Business Case for Network

Understand the total cost of ownership and return on investment for network security solutions http://www.dropshippers.co.za/

• Understand what motivates hackers and how to classify threats
• Learn how to recognize common vulnerabilities and common types of attacks
• Examine modern day security systems, devices, and mitigation techniques
• Integrate policies and personnel with security equipment to effectively lessen security risks
• Analyze the greater implications of security breaches facing corporations and executives today
• Understand the governance aspects of network security to help implement a climate of change throughout your organization
• Learn how to qualify your organization’s aversion to risk
• Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI
• Learn the essential elements of security policy development and how to continually assess security needs and vulnerabilities
http://www.dropshippers.co.za/

The Business Case for Network Security: Advocacy, Governance, and ROI addresses the needs of networking professionals and business executives who seek to assess their organization’s risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board. http://www.dropshippers.co.za/

Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow financial modeling exercises to be performed easily. http://www.dropshippers.co.za/

An essential IT security-investing tool written from a business management perspective, The Business Case for Network Security: Advocacy, Governance, and ROI helps you determine the effective ROP for your business. http://www.dropshippers.co.za/

This volume is in the Network Business Series offered by Cisco Press®. Books in this series provide IT executives, decision makers, and networking professionals with pertinent information about today’s most important technologies and business strategies. http://www.dropshippers.co.za/

Table of Contents

Introduction.

I. VULNERABILITIES AND TECHNOLOGIES.

1. Hackers and Threats.

• Contending with Vulnerability
• Realizing Value in Security Audits
• Analyzing Hacking
• Assessing Vulnerability and Response
• Hackers: Motivation and Characteristics
• The Enemy Within: Maliciousness and Sloppiness
• Threats Classification
• The Future of Hacking and Security
• Summary
• End Notes
http://www.dropshippers.co.za/

2. Crucial Need for Security: Vulnerabilities and Attacks.

• Recognizing Vulnerabilities
• Design Vulnerabilities Issues
• Human Vulnerability Issues
• Implementation Vulnerability Issues
• Categories of Attacks
• The Human Component in Attacks
• Reconnaissance Attacks
• Access Attacks
• Denial of Service Attacks
• Additional Common Attacks
• Footprinting
• Scanning and System Detailing
• Eavesdropping
• Password Attacks
• Impersonating
• Trust Exploitation
• Software and Protocol Exploitation
• Worms
• Viruses
• Trojan Horses
• Attack Trends
• Wireless Intrusions
• Wireless Eavesdropping
• Man-in-the-Middle Wireless Attacks
• Walk-By Hacking
• Drive-By Spamming
• Wireless Denial of Service
• Frequency Jamming
• The Hapless Road Warrior
• Social Engineering
• Examples of Social Engineering Tactics
• Summary of Attacks
• Cisco SAFE Axioms
• Routers Are Targets
• Switches Are Targets
• Hosts Are Targets
• Networks Are Targets
• Applications Are Targets
• Summary
http://www.dropshippers.co.za/

3. Security Technology and Related Equipment.

• Virus Protection
• Traffic Filtering
• Basic Filtering
• Advanced Filtering
• Filtering Summary
• Encryption
• Encrypted VPN
• SSL Encryption
• File Encryption
• Authentication, Authorization, and Accounting: AAA
• Authentication
• Authorization
• Accounting
• Public Key Infrastructure
• From Detection to Prevention: Intrusion-Detection Systems and Intrusion-Prevention Systems
• IDS Overview
• Network- and Host-Based IDS
• IPS Overview
• Target-Based IDS
• Content Filtering
• URL Filtering
• E-Mail Content Filtering
• Assessment and Audit
• Assessment Tools
• Audit Tools
• Additional Mitigation Methods
• Self-Defending Networks
• Stopping a Worm with Network-Based Application Recognition
• Automated Patch Management
• Notebook Privacy Filter
• Summary
• End Notes
http://www.dropshippers.co.za/

4. Putting It All Together: Threats and Security Equipment.

• Threats, Targets, and Trends
• Lowering Risk Exposure
• Security Topologies
• SAFE Blueprints
• SAFE Architecture
• Using SAFE
• Summary
http://www.dropshippers.co.za/

II. HUMAN AND FINANCIAL ISSUES.

5. Policy, Personnel, and Equipment as Security Enablers.

• Securing the Organization: Equipment and Access
• Job Categories
• Departing Employees
• Password Sanctity
• Access
• Managing the Availability and Integrity of Operations
• Implementing New Software and Privacy Concerns
• Custom and Vendor-Supplied Software
• Sending Data: Privacy and Encryption Considerations
• Regulating Interactivity Through Information and Equipment Control
• Determining Levels of Confidentiality
• Inventory Control: Logging and Tagging
• Mobilizing the Human Element: Creating a Secure Culture
• Employee Involvement
• Management Involvement: Steering Committee
• Creating Guidelines Through the Establishment of Procedural Requirements
• Policy Fundamentals
• Determining Ownership
• Determining Rules and Defining Compliance
• Corporate Compliance
• User Compliance
• Securing the Future: Business Continuity Planning
• Ensuring a Successful Security Policy Approach
• Security Is a Learned Behavior
• Inviting the Unknown
• Avoiding a Fall into the Safety Trap
• Accounting for the Unaccountable
• Workflow Considerations
• Striving to Make Security Policies More Efficient
• Surveying IT Management
• The Need for Determining a Consensus on Risk
• Infosec Management Survey
• Infosec Management Quotient
• Summary
http://www.dropshippers.co.za/

6. A Matter of Governance: Taking Security to the Board.

• Security-A Governance Issue
• Directing Security Initiatives
• Steering Committee
• Leading the Way
• Establishing a Secure Culture
• Securing the Physical Business
• Securing Business Relationships
• Securing the Homeland
• Involving the Board
• Examining the Need for Executive Involvement
• Elements Requiring Executive Participation
• Summary
• End Notes
http://www.dropshippers.co.za/

7. Creating Demand for the Security Proposal: IT Management's Role.

• Delivering the Security Message to Executive Management
• Recognizing the Goals of the Corporation
• Knowing How the Organization Can Use ROP
• Understanding the Organization's Mandate and Directives
• Acknowledging the Organization's Imperatives and Required Deliverables
• Establishing an Appropriate Security Posture
• Outlining Methods IT Managers Can Use to Engage the Organization
• Lobbying Support
• Assessing Senior Business Management Security Requirements
• Every Question Counts: Delivering the Survey to Respondents
• Infosec Operational Survey
• Infosec Operational Quotient
• Summary
http://www.dropshippers.co.za/

8. Risk Aversion and Security Topologies.

• Risk Aversion
• The Notion of Risk Aversion
• Determining Risk Tolerance
• What Assets to Protect
• Short-Term and Long-Term Risks
• Risk-Aversion Quotient
• Calculating the Risk-Aversion Quotient
• Risk-Aversion Quotient and Risk Tolerance
• Using the Charts
• Security Modeling
• Topology Standards
• One Size Rarely Fits All
• Security Throughout the Network
• Diminishing Returns
• Summary
http://www.dropshippers.co.za/

9. Return on Prevention: Investing in Capital Assets.

• Examining Cost of Attacks
• Determining a Baseline
• Providing Alternatives
• Budgeting for Security Equipment
• Total Cost of Ownership
• Present Value
• Analyzing Returns on Security Capital Investments
• Net Present Value
• Internal Rate of Return
• Return on Investment
• Payback Period
• The Bottom Line
• Acknowledging Nonmathematical Security Fundamentals
• Summary
• End Notes
http://www.dropshippers.co.za/

III. POLICIES AND FUTURE.

10. Essential Elements of Security Policy Development.

• Determining Required Policies
• Constructing Reliable and Sound Policies
• Reliability
• Access
• Constancy
• Answerability
• Using Policy Tools and Policy Implementation Considerations
• Useful Policy Tools
• Policy Implementation
• Performing Comprehensive Monitoring
• Knowing Policy Types
• Physical Security Policies
• Access-Control Policies
• Dialup and Analog Policies
• Remote-Access Policies
• Remote Configuration Policies
• VPN and Encryption Policies
• Network Policies
• Data Sensitivity, Retention, and Ethics Policies
• Software Policies
• Summary of Policy Types
• Handling Incidents
• Summary
http://www.dropshippers.co.za/

11. Security Is a Living Process.

• Security Wheel
• Secure
• Monitor
• Test
• Improve
• Scalability
• Jurisprudence
• Hacking
• Internal Issues
• Negligence
• Privacy
• Integrity
• Good Netizen Conduct
• SWOT: Strengths, Weaknesses, Opportunities, and Threats
• Strengths
• Weaknesses
• Opportunities
• Threats
• Summary
• End Note
http://www.dropshippers.co.za/

IV. APPENDIXES.

Appendix A. References.

Appendix B. OSI Model, Internet Protocol, and Packets.

Appendix C. Quick Guides to Security Technologies.

Appendix D. Return on Prevention Calculations Reference Sheets.

Glossary.

Index.