 
Defending the Digital Frontier: A Security Agenda
ISBN: 978-0-471-46630-7
Adobe E-Book
April 2003
US $29.95
 Purchase This E-Book
This price is valid for United States. Change location to view local pricing and availability. |
List of Figures and Tables.
Foreword.
Preface.
Acknowledgments.
PART ONE: THE CHALLENGE OF THE FRONTIER.
Chapter 1: The Security Frontier.
Identifying the Security Frontier.
Environment.
Responsibilities.
Priorities.
Challenges at the Frontier.
Threats and Vulnerabilities.
An Attack Scenario.
Chapter 2: Security Characteristics.
Aligned.
Enterprise-Wide.
Continuous.
Proactive.
Validated.
Formal.
Chapter 3: Organizational Components and Security Objectives.
Organizational Components.
People.
Process.
Technology.
Security Objectives.
Confidentiality, Integrity, and Availability.
Access Control.
PART TWO: THE AGENDA FOR ACTION.
Chapter 4: The Security Agenda.
Restrict, Run, and Recover(SM).
Security Agenda Items.
Planning, Architecture, Operations, and Monitoring Capabilities.
Organizational Model.
Capabilities.
Chapter 5: The Three Rs of Digital Security.
Restrict.
Intrusion and Virus Detection.
Incident Response.
Privacy.
Policies, Standards, and Guidelines.
Physical Security.
Run.
Asset and Service Management.
Vulnerability Management.
Entitlement Management.
Recover.
Business Continuity Planning.
PART THREE: THE APPROACH FOR SAFETY.
Chapter 6: The Security Culture.
The Chief Executive as an Agent of Change.
Instill a Heightened Sense of Awareness.
Build a Digital Security Guidance Council.
Establish a Time Table and Monitor Progress.
Roll Out an Enterprise-Wide Security Awareness and Training Program.
Chapter 7: The Risk Frontier.
Modeling and Defining Digital Security Risk.
Low and Slow Scenario: Lessons to Be Learned.
High-Impact Risk Scenario: Lessons to Be Learned.
Containment and Control Scenarios: Lessons to Be Learned.
Approaching Risk Management.
Chapter 8: Road Map for Success.
Positioning the Organization within the Industry.
Resource Allocation.
Insuring against Digital Security Events.
Table-Top Exercises.
The Orbit of Regard.
Appendix A: Security-Related Laws and Regulations.
U.S. Laws.
The USA Patriot Act of 2001.
The Digital Privacy Act of 2000.
The Electronic Communications Privacy Act of 1986, 2000.
The Gramm Leach Bliley (GLB) Act of 1999 (Financial Services Modernization Act).
The Electronic Freedom of Information Act of 1996 161 The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996.
The National Information Infrastructure Protection Act of 1996.
The Computer Security Act of 1987.
The Computer Fraud and Abuse Act of 1986.
The Computer Crime Control Act of 1984.
U.S. Federal Privacy Act of 1974.
U.S. Regulations, Agencies, and Guidelines.
The National Infrastructure Assurance Council (NIAC, 1999).
Federal Guidelines for Searching and Seizing Computers (U.S. Dept. of Justice, 2001).
International Laws, Regulations, and Guidelines Related to Digital Security and Privacy.
Australia.
European Union.
India.
Japan.
Malaysia.
Mauritius.
Philippines.
Poland.
United Kingdom.
Appendix B: Threat Vectors.
2002 Top 10 Digital Security Threat Vectors.
Appendix C: Ernst & Young 2002 Digital Security Overview: An Executive Guide and Diagnostic.
Endnotes.
Glossary of Digital Security Terminology.
Index.
Foreword.
Preface.
Acknowledgments.
PART ONE: THE CHALLENGE OF THE FRONTIER.
Chapter 1: The Security Frontier.
Identifying the Security Frontier.
Environment.
Responsibilities.
Priorities.
Challenges at the Frontier.
Threats and Vulnerabilities.
An Attack Scenario.
Chapter 2: Security Characteristics.
Aligned.
Enterprise-Wide.
Continuous.
Proactive.
Validated.
Formal.
Chapter 3: Organizational Components and Security Objectives.
Organizational Components.
People.
Process.
Technology.
Security Objectives.
Confidentiality, Integrity, and Availability.
Access Control.
PART TWO: THE AGENDA FOR ACTION.
Chapter 4: The Security Agenda.
Restrict, Run, and Recover(SM).
Security Agenda Items.
Planning, Architecture, Operations, and Monitoring Capabilities.
Organizational Model.
Capabilities.
Chapter 5: The Three Rs of Digital Security.
Restrict.
Intrusion and Virus Detection.
Incident Response.
Privacy.
Policies, Standards, and Guidelines.
Physical Security.
Run.
Asset and Service Management.
Vulnerability Management.
Entitlement Management.
Recover.
Business Continuity Planning.
PART THREE: THE APPROACH FOR SAFETY.
Chapter 6: The Security Culture.
The Chief Executive as an Agent of Change.
Instill a Heightened Sense of Awareness.
Build a Digital Security Guidance Council.
Establish a Time Table and Monitor Progress.
Roll Out an Enterprise-Wide Security Awareness and Training Program.
Chapter 7: The Risk Frontier.
Modeling and Defining Digital Security Risk.
Low and Slow Scenario: Lessons to Be Learned.
High-Impact Risk Scenario: Lessons to Be Learned.
Containment and Control Scenarios: Lessons to Be Learned.
Approaching Risk Management.
Chapter 8: Road Map for Success.
Positioning the Organization within the Industry.
Resource Allocation.
Insuring against Digital Security Events.
Table-Top Exercises.
The Orbit of Regard.
Appendix A: Security-Related Laws and Regulations.
U.S. Laws.
The USA Patriot Act of 2001.
The Digital Privacy Act of 2000.
The Electronic Communications Privacy Act of 1986, 2000.
The Gramm Leach Bliley (GLB) Act of 1999 (Financial Services Modernization Act).
The Electronic Freedom of Information Act of 1996 161 The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996.
The National Information Infrastructure Protection Act of 1996.
The Computer Security Act of 1987.
The Computer Fraud and Abuse Act of 1986.
The Computer Crime Control Act of 1984.
U.S. Federal Privacy Act of 1974.
U.S. Regulations, Agencies, and Guidelines.
The National Infrastructure Assurance Council (NIAC, 1999).
Federal Guidelines for Searching and Seizing Computers (U.S. Dept. of Justice, 2001).
International Laws, Regulations, and Guidelines Related to Digital Security and Privacy.
Australia.
European Union.
India.
Japan.
Malaysia.
Mauritius.
Philippines.
Poland.
United Kingdom.
Appendix B: Threat Vectors.
2002 Top 10 Digital Security Threat Vectors.
Appendix C: Ernst & Young 2002 Digital Security Overview: An Executive Guide and Diagnostic.
Endnotes.
Glossary of Digital Security Terminology.
Index.
