Assessing information security: strategies, tactics, logic and framework
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Ely, Cambridgeshire
IT Governance Publishing
2014
|
| Ausgabe: | Second edition |
| Schlagworte: | |
| Online-Zugang: | FAW01 FAW02 |
| Beschreibung: | Vendor-supplied metadata |
| Beschreibung: | 1 online resource (424 pages) |
| ISBN: | 9781849286008 1849286000 9781849285995 |
Internformat
MARC
| LEADER | 00000nmm a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV043958780 | ||
| 003 | DE-604 | ||
| 005 | 00000000000000.0 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 161213s2014 |||| o||u| ||||||eng d | ||
| 020 | |a 9781849286008 |9 978-1-84928-600-8 | ||
| 020 | |a 1849286000 |9 1-84928-600-0 | ||
| 020 | |a 9781849285995 |9 978-1-84928-599-5 | ||
| 035 | |a (ZDB-4-EBA)ocn905696121 | ||
| 035 | |a (ZDB-4-ITC)ocn905696121 | ||
| 035 | |a (OCoLC)905696121 | ||
| 035 | |a (DE-599)BVBBV043958780 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-1047 |a DE-1046 | ||
| 082 | 0 | |a 005.8 |2 23 | |
| 100 | 1 | |a Vladimirov, Andrew A. |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Assessing information security |b strategies, tactics, logic and framework |c A. Vladimirov, K. Gavrilenko, A. Michajlowski |
| 250 | |a Second edition | ||
| 264 | 1 | |a Ely, Cambridgeshire |b IT Governance Publishing |c 2014 | |
| 300 | |a 1 online resource (424 pages) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 500 | |a Vendor-supplied metadata | ||
| 505 | 8 | |a ""Cover""; ""Title""; ""Copyright""; ""Contents""; ""Introduction""; ""Chapter 1: Information Security Auditing and Strategy""; ""The mindsets of ignorance""; ""Defence-in-depth""; ""Compelling adversaries to adapt""; ""Chapter 2: Security Auditing, Governance, Policies and Compliance""; ""General security policy shortcomings""; ""Addressing security audits in policy statements""; ""The erroneous path to compliance""; ""Getting down to earth""; ""Chapter 3: Security Assessments Classification""; ""Black, grey and white box tests""; ""Assessments specialisations and actual scopes"" | |
| 505 | 8 | |a ""On technical information security assessments""""Server, client and network-centric tests""; ""IT security testing levels and target areas""; ""'Idiosyncratic' technical security tests""; ""On non-technical information security audits""; ""Premises and physical security checks""; ""Social engineering tests""; ""Security documentation reviews""; ""Assessing security processes""; ""Chapter 4: Advanced Pre-Assessment Planning""; ""The four-stage framework""; ""Selecting the targets of assessment""; ""Evaluating what is on offer""; ""Professional certifications and education"" | |
| 505 | 8 | |a ""Publications and tools""""The auditor company history and size""; ""Dealing with common assessment emergencies""; ""Chapter 5: Security Audit Strategies and Tactics""; ""Centres of gravity and their types""; ""Identifying critical points""; ""The strategic exploitation cycle""; ""External technical assessment recon""; ""Social engineering recon""; ""Internal technical assessment recon""; ""Technical vulnerability discovery process""; ""A brief on human vulnerabilities""; ""The tactical exploitation cycle""; ""Front, flank, simple, complex""; ""The strategies of creating gaps"" | |
| 505 | 8 | |a ""Chapter 6: Synthetic Evaluation of Risks""""Risk, uncertainty and ugly Black Swans""; ""On suitable risk analysis methodologies""; ""On treatment of information security risks""; ""Relevant vulnerability categories""; ""Gauging attacker skill""; ""Weighting vulnerability impact""; ""Contemplating the vulnerability remedy""; ""Defining vulnerability risk level""; ""Risks faced by large components""; ""Compound risks, systempunkts and attacker logic""; ""Total risk summary utilisation and dissection""; ""Chapter 7: Presenting the Outcome and Follow-Up Acts""; ""The report audience and style"" | |
| 505 | 8 | |a ""The report summary""""The report interpretation chapter""; ""The bulk of the report""; ""Explaining the overall security state""; ""Elaborating on breakdown of risks""; ""Using vulnerability origin investigations""; ""Post-audit assistance and follow-up hurdles""; ""Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies""; ""Bad tactics and poor tests""; ""On the assessment team ordnance""; ""Of serpents and eagles""; ""ITG Resources"" | |
| 505 | 8 | |a Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that | |
| 650 | 7 | |a COMPUTERS / Internet / Security |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / Networking / Security |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / Security / General |2 bisacsh | |
| 650 | 7 | |a COMPUTERS / General |2 bisacsh | |
| 650 | 7 | |a Computer security |2 fast | |
| 650 | 7 | |a Information technology |2 fast | |
| 650 | 4 | |a Computer security / United States | |
| 650 | 4 | |a Data protection / United States | |
| 650 | 4 | |a Computer security |a Information technology | |
| 651 | 4 | |a USA | |
| 700 | 1 | |a Gavrilenko, Konstantin |e Sonstige |4 oth | |
| 700 | 1 | |a Michajlowski, Anej. |e Sonstige |4 oth | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |a Vladimirov, Andrew |t Assessing Information Security : Strategies, Tactics, Logic and Framewortk |
| 912 | |a ZDB-4-EBA |a ZDB-4-ITC | ||
| 999 | |a oai:aleph.bib-bvb.de:BVB01-029367484 | ||
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=957891 |l FAW01 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
| 966 | e | |u http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=957891 |l FAW02 |p ZDB-4-EBA |q FAW_PDA_EBA |x Aggregator |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1804176914006409216 |
|---|---|
| any_adam_object | |
| author | Vladimirov, Andrew A. |
| author_facet | Vladimirov, Andrew A. |
| author_role | aut |
| author_sort | Vladimirov, Andrew A. |
| author_variant | a a v aa aav |
| building | Verbundindex |
| bvnumber | BV043958780 |
| collection | ZDB-4-EBA ZDB-4-ITC |
| contents | ""Cover""; ""Title""; ""Copyright""; ""Contents""; ""Introduction""; ""Chapter 1: Information Security Auditing and Strategy""; ""The mindsets of ignorance""; ""Defence-in-depth""; ""Compelling adversaries to adapt""; ""Chapter 2: Security Auditing, Governance, Policies and Compliance""; ""General security policy shortcomings""; ""Addressing security audits in policy statements""; ""The erroneous path to compliance""; ""Getting down to earth""; ""Chapter 3: Security Assessments Classification""; ""Black, grey and white box tests""; ""Assessments specialisations and actual scopes"" ""On technical information security assessments""""Server, client and network-centric tests""; ""IT security testing levels and target areas""; ""'Idiosyncratic' technical security tests""; ""On non-technical information security audits""; ""Premises and physical security checks""; ""Social engineering tests""; ""Security documentation reviews""; ""Assessing security processes""; ""Chapter 4: Advanced Pre-Assessment Planning""; ""The four-stage framework""; ""Selecting the targets of assessment""; ""Evaluating what is on offer""; ""Professional certifications and education"" ""Publications and tools""""The auditor company history and size""; ""Dealing with common assessment emergencies""; ""Chapter 5: Security Audit Strategies and Tactics""; ""Centres of gravity and their types""; ""Identifying critical points""; ""The strategic exploitation cycle""; ""External technical assessment recon""; ""Social engineering recon""; ""Internal technical assessment recon""; ""Technical vulnerability discovery process""; ""A brief on human vulnerabilities""; ""The tactical exploitation cycle""; ""Front, flank, simple, complex""; ""The strategies of creating gaps"" ""Chapter 6: Synthetic Evaluation of Risks""""Risk, uncertainty and ugly Black Swans""; ""On suitable risk analysis methodologies""; ""On treatment of information security risks""; ""Relevant vulnerability categories""; ""Gauging attacker skill""; ""Weighting vulnerability impact""; ""Contemplating the vulnerability remedy""; ""Defining vulnerability risk level""; ""Risks faced by large components""; ""Compound risks, systempunkts and attacker logic""; ""Total risk summary utilisation and dissection""; ""Chapter 7: Presenting the Outcome and Follow-Up Acts""; ""The report audience and style"" ""The report summary""""The report interpretation chapter""; ""The bulk of the report""; ""Explaining the overall security state""; ""Elaborating on breakdown of risks""; ""Using vulnerability origin investigations""; ""Post-audit assistance and follow-up hurdles""; ""Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies""; ""Bad tactics and poor tests""; ""On the assessment team ordnance""; ""Of serpents and eagles""; ""ITG Resources"" Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that |
| ctrlnum | (ZDB-4-EBA)ocn905696121 (ZDB-4-ITC)ocn905696121 (OCoLC)905696121 (DE-599)BVBBV043958780 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| edition | Second edition |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>05692nmm a2200601zc 4500</leader><controlfield tag="001">BV043958780</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">161213s2014 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781849286008</subfield><subfield code="9">978-1-84928-600-8</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1849286000</subfield><subfield code="9">1-84928-600-0</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781849285995</subfield><subfield code="9">978-1-84928-599-5</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-4-EBA)ocn905696121</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-4-ITC)ocn905696121</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)905696121</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV043958780</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1047</subfield><subfield code="a">DE-1046</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Vladimirov, Andrew A.</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Assessing information security</subfield><subfield code="b">strategies, tactics, logic and framework</subfield><subfield code="c">A. Vladimirov, K. Gavrilenko, A. Michajlowski</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">Second edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Ely, Cambridgeshire</subfield><subfield code="b">IT Governance Publishing</subfield><subfield code="c">2014</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (424 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Vendor-supplied metadata</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">""Cover""; ""Title""; ""Copyright""; ""Contents""; ""Introduction""; ""Chapter 1: Information Security Auditing and Strategy""; ""The mindsets of ignorance""; ""Defence-in-depth""; ""Compelling adversaries to adapt""; ""Chapter 2: Security Auditing, Governance, Policies and Compliance""; ""General security policy shortcomings""; ""Addressing security audits in policy statements""; ""The erroneous path to compliance""; ""Getting down to earth""; ""Chapter 3: Security Assessments Classification""; ""Black, grey and white box tests""; ""Assessments specialisations and actual scopes""</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">""On technical information security assessments""""Server, client and network-centric tests""; ""IT security testing levels and target areas""; ""'Idiosyncratic' technical security tests""; ""On non-technical information security audits""; ""Premises and physical security checks""; ""Social engineering tests""; ""Security documentation reviews""; ""Assessing security processes""; ""Chapter 4: Advanced Pre-Assessment Planning""; ""The four-stage framework""; ""Selecting the targets of assessment""; ""Evaluating what is on offer""; ""Professional certifications and education""</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">""Publications and tools""""The auditor company history and size""; ""Dealing with common assessment emergencies""; ""Chapter 5: Security Audit Strategies and Tactics""; ""Centres of gravity and their types""; ""Identifying critical points""; ""The strategic exploitation cycle""; ""External technical assessment recon""; ""Social engineering recon""; ""Internal technical assessment recon""; ""Technical vulnerability discovery process""; ""A brief on human vulnerabilities""; ""The tactical exploitation cycle""; ""Front, flank, simple, complex""; ""The strategies of creating gaps""</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">""Chapter 6: Synthetic Evaluation of Risks""""Risk, uncertainty and ugly Black Swans""; ""On suitable risk analysis methodologies""; ""On treatment of information security risks""; ""Relevant vulnerability categories""; ""Gauging attacker skill""; ""Weighting vulnerability impact""; ""Contemplating the vulnerability remedy""; ""Defining vulnerability risk level""; ""Risks faced by large components""; ""Compound risks, systempunkts and attacker logic""; ""Total risk summary utilisation and dissection""; ""Chapter 7: Presenting the Outcome and Follow-Up Acts""; ""The report audience and style""</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">""The report summary""""The report interpretation chapter""; ""The bulk of the report""; ""Explaining the overall security state""; ""Elaborating on breakdown of risks""; ""Using vulnerability origin investigations""; ""Post-audit assistance and follow-up hurdles""; ""Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies""; ""Bad tactics and poor tests""; ""On the assessment team ordnance""; ""Of serpents and eagles""; ""ITG Resources""</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Internet / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Networking / Security</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Security / General</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / General</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Information technology</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security / United States</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Data protection / United States</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield><subfield code="a">Information technology</subfield></datafield><datafield tag="651" ind1=" " ind2="4"><subfield code="a">USA</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Gavrilenko, Konstantin</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Michajlowski, Anej.</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="a">Vladimirov, Andrew</subfield><subfield code="t">Assessing Information Security : Strategies, Tactics, Logic and Framewortk</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield><subfield code="a">ZDB-4-ITC</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-029367484</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=957891</subfield><subfield code="l">FAW01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">http://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=957891</subfield><subfield code="l">FAW02</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FAW_PDA_EBA</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| geographic | USA |
