The NCSA Guide to Enterprise Security

Protecting Information Assets

Michel Kabay

Publisher: McGraw-Hill, 1996, 383 pages

ISBN: 0-07-033147-2

Keywords: Information Security

Last modified: June 7, 2021, 12:15 p.m.

Synopsis

Arm yourself with practical, fail-safe solutions for protecting vital corporate information.

All too often, managers and technicians responsible for protecting their company's computer systems from viruses, vandals, and other calamities find themselves reacting after catastrophe strikes. With the help of this pragmatic guide, co-sponsored by the National Computer Security Association, you'll learn how to shield your enterprisewide system from loss or damage before it happens.

Concise, accessible, and up-to-date, The NCSA Guide to Enterprise Security focuses on real-world issues encompassing all types of businesses. Dozens of case studies help you put into context the dangers that await inadequately protected systems. You'll learn how to:

  • Identify key threats and vulnerabilities
  • Devise effective countermeasures for each type of computer crime
  • Develop cooperative efforts to protect against threats from employees, ex-employees, and software vendors
  • Improve physical security at your facility
  • Apply appropriate encryption techniques to improve security
  • Convene a high-level task force for disaster prevention, mitigation, and recovery;

Plus, you'll find a wealth of references to current technical literature.

Table of Contents

  1. Protecting Your Information Assets
    • What Enterprise System Security Is
    • History
    • The Mission of Infosec
    • Definitions of Information Security
    • Threats to Security
    • Information Warfare
    • Risk Assessment
    • Summary
    • References
  2. Computer Crime Techniques and Countermeasures
    • A Computer Crime Glossary
    • Sabotage
    • Preventing Sabotage
    • Physical and Logical Piggybacking
    • Impersonation
    • Data Diddling
    • Superzapping
    • Scavenging
    • Back Doors
    • Trojan Horses
    • Salamis
    • Logic Bombs
    • Time Bombs
    • Illogic Bomb
    • Data Leakage
    • Steganography and Inference
    • Extortion
    • Forgery
    • Fraud
    • Simulation
    • References
  3. Computer Viruses
    • Rogue Software
    • Viruses and Worms
    • What Viruses Do
    • History of Malicious Code
    • How Viruses Work
    • How Bad Is the Virus Problem?
    • Most Common Viruses
    • Virus Factories
    • Virus By Number
    • Antivirus Products
    • Why Do People Write Viruses?
    • Viruses ob Non-DOS Operating Systems
    • The Internet Worm of 1988
    • Helpful Viruses?
    • Public Policy Issues
    • References
  4. Personnel and Legal Issues
    • Hiring
    • Ongoing Management
    • Separation of Duties
    • Employment Termination
    • Legal Liability in Managing Information
    • Software Theft
    • Blowing the Whistle
    • References
  5. Physical Security
    • A New Site
    • An Existing Building
    • The Computer Center
    • Access Control Devices
    • References
  6. Identification, Authentication, and Authorization
    • Passwords
    • Password hygiene
    • Alternative Methods of Authentication
    • Multiple Systems
    • Authorization
    • Security Software
    • Forgotten passwords
    • Artificial Intelligence
    • References
  7. Backups and Data Integrity
    • Cost/Benefit Analysis
    • Logging
    • Less Intrusive Backups
    • Disk Mirroring
    • Retaining Backups
    • Storage
    • Long-Term Storage of Backups
    • Disposal of Magnetic Media
    • References
  8. Voice and Data Networks
    • Asynchronous Links
    • Microwave Relays
    • Leased Lines
    • Fiberoptics
    • Satellite Links
    • Wireless Networks
    • Packet-Switching Networks
    • LANs
    • Wireless LANs
    • Power-Line, Spread-Spectrum LANs
    • Toll Fraud
    • Voice Mail
    • Electronic Mail
    • Fax
    • Electronic Data Interchange
    • Emanations Control
    • Internet Access and Firewalls
    • SATAN
    • PC and Workstation Security
    • References
  9. Criminal Hackers
    • History and Current Status
    • Hacker techniques
    • The Hacker Subculture
    • Hacker Psychology
    • Why We Should Care About Hackers
    • What Can Be Done About Hackers
    • Building a CERT
    • Become Involved in Computer Ethics
    • References
  10. Encryption
    • Why Data Must Be Encrypted
    • Substitution Ciphers
    • Weaknesses of Proprietary Algorithms
    • Cryptanalytic Attacks
    • Stronger Encryption
    • The Data Encryption Standard
    • RSA Public Key Cryptosystem
    • PGP: Pretty Good Privacy
    • Digital Signature Standard
    • Privacy Enhanced Mail
    • Public-Key Cryptography Standards
    • Entrust
    • Key Management
    • The Key Escrow Proposal
    • International Traffic in Arms Regulations
    • Electronic Commerce
    • References
  11. Developing and Implementing Organizational Policy
    • Social Psychology and Infosec
    • Building a Security Policy
    • References
  12. Information Warfare
    • Conceptual Framework
    • The Tools of Infowar
    • Case Studies of Infowar Techniques
    • Civil Defense in Cyberspace
    • Conclusion
    • References
  1. Notes of the 1993 HoHoCon
  2. PGP 2.6.2
  3. The Key Escrow Proposal
  4. References to Cryptography in the ITAR

Reviews

The NCSA Guide to Enterprise Security

Reviewed by Roland Buresund

Mediocre **** (4 out of 10)

Last modified: Nov. 15, 2008, 1:40 a.m.

Opinion

Interesting book, but it gives you very little. Skip it.

Comments

There are currently no comments

New Comment

required

required (not published)

optional

required

captcha

required