at the water cooler real-life stories of insider threats and Enterprise Security Management countermeasures |
| title_exact_search | Enemy at the water cooler real-life stories of insider threats and Enterprise Security Management countermeasures |
| title_full | Enemy at the water cooler real-life stories of insider threats and Enterprise Security Management countermeasures Brian T. Contos |
| title_fullStr | Enemy at the water cooler real-life stories of insider threats and Enterprise Security Management countermeasures Brian T. Contos |
| title_full_unstemmed | Enemy at the water cooler real-life stories of insider threats and Enterprise Security Management countermeasures Brian T. Contos |
| title_short | Enemy at the water cooler |
| title_sort | enemy at the water cooler real life stories of insider threats and enterprise security management countermeasures |
| title_sub | real-life stories of insider threats and Enterprise Security Management countermeasures |
| topic | Computer networks / Security measures Computer security Computer hackers COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh Computer networks / Security measures blmlsh Computer security blmlsh Computer hackers blmlsh Hackers fast Computer networks / Security measures fast Computer security fast Computer networks Security measures Hackers |
| topic_facet | Computer networks / Security measures Computer security Computer hackers COMPUTERS / Internet / Security COMPUTERS / Networking / Security COMPUTERS / Security / General Hackers Computer networks Security measures |
| url | http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=196374 |
| work_keys_str_mv | AT contosbriant enemyatthewatercoolerreallifestoriesofinsiderthreatsandenterprisesecuritymanagementcountermeasures |