| geographic_facet | USA |
| id | DE-604.BV043958780 |
| illustrated | Not Illustrated |
| indexdate | 2024-07-10T07:39:45Z |
| institution | BVB |
| isbn | 9781849286008 1849286000 9781849285995 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-029367484 |
| oclc_num | 905696121 |
| open_access_boolean | |
| owner | DE-1047 DE-1046 |
| owner_facet | DE-1047 DE-1046 |
| physical | 1 online resource (424 pages) |
| psigel | ZDB-4-EBA ZDB-4-ITC ZDB-4-EBA FAW_PDA_EBA |
| publishDate | 2014 |
| publishDateSearch | 2014 |
| publishDateSort | 2014 |
| publisher | IT Governance Publishing |
| record_format | marc |
| spelling | Vladimirov, Andrew A. Verfasser aut Assessing information security strategies, tactics, logic and framework A. Vladimirov, K. Gavrilenko, A. Michajlowski Second edition Ely, Cambridgeshire IT Governance Publishing 2014 1 online resource (424 pages) txt rdacontent c rdamedia cr rdacarrier Vendor-supplied metadata ""Cover""; ""Title""; ""Copyright""; ""Contents""; ""Introduction""; ""Chapter 1: Information Security Auditing and Strategy""; ""The mindsets of ignorance""; ""Defence-in-depth""; ""Compelling adversaries to adapt""; ""Chapter 2: Security Auditing, Governance, Policies and Compliance""; ""General security policy shortcomings""; ""Addressing security audits in policy statements""; ""The erroneous path to compliance""; ""Getting down to earth""; ""Chapter 3: Security Assessments Classification""; ""Black, grey and white box tests""; ""Assessments specialisations and actual scopes"" ""On technical information security assessments""""Server, client and network-centric tests""; ""IT security testing levels and target areas""; ""'Idiosyncratic' technical security tests""; ""On non-technical information security audits""; ""Premises and physical security checks""; ""Social engineering tests""; ""Security documentation reviews""; ""Assessing security processes""; ""Chapter 4: Advanced Pre-Assessment Planning""; ""The four-stage framework""; ""Selecting the targets of assessment""; ""Evaluating what is on offer""; ""Professional certifications and education"" ""Publications and tools""""The auditor company history and size""; ""Dealing with common assessment emergencies""; ""Chapter 5: Security Audit Strategies and Tactics""; ""Centres of gravity and their types""; ""Identifying critical points""; ""The strategic exploitation cycle""; ""External technical assessment recon""; ""Social engineering recon""; ""Internal technical assessment recon""; ""Technical vulnerability discovery process""; ""A brief on human vulnerabilities""; ""The tactical exploitation cycle""; ""Front, flank, simple, complex""; ""The strategies of creating gaps"" ""Chapter 6: Synthetic Evaluation of Risks""""Risk, uncertainty and ugly Black Swans""; ""On suitable risk analysis methodologies""; ""On treatment of information security risks""; ""Relevant vulnerability categories""; ""Gauging attacker skill""; ""Weighting vulnerability impact""; ""Contemplating the vulnerability remedy""; ""Defining vulnerability risk level""; ""Risks faced by large components""; ""Compound risks, systempunkts and attacker logic""; ""Total risk summary utilisation and dissection""; ""Chapter 7: Presenting the Outcome and Follow-Up Acts""; ""The report audience and style"" ""The report summary""""The report interpretation chapter""; ""The bulk of the report""; ""Explaining the overall security state""; ""Elaborating on breakdown of risks""; ""Using vulnerability origin investigations""; ""Post-audit assistance and follow-up hurdles""; ""Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies""; ""Bad tactics and poor tests""; ""On the assessment team ordnance""; ""Of serpents and eagles""; ""ITG Resources"" Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh COMPUTERS / General bisacsh Computer security fast Information technology fast Computer security / United States Data protection / United States Computer security Information technology USA Gavrilenko, Konstantin Sonstige oth Michajlowski, Anej. Sonstige oth Erscheint auch als Druck-Ausgabe Vladimirov, Andrew Assessing Information Security : Strategies, Tactics, Logic and Framewortk |
| spellingShingle | Vladimirov, Andrew A. Assessing information security strategies, tactics, logic and framework ""Cover""; ""Title""; ""Copyright""; ""Contents""; ""Introduction""; ""Chapter 1: Information Security Auditing and Strategy""; ""The mindsets of ignorance""; ""Defence-in-depth""; ""Compelling adversaries to adapt""; ""Chapter 2: Security Auditing, Governance, Policies and Compliance""; ""General security policy shortcomings""; ""Addressing security audits in policy statements""; ""The erroneous path to compliance""; ""Getting down to earth""; ""Chapter 3: Security Assessments Classification""; ""Black, grey and white box tests""; ""Assessments specialisations and actual scopes"" ""On technical information security assessments""""Server, client and network-centric tests""; ""IT security testing levels and target areas""; ""'Idiosyncratic' technical security tests""; ""On non-technical information security audits""; ""Premises and physical security checks""; ""Social engineering tests""; ""Security documentation reviews""; ""Assessing security processes""; ""Chapter 4: Advanced Pre-Assessment Planning""; ""The four-stage framework""; ""Selecting the targets of assessment""; ""Evaluating what is on offer""; ""Professional certifications and education"" ""Publications and tools""""The auditor company history and size""; ""Dealing with common assessment emergencies""; ""Chapter 5: Security Audit Strategies and Tactics""; ""Centres of gravity and their types""; ""Identifying critical points""; ""The strategic exploitation cycle""; ""External technical assessment recon""; ""Social engineering recon""; ""Internal technical assessment recon""; ""Technical vulnerability discovery process""; ""A brief on human vulnerabilities""; ""The tactical exploitation cycle""; ""Front, flank, simple, complex""; ""The strategies of creating gaps"" ""Chapter 6: Synthetic Evaluation of Risks""""Risk, uncertainty and ugly Black Swans""; ""On suitable risk analysis methodologies""; ""On treatment of information security risks""; ""Relevant vulnerability categories""; ""Gauging attacker skill""; ""Weighting vulnerability impact""; ""Contemplating the vulnerability remedy""; ""Defining vulnerability risk level""; ""Risks faced by large components""; ""Compound risks, systempunkts and attacker logic""; ""Total risk summary utilisation and dissection""; ""Chapter 7: Presenting the Outcome and Follow-Up Acts""; ""The report audience and style"" ""The report summary""""The report interpretation chapter""; ""The bulk of the report""; ""Explaining the overall security state""; ""Elaborating on breakdown of risks""; ""Using vulnerability origin investigations""; ""Post-audit assistance and follow-up hurdles""; ""Chapter 8: Reviewing Security Assessment Failures and Auditor Management Strategies""; ""Bad tactics and poor tests""; ""On the assessment team ordnance""; ""Of serpents and eagles""; ""ITG Resources"" Build a strategic response to cyber attacks The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cybersecurity that goes beyond technology: all staff in the organisation have a role to play, and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh COMPUTERS / General bisacsh Computer security fast Information technology fast Computer security / United States Data protection / United States Computer security Information technology |
| title | Assessing information security strategies, tactics, logic and framework |
| title_auth | Assessing information security strategies, tactics, logic and framework |
| title_exact_search | Assessing information security strategies, tactics, logic and framework |
| title_full | Assessing information security strategies, tactics, logic and framework A. Vladimirov, K. Gavrilenko, A. Michajlowski |
| title_fullStr | Assessing information security strategies, tactics, logic and framework A. Vladimirov, K. Gavrilenko, A. Michajlowski |
| title_full_unstemmed | Assessing information security strategies, tactics, logic and framework A. Vladimirov, K. Gavrilenko, A. Michajlowski |
| title_short | Assessing information security |
| title_sort | assessing information security strategies tactics logic and framework |
| title_sub | strategies, tactics, logic and framework |
| topic | COMPUTERS / Internet / Security bisacsh COMPUTERS / Networking / Security bisacsh COMPUTERS / Security / General bisacsh COMPUTERS / General bisacsh Computer security fast Information technology fast Computer security / United States Data protection / United States Computer security Information technology |
| topic_facet | COMPUTERS / Internet / Security COMPUTERS / Networking / Security COMPUTERS / Security / General COMPUTERS / General Computer security Information technology Computer security / United States Data protection / United States Computer security Information technology USA |
| work_keys_str_mv | AT vladimirovandrewa assessinginformationsecuritystrategiestacticslogicandframework AT gavrilenkokonstantin assessinginformationsecuritystrategiestacticslogicandframework AT michajlowskianej assessinginformationsecuritystrategiestacticslogicandframework |