Skip to main content

Securing E-Business Systems: A Guide for Managers and Executives

Paperback

$45.00

Securing E-Business Systems: A Guide for Managers and Executives

Timothy Braithwaite

ISBN: 978-1-119-09093-9 April 2002 224 Pages

Download Product Flyer

Download Product Flyer

Download Product Flyer is to download PDF in new tab. This is a dummy description. Download Product Flyer is to download PDF in new tab. This is a dummy description. Download Product Flyer is to download PDF in new tab. This is a dummy description. Download Product Flyer is to download PDF in new tab. This is a dummy description.

Description

"This is a must-read for the entire CXO community if businesses are to survive in cyberspace. Attack methodologies and the cyber threat poised against our business systems are advancing rapidly. Business leaders are soon to face downstream liability issues for the damage their unprotected and exploited systems cause not only to themselves but to all of those with whom they do business in cyberspace. American businesses are now the target of choice by our nation's enemies. We may secure the airways, ports, and borders, but only the boardrooms of America can ensure the survival of our economy."
—John R. Thomas, Colonel, U.S. Army, Retired Former Commander of the DoD, Global Operations and Security Center

Today's e-business depends on the security of its networks and information technology infrastructure to safeguard its customers and its profits. But with rapid innovation and the emergence of new threats and new countermeasures, keeping up with security is becoming more complex than ever. Securing E-Business Systems offers a new model for developing a proactive program of security administration that works as a continuous process of identifying weaknesses and implementing solutions. This book offers a real, working design for managing an IT security program with the attention it truly warrants, treating security as a constant function that adapts tomeet a company's changing security needs.

Topics include:

  • Security weaknesses
  • Safeguarding technologies
  • Countermeasure best practices
  • Establishing an adaptable e-business security management program
  • Essential elements of a corporate security management program
  • Functions, structure, staffing, and contracting considerations in security management
  • Implementing intrusion detection technology
  • Designing tomorrow's e-business application for secured operations
  • Contemporary rationales for justifying increased spending on security programs
  • Emerging liability issues for e-businesses

Preface xiii

Chapter 1 Electronic Business Systems Security 1

Introduction 1

How Is E-Business Security Defined? 2

Can E-Business Security Be Explained More Simply? 3

Is E-Business Security Really Such a Big Deal? 3

Is E-Business Security More Important Than Other Information Technology Initiatives? 4

How Does an Organization Get Started? 5

Instead of Playing “Catch-Up,” What Should an Organization Be Doing to Design E-Business Systems That Are Secure in the First Place? 7

Chapter 2 E-Business Systems and Infrastructure Support Issues 8

Introduction 8

E-Business Defined 9

A Short History of E-Business Innovations 9

The Need for Secure E-Business Systems 14

Software: The Vulnerable Underbelly of Computing 17

The Interoperability Challenge and E-Business Success 20

E-Business Security: An Exercise in Trade-Offs 23

Few Systems Are Designed to Be Secure 25

Conclusion 26

Chapter 3 Security Weaknesses in E-Business Infrastructure and “Best Practices” Security 27

Introduction 27

Fundamental Technical Security Threats 28

The Guiding Principles of Protection 38

“Best Practice” Prevention, Detection, and Countermeasures and Recovery Techniques 47

Chapter 4 Managing E-Business Systems and Security 58

Introduction 58

Part One: Misconceptions and Questionable Assumptions 60

Part Two: Managing E-Business Systems as a Corporate Asset 69

Part Three: E-Business Security Program Management 97

Chapter 5 A “Just-in-Time” Strategy for Securing the E-Business System: The Role for Security Monitoring and Incident Response 129

The Current State of E-Business Security 130

Standard Requirements of an E-Business Security Strategy 132

A New Security Strategy 133

The Crucial Role of Security Monitoring and Incident Response to the Securing of E-Business Systems 134

The Current State of Intrusion Detection Systems (IDS) 134

Defining a Cost-Effective Security Monitoring and Incident Response Capability 137

Alternatives to Building “Your Own” Security Monitoring and Incident Response Capability 138

Summary 139

Chapter 6 Designing and Delivering Secured E-Business Application Systems 140

Introduction 140

Past Development Realities 145

Contemporary Development Realities 148

Developing Secured E-Business Systems 150

Using the SDR Framework 153

Choosing a Systems Development Methodology That Is Compatible with the SDR Framework 154

Participants in the Identification of Security and Integrity Controls 154

Importance of Automated Tools 162

A Cautionary Word About New Technologies 165

Summary and Conclusions 165

Chapter 7 Justifying E-Business Security and the Security Management Program 167

Introduction 167

The “Quantifiable” Argument 169

Emerging “Nonquantifiable” Arguments 170

Benefits Justifications Must Cover Security Program Administration 175

Conclusion 177

Chapter 8 Computers, Software, Security, and Issues of Liability 178

Evolving Theories of Responsibility 178

Likely Scenarios 179

How Might a Liability Case Unfold? 180

Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E-Business System 182

Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative 187

The Problem of Dependency 187

Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships 188

Frequently Asked Questions About the IT-ISAC 190

Critical Information Infrastructure Protection Issues that Need Resolution 192

Appendix A: Y2K Lessons Learned and Their Importance for E-Business Security 194

Appendix B: Systems Development Review Framework for E-Business Development Projects 208

Appendix C: A Corporate Plan of Action for Securing E-Business Systems (Sample) 229

Appendix D: E-Business Risk Management Review Model Instructions for Use 251

Appendix E: Resources Guide 262

Index 267