<SCRIPT language="JavaScript1.1" SRC="http://ad.doubleclick.net/adj/dmreview.com/;abr=!ie;pg=ros;sz=300x250;pos=1;tile=1;ord=17081509?"> </SCRIPT>
<SCRIPT language="JavaScript1.1" SRC="http://ad.doubleclick.net/adj/dmreview.com/;abr=!ie;pg=ros;sz=300x250;pos=2;tile=2;ord=17081509?"> </SCRIPT>

Home » Security

Security

Information Security Policies Made Easy Version 8

Used by over 70% of the Fortune 100, Information Security Policies Made Easy is written by security policy expert and consultant Charles Cresson Wood, CISA, CISSP, who has over 20 years writing and implementing security policies worldwide. Information Security Policies Made Easy is literally an all-in- one security policy resource with templates, advice and instructions to help you generate practical, clear, and compelling information security policies for your organization- whether your organization is large or small. These tools will save hours of time and thousands of dollars developing information security policies.

Information Security Management Handbook, Fourth Edition

In response to new developments in information technologies, this second volume supplements the fourth edition with new information, covering access control issues; authentication services; network security--which includes ATM, frame relay, remote access, network monitoring, and TCP/IP; intrusion detection; penetration testing; secure voice communications; cryptography; security architecture and models; operations security; business continuity planning; and law and ethics. The format continues to follow the standard for Certified Information Systems Security (CISSP) professional certification examination. Contributors are all specialists in computer security systems for various corporations, and/or are associated with CISSP.

Writing Information Security Policies

Finally, someone decides it is time to write a security policy. Management is told of the necessity of the policy document, and they support its development. A manager or administrator is assigned to the task and told to come up with something, and fast! Once security policies are written, they must be treated as living documents. As technology and business requirements change, the policy must be updated to reflect the new environment--at least one review per year. Additionally, policies must include provisions for security awareness and enforcement while not impeding corporate goals. This book serves as a guide to writing and maintaining these all-important security policies.

Information Security Risk Analysis

Introduces risk analysis techniques that can be used to identify and quantify both accidental and malicious threats to computer systems within an organization. The author walks through the qualitative risk analysis process using such techniques as the practical application of risk analysis (PARA) and the facilitated risk analysis process (FRAP). A case study of a truck rental company illustrates application of the method. The appendices provide a questionnaire and sample process forms.

Security Engineering: A Guide to Building Dependable Distributed Systems

Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about.

Security in Computing (2nd Edition)

A senior/graduate level textbook describing security pitfalls that are inherent in many computing tasks. The book assumes knowledge of programming and computer systems. One of today's hot topics.

Web Security, Privacy and Commerce

This guide for users and administrators examines the real risks inherent in Web use and outlines techniques and available technologies for minimizing security threats. The book covers the architecture of the Web, cryptography, SSDL and TLS, digital identification, privacy and its protection, theft and its prevention, mobile codes, physical security for servers, host security, Web applications security, computer crime, content control, code signing, filtering and censorship, logical and policy aspects, digital payments, and intellectual property rights.

Developing Trust: Online Privacy and Security

Although the harrowing number of Internet-based attacks in recent years has elevated the importance of maintaining secure electronic networks, many developers continue to employ passive security administration strategies, addressing issues by using patches in a non-systematic fashion. This counterproductive strategy can be largely attributed to a lack of knowledge regarding the general concepts required to effectively prevent the attack and potential compromise of networked systems.

Cryptography for Internet & Database Applications

Cryptography is the gold standard for security. It is used to protect the transmission and storage of data between two parties by encrypting it into an unreadable format. Cryptography has enabled the first wave of secure transmissions, which has helped fuel the growth of transactions like shopping, banking, and finance over the world’s biggest public network, the Internet. Many Internet applications such as e-mail, databases, and browsers store a tremendous amount of personal and financial information, but frequently the data is left unprotected. Traditional network security is frequently less effective at preventing hackers from accessing this data. For instance, once- private databases are now completely exposed on the Internet. It turns out that getting to the database that holds millions of credit card numbers—the transmission—is secure through the use of cryptography, but the database itself isn’t, fueling the rise of credit card information theft.

Wireless Security Essentials: Defending Mobile Systems from Data Piracy

Vines offers a thorough examination of the fundamental concepts of security and basic computing technology. He first provides the necessary background on wireless and cellular technologies, then discusses the wide range of security methodologies and how to apply them to the wireless world.

Multimedia Data Hiding

With the advances of the digital information revolution and the societal changes they have prompted, it has become critical to facilitate secure management of content usage and delivery across communication networks. Data hiding and digital watermarking are promising new technologies for multimedia information protection and rights management. "Multimedia Data Hiding" addresses the theory, methods, and design of multimedia data hiding and its application to multimedia rights management, information security, and communication. It offers theoretical and practical aspects, and both design and attack problems. Applications discussed include: annotation, tamper detection, copy/access control, fingerprinting, and ownership protection. Countermeasures for attacks on data hiding are discussed, and a chapter assesses attack problems on digital music protection under a unique competitive environment.

Investigative Data Mining for Security and Criminal Detection, First Edition

Introduces security professionals, intelligence and law enforcement analysts, and criminal investigators to the use of data mining as a new kind of investigative tool. The first book to outline how data mining technologies can be used to combat crime in the 21st century.

SQL Server Security Distilled

Securing SQL Server is one of the most important responsibilities of the SQL Server professional. Ensuring your data is safe requires a combination of good systems and database administration, and intelligent application design – weaving a security plan that matches the capabilities and vulnerabilities of each contributing part. But at its root, security is concerned with controlling access – authenticating who can access the data on the server, authorizing what users can do with that data, and securing data as it is transported. These core topics are the focus of this book.

Storage Security: Protecting, SANs, NAS and DAS

The ultimate storage security handbook from the nation's top security expert. Examines strengths and weaknesses, describes architectural security concerns and considerations, and identifies ways to implement and design more secure storage systems.

Linux Security Cookbook

Computer security is an ongoing process, a relentless contest between system administrators and intruders. A good administrator needs to stay one step ahead of any adversaries, which often involves a continuing process of education. If you're grounded in the basics of security, however, you won't necessarily want a complete treatise on the subject each time you pick up a book. Sometimes you want to get straight to the point. That's exactly what the new Linux Security Cookbook does. Rather than provide a total security solution for Linux computers, the authors present a series of easy-to-follow recipes--short, focused pieces of code that administrators can use to improve security and perform common tasks securely.

Privacy for Business: Web Sites and E-mail

The ideal primer for businesses dealing with privacy issues, particularly those that impact web sites and email, this book is written for executives, managers, webmasters, system administrators, and all employees who handle personally identifiable information. Protect your business from damaging privacy incidents with this book, while providing your customers with the privacy they demand and deserve.

Security and Privacy in Digital Rights Management

This book constitutes the thoroughly refereed post-proceedings of the International Workshop on Security and Privacy in Digital Rights Management, DRM 2001, held during the ACM CCS-8 Conference in Philadelphia, PA, USA, in November 2001. The 14 revised full papers presented were carefully reviewed and selected from 50 submissions. The papers are organized in topical sections on renewability, fuzzy hashing, cryptographic techniques and fingerprinting, privacy and architectures, software tamper resistance, cryptanalysis, and economic and legal aspects.

SQL Server Security: What DBAs and Programmers Need to Know

SQL Server Security: What DBAs and Programmers Need to Know is a comprehensive look at securing SQL Server 2000. Author K. Brian Kelley walks you through the basics of security and how it applies to an SQL Server installation. The focus of the book then shifts to the internal mechanisms SQL Server uses to protect data and audit access. Discussion of external security and vulnerabilities due to applications and the operating system as well as network vulnerabilities with respect to the transmission of login information, and unsecured data streams is included. