Verfügbarkeit: Enemy at the water cooler :

Enemy at the water cooler :: real-life stories of insider threats and Enterprise Security Management countermeasures /

Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider.

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Contos, Brian T.
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Rockland, Mass. : Syngress, ©2006.
Schlagworte:	Computer networks > Security measures. Computer security. Hackers. Réseaux d'ordinateurs > Sécurité > Mesures. Sécurité informatique. Pirates informatiques. COMPUTERS > Internet > Security. COMPUTERS > Networking > Security. COMPUTERS > Security > General. Computer hackers. Hackers Computer networks > Security measures Computer security
Online-Zugang:	Volltext Volltext
Zusammenfassung:	Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider.
Beschreibung:	Title from Web page (viewed February 28, 2007).
Beschreibung:	1 online resource (xxii, 262 pages) : illustrations
Bibliographie:	Includes bibliographical references and index.
ISBN:	1597491292 9781597491297 9780080477602 0080477607

Internformat

MARC


LEADER	00000cam a2200000 a 4500
001	ZDB-4-EBA-ocn183748860
003	OCoLC
005	20241004212047.0
006	m o d
007	cr zn\|\|\|\|\|\|\|\|\|
008	071213s2006 maua ob 001 0 eng d
040			\|a NTG \|b eng \|e pn \|c NTG \|d N$T \|d YDXCP \|d ZCU \|d IDEBK \|d E7B \|d OCLCQ \|d UMI \|d CEF \|d OCLCQ \|d U5D \|d AU@ \|d OCLCQ \|d B24X7 \|d DEBSZ \|d EBLCP \|d OCLCQ \|d OCLCF \|d OCLCQ \|d OCLCA \|d OCLCQ \|d OPELS \|d OCL \|d OCLCQ \|d COO \|d OCLCQ \|d LOA \|d JBG \|d AGLDB \|d STF \|d MOR \|d PIFAG \|d LIV \|d MERUC \|d OCLCQ \|d U3W \|d OCLCA \|d EZC \|d WRM \|d D6H \|d OCLCQ \|d VTS \|d ICG \|d INT \|d VT2 \|d OCLCQ \|d UAB \|d LEAUB \|d DKC \|d OCLCQ \|d M8D \|d OL$ \|d OCLCQ \|d BRF \|d OCLCQ \|d MHW \|d OCLCO \|d OCLCQ \|d OCLCO \|d SXB \|d OCLCQ \|d OCLCO
019			\|a 154201232 \|a 162131551 \|a 269472059 \|a 314139390 \|a 354787694 \|a 488430786 \|a 507060916 \|a 606033163 \|a 648300538 \|a 722902294 \|a 961620062 \|a 962623138 \|a 966248222 \|a 984786344 \|a 988501411 \|a 992029365 \|a 1034913437 \|a 1037710788 \|a 1038698134 \|a 1044158120 \|a 1055317340 \|a 1056399276 \|a 1060860517 \|a 1074323472
020			\|a 1597491292
020			\|a 9781597491297
020			\|a 9780080477602 \|q (electronic bk.)
020			\|a 0080477607 \|q (electronic bk.)
024	1		\|a 792502912928
035			\|a (OCoLC)183748860 \|z (OCoLC)154201232 \|z (OCoLC)162131551 \|z (OCoLC)269472059 \|z (OCoLC)314139390 \|z (OCoLC)354787694 \|z (OCoLC)488430786 \|z (OCoLC)507060916 \|z (OCoLC)606033163 \|z (OCoLC)648300538 \|z (OCoLC)722902294 \|z (OCoLC)961620062 \|z (OCoLC)962623138 \|z (OCoLC)966248222 \|z (OCoLC)984786344 \|z (OCoLC)988501411 \|z (OCoLC)992029365 \|z (OCoLC)1034913437 \|z (OCoLC)1037710788 \|z (OCoLC)1038698134 \|z (OCoLC)1044158120 \|z (OCoLC)1055317340 \|z (OCoLC)1056399276 \|z (OCoLC)1060860517 \|z (OCoLC)1074323472
037			\|b 00991439
050		4	\|a TK5105.59 \|b .C658 2006eb
072		7	\|a COM \|x 060040 \|2 bisacsh
072		7	\|a COM \|x 043050 \|2 bisacsh
072		7	\|a COM \|x 053000 \|2 bisacsh
082	7		\|a 005.8 \|2 22
049			\|a MAIN
100	1		\|a Contos, Brian T. \|1 https://id.oclc.org/worldcat/entity/E39PCjKF9QTBDJCx88ryhVJrC3 \|0 http://id.loc.gov/authorities/names/nb2007016723
245	1	0	\|a Enemy at the water cooler : \|b real-life stories of insider threats and Enterprise Security Management countermeasures / \|c Brian T. Contos.
260			\|a Rockland, Mass. : \|b Syngress, \|c ©2006.
300			\|a 1 online resource (xxii, 262 pages) : \|b illustrations
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
500			\|a Title from Web page (viewed February 28, 2007).
520			\|a Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider.
504			\|a Includes bibliographical references and index.
505	0		\|a Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions.
650		0	\|a Computer networks \|x Security measures. \|0 http://id.loc.gov/authorities/subjects/sh94001277
650		0	\|a Computer security.
650		0	\|a Hackers. \|0 http://id.loc.gov/authorities/subjects/sh94005931
650		6	\|a Réseaux d'ordinateurs \|x Sécurité \|x Mesures.
650		6	\|a Sécurité informatique.
650		6	\|a Pirates informatiques.
650		7	\|a COMPUTERS \|x Internet \|x Security. \|2 bisacsh
650		7	\|a COMPUTERS \|x Networking \|x Security. \|2 bisacsh
650		7	\|a COMPUTERS \|x Security \|x General. \|2 bisacsh
650		7	\|a Computer networks \|x Security measures. \|2 blmlsh
650		7	\|a Computer security. \|2 blmlsh
650		7	\|a Computer hackers. \|2 blmlsh
650		7	\|a Hackers \|2 fast
650		7	\|a Computer networks \|x Security measures \|2 fast
650		7	\|a Computer security \|2 fast
776	0	8	\|i Print version: \|a Contos, Brian T. \|t Enemy at the water cooler. \|d Rockland, MA : Syngress, ©2006 \|z 1597491292 \|z 9781597491297 \|w (OCoLC)71843890
856	4	0	\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=196374 \|3 Volltext
856	4	0	\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://www.sciencedirect.com/science/book/9781597491297 \|3 Volltext
938			\|a Books 24x7 \|b B247 \|n bks00013585
938			\|a ProQuest Ebook Central \|b EBLB \|n EBL294116
938			\|a ebrary \|b EBRY \|n ebr10186105
938			\|a EBSCOhost \|b EBSC \|n 196374
938			\|a YBP Library Services \|b YANK \|n 2586072
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA
049			\|a DE-863

Datensatz im Suchindex

DE-BY-FWS_katkey	ZDB-4-EBA-ocn183748860
_version_	1816881658820820992
adam_text
any_adam_object
author	Contos, Brian T.
author_GND	http://id.loc.gov/authorities/names/nb2007016723
author_facet	Contos, Brian T.
author_role
author_sort	Contos, Brian T.
author_variant	b t c bt btc
building	Verbundindex
bvnumber	localFWS
callnumber-first	T - Technology
callnumber-label	TK5105
callnumber-raw	TK5105.59 .C658 2006eb
callnumber-search	TK5105.59 .C658 2006eb
callnumber-sort	TK 45105.59 C658 42006EB
callnumber-subject	TK - Electrical and Nuclear Engineering
collection	ZDB-4-EBA
contents	Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions.
ctrlnum	(OCoLC)183748860
dewey-full	005.8
dewey-hundreds	000 - Computer science, information, general works
dewey-ones	005 - Computer programming, programs, data, security
dewey-raw	005.8
dewey-search	005.8
dewey-sort	15.8
dewey-tens	000 - Computer science, information, general works
discipline	Informatik
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>09674cam a2200697 a 4500</leader><controlfield tag="001">ZDB-4-EBA-ocn183748860</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr zn\|\|\|\|\|\|\|\|\|</controlfield><controlfield tag="008">071213s2006 maua ob 001 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">NTG</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">NTG</subfield><subfield code="d">N$T</subfield><subfield code="d">YDXCP</subfield><subfield code="d">ZCU</subfield><subfield code="d">IDEBK</subfield><subfield code="d">E7B</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">UMI</subfield><subfield code="d">CEF</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">U5D</subfield><subfield code="d">AU@</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">B24X7</subfield><subfield code="d">DEBSZ</subfield><subfield code="d">EBLCP</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCF</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCA</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OPELS</subfield><subfield code="d">OCL</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">COO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">LOA</subfield><subfield code="d">JBG</subfield><subfield code="d">AGLDB</subfield><subfield code="d">STF</subfield><subfield code="d">MOR</subfield><subfield code="d">PIFAG</subfield><subfield code="d">LIV</subfield><subfield code="d">MERUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">U3W</subfield><subfield code="d">OCLCA</subfield><subfield code="d">EZC</subfield><subfield code="d">WRM</subfield><subfield code="d">D6H</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">VTS</subfield><subfield code="d">ICG</subfield><subfield code="d">INT</subfield><subfield code="d">VT2</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">UAB</subfield><subfield code="d">LEAUB</subfield><subfield code="d">DKC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">M8D</subfield><subfield code="d">OL$</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">BRF</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">MHW</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">SXB</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">154201232</subfield><subfield code="a">162131551</subfield><subfield code="a">269472059</subfield><subfield code="a">314139390</subfield><subfield code="a">354787694</subfield><subfield code="a">488430786</subfield><subfield code="a">507060916</subfield><subfield code="a">606033163</subfield><subfield code="a">648300538</subfield><subfield code="a">722902294</subfield><subfield code="a">961620062</subfield><subfield code="a">962623138</subfield><subfield code="a">966248222</subfield><subfield code="a">984786344</subfield><subfield code="a">988501411</subfield><subfield code="a">992029365</subfield><subfield code="a">1034913437</subfield><subfield code="a">1037710788</subfield><subfield code="a">1038698134</subfield><subfield code="a">1044158120</subfield><subfield code="a">1055317340</subfield><subfield code="a">1056399276</subfield><subfield code="a">1060860517</subfield><subfield code="a">1074323472</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1597491292</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781597491297</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780080477602</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0080477607</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="024" ind1="1" ind2=" "><subfield code="a">792502912928</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)183748860</subfield><subfield code="z">(OCoLC)154201232</subfield><subfield code="z">(OCoLC)162131551</subfield><subfield code="z">(OCoLC)269472059</subfield><subfield code="z">(OCoLC)314139390</subfield><subfield code="z">(OCoLC)354787694</subfield><subfield code="z">(OCoLC)488430786</subfield><subfield code="z">(OCoLC)507060916</subfield><subfield code="z">(OCoLC)606033163</subfield><subfield code="z">(OCoLC)648300538</subfield><subfield code="z">(OCoLC)722902294</subfield><subfield code="z">(OCoLC)961620062</subfield><subfield code="z">(OCoLC)962623138</subfield><subfield code="z">(OCoLC)966248222</subfield><subfield code="z">(OCoLC)984786344</subfield><subfield code="z">(OCoLC)988501411</subfield><subfield code="z">(OCoLC)992029365</subfield><subfield code="z">(OCoLC)1034913437</subfield><subfield code="z">(OCoLC)1037710788</subfield><subfield code="z">(OCoLC)1038698134</subfield><subfield code="z">(OCoLC)1044158120</subfield><subfield code="z">(OCoLC)1055317340</subfield><subfield code="z">(OCoLC)1056399276</subfield><subfield code="z">(OCoLC)1060860517</subfield><subfield code="z">(OCoLC)1074323472</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="b">00991439</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">TK5105.59</subfield><subfield code="b">.C658 2006eb</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">060040</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">043050</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM</subfield><subfield code="x">053000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">22</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Contos, Brian T.</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCjKF9QTBDJCx88ryhVJrC3</subfield><subfield code="0">http://id.loc.gov/authorities/names/nb2007016723</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Enemy at the water cooler :</subfield><subfield code="b">real-life stories of insider threats and Enterprise Security Management countermeasures /</subfield><subfield code="c">Brian T. Contos.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">Rockland, Mass. :</subfield><subfield code="b">Syngress,</subfield><subfield code="c">©2006.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (xxii, 262 pages) :</subfield><subfield code="b">illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Title from Web page (viewed February 28, 2007).</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider.</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94001277</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer security.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Hackers.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94005931</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Sécurité informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Pirates informatiques.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Internet</subfield><subfield code="x">Security.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Networking</subfield><subfield code="x">Security.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">Security</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="2">blmlsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security.</subfield><subfield code="2">blmlsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer hackers.</subfield><subfield code="2">blmlsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Hackers</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer security</subfield><subfield code="2">fast</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Contos, Brian T.</subfield><subfield code="t">Enemy at the water cooler.</subfield><subfield code="d">Rockland, MA : Syngress, ©2006</subfield><subfield code="z">1597491292</subfield><subfield code="z">9781597491297</subfield><subfield code="w">(OCoLC)71843890</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=196374</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://www.sciencedirect.com/science/book/9781597491297</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Books 24x7</subfield><subfield code="b">B247</subfield><subfield code="n">bks00013585</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest Ebook Central</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL294116</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ebrary</subfield><subfield code="b">EBRY</subfield><subfield code="n">ebr10186105</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">196374</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">2586072</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection>
id	ZDB-4-EBA-ocn183748860
illustrated	Illustrated
indexdate	2024-11-27T13:16:13Z
institution	BVB
isbn	1597491292 9781597491297 9780080477602 0080477607
language	English
oclc_num	183748860
open_access_boolean
owner	MAIN DE-863 DE-BY-FWS
owner_facet	MAIN DE-863 DE-BY-FWS
physical	1 online resource (xxii, 262 pages) : illustrations
psigel	ZDB-4-EBA
publishDate	2006
publishDateSearch	2006
publishDateSort	2006
publisher	Syngress,
record_format	marc
spelling	Contos, Brian T. https://id.oclc.org/worldcat/entity/E39PCjKF9QTBDJCx88ryhVJrC3 http://id.loc.gov/authorities/names/nb2007016723 Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures / Brian T. Contos. Rockland, Mass. : Syngress, ©2006. 1 online resource (xxii, 262 pages) : illustrations text txt rdacontent computer c rdamedia online resource cr rdacarrier Title from Web page (viewed February 28, 2007). Packed with vivid real-life cases, this comprehensive book addresses the most difficult to manage and costly of all security threats: the insider. Includes bibliographical references and index. Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions. Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer security. Hackers. http://id.loc.gov/authorities/subjects/sh94005931 Réseaux d'ordinateurs Sécurité Mesures. Sécurité informatique. Pirates informatiques. COMPUTERS Internet Security. bisacsh COMPUTERS Networking Security. bisacsh COMPUTERS Security General. bisacsh Computer networks Security measures. blmlsh Computer security. blmlsh Computer hackers. blmlsh Hackers fast Computer networks Security measures fast Computer security fast Print version: Contos, Brian T. Enemy at the water cooler. Rockland, MA : Syngress, ©2006 1597491292 9781597491297 (OCoLC)71843890 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=196374 Volltext FWS01 ZDB-4-EBA FWS_PDA_EBA https://www.sciencedirect.com/science/book/9781597491297 Volltext
spellingShingle	Contos, Brian T. Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures / Part I: Background on Cyber Crime, Insider Threats, and ESM -- Chapter One: Cyber Crime and Cyber Criminals -- About this Chapter -- Computer Dependence and Internet Growth -- The Shrinking Vulnerability Threat Window -- Motivations for Cyber Criminal Activity -- o Black Markets -- Hacker -- Script Kiddies -- Solitary Cyber Criminals and Exploit Writers for Hire -- Organized Crime -- Identity Thieves (Impersonation Fraudsters) -- Competitors -- Activist Groups, Nation-State Threats, and Terrorists -- Activists -- Nation-State Threats -- o China -- o France -- o Russia -- o United Kingdom -- o United States -- Terrorists -- Insiders -- Tools of the Trade -- o Application-Layer Exploits -- o Botnets -- o Buffer Overflows -- o Code Packing -- o Denial-of-service (DoS) Attacks -- o More Aggressive and Sophisticated Malware -- o Non-wired Attacks and Mobile Devices -- o Password-cracking -- o Phishing -- o Reconnaissance and Googledorks -- o Rootkits and Keyloggers -- o Social Engineering Attacks -- o Voice over IP (VoIP) Attacks -- o Zero-Day Exploits -- Summary Points -- Chapter Two: Insider Threats -- Understanding Who the Insider Is -- Psychology of Insider Identification -- Insider Threat Examples from the Media -- Insider Threats from a Human Perspective -- o A Word on Policies -- Insider Threats from a Business Perspective -- o Risk -- Insider Threats from a Technical Perspective -- o Need-to-know -- o Least Privileges -- o Separation of Duties -- o Strong Authentication -- o Access Controls -- o Incident Detection and Incident Management -- Summary Points -- -- Chapter Three: Enterprise Security Management (ESM) -- ESM in a Nutshell -- Key ESM Feature Requirements -- o Event Collection -- o Normalization -- o Categorization -- o Asset Information -- o Vulnerability Information -- o Zoning and Global Positioning System Data -- o Active Lists -- o Actors -- o Data Content -- o Correlation -- o Prioritization -- o Event and Response Time Reduction -- o Anomaly Detection -- o Pattern Discovery -- o Alerting -- o Case Management -- o Real-Time Analysis and Forensic Investigation -- o Visualization -- o High-level Dashboards -- o Detailed Visualization -- o Reporting -- o Remediation -- Return On Investment (ROI) and Return On Security Investment (ROSI) -- Alternatives to ESM -- o Do Nothing -- o Custom In-house Solutions -- o Outsourcing and Co-sourcing --? Co-sourcing examples: -- Summary Points -- -- Part II: Real Life Case Studies -- Chapter Four: Imbalanced SecurityA Singaporean Data Center -- Chapter Five: Correlating Physical and Logical Security EventsA U.S. Government Organization -- Chapter Six: Insider with a ConscienceAn Austrian Retailer -- Chapter Seven: Collaborative ThreatA Telecommunications Company in the U.S. -- Chapter Eight: Outbreak from WithinA Financial Organization in the U.K. -- Chapter Nine: Mixing Revenge and PasswordsA Utility Company in Brazil -- Chapter Ten: Rapid RemediationA University in the United States -- Chapter Eleven: Suspicious ActivityA Consulting Company in Spain -- Chapter Twelve: Insiders Abridged -- Malicious use of Medical Records -- Hosting Pirated Software -- Pod-Slurping -- Auctioning State Property -- Writing Code for another Company -- Outsourced Insiders -- Smuggling Gold in Rattus Norvegicus -- -- Part III: The Extensibility of ESM -- Chapter Thirteen: Establishing Chain-of-Custody Best Practices with ESM -- Disclaimer -- Monitoring and disclosure -- Provider Protection Exception -- Consent Exception -- Computer Trespasser Exception -- Court Order Exception -- Best Practices -- Canadian Best Evidence Rule -- Summary Points -- -- Chapter Fourteen: Addressing Both Insider Threats and Sarbanes-Oxley with ESM -- A Primer on Sarbanes-Oxley -- Section 302: Corporate Responsibility for Financial Reports -- Section 404: Management Assessment of Internal Controls -- Separation of Duties -- Monitoring Interaction with Financial Processes -- Detecting Changes in Controls over Financial Systems -- Section 409: Real-time Issuer Disclosures -- Summary Points -- -- Chapter Fifteen: Incident Management with ESM -- Incident Management Basics -- Improved Risk Management -- Improved Compliance -- Reduced Costs -- Current Challenges -- o Process -- o Organization -- o Technology -- Building an Incident Management Program -- o Defining Risk -- Five Steps to Risk Definition for Incident Management -- o Process -- o Training -- o Stakeholder Involvement -- o Remediation -- o Documentation -- Reporting and Metrics -- Summary Points -- -- Chapter Sixteen: Insider Threat Questions and Answers -- Introduction -- Insider Threat Recap -- Question One -- Employees -- o The Hiring Process -- o Reviews -- o Awareness -- o NIST 800-50 -- o Policies -- o Standards -- o Security Memorandum Example -- Question Two -- Prevention -- Question Three Asset Inventories -- Question Four Log Collection -- o Security Application Logs -- o Operating System Log -- o Web Server Logs -- o NIST 800-92 -- Question Five Log Analysis -- Question Six -- Specialized Insider Content -- Question Seven Physical and Logical Security Convergence -- Question Eight IT Governance -- o NIST 800-53 -- o Network Account Deletion maps to NIST 800-53 section AC-2 -- o Vulnerability Scanning maps to NIST 800-53 section RA-5 -- o Asset Creation maps to NIST 800-53 section CM-4 -- o Attacks and Suspicious Activity from Public Facing Assets maps to NIST 800-53 section SC-14 -- o Traffic from Internal to External Assets maps to NIST 800-53 section SC-7 -- Question Nine -- Incident Response -- Question 10 Must Haves -- -- Appendix AExamples of Cyber Crime Prosecutions. Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer security. Hackers. http://id.loc.gov/authorities/subjects/sh94005931 Réseaux d'ordinateurs Sécurité Mesures. Sécurité informatique. Pirates informatiques. COMPUTERS Internet Security. bisacsh COMPUTERS Networking Security. bisacsh COMPUTERS Security General. bisacsh Computer networks Security measures. blmlsh Computer security. blmlsh Computer hackers. blmlsh Hackers fast Computer networks Security measures fast Computer security fast
subject_GND	http://id.loc.gov/authorities/subjects/sh94001277 http://id.loc.gov/authorities/subjects/sh94005931
title	Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures /
title_auth	Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures /
title_exact_search	Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures /
title_full	Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures / Brian T. Contos.
title_fullStr	Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures / Brian T. Contos.
title_full_unstemmed	Enemy at the water cooler : real-life stories of insider threats and Enterprise Security Management countermeasures / Brian T. Contos.
title_short	Enemy at the water cooler :
title_sort	enemy at the water cooler real life stories of insider threats and enterprise security management countermeasures
title_sub	real-life stories of insider threats and Enterprise Security Management countermeasures /
topic	Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 Computer security. Hackers. http://id.loc.gov/authorities/subjects/sh94005931 Réseaux d'ordinateurs Sécurité Mesures. Sécurité informatique. Pirates informatiques. COMPUTERS Internet Security. bisacsh COMPUTERS Networking Security. bisacsh COMPUTERS Security General. bisacsh Computer networks Security measures. blmlsh Computer security. blmlsh Computer hackers. blmlsh Hackers fast Computer networks Security measures fast Computer security fast
topic_facet	Computer networks Security measures. Computer security. Hackers. Réseaux d'ordinateurs Sécurité Mesures. Sécurité informatique. Pirates informatiques. COMPUTERS Internet Security. COMPUTERS Networking Security. COMPUTERS Security General. Computer hackers. Hackers Computer networks Security measures Computer security
url	https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=196374 https://www.sciencedirect.com/science/book/9781597491297
work_keys_str_mv	AT contosbriant enemyatthewatercoolerreallifestoriesofinsiderthreatsandenterprisesecuritymanagementcountermeasures

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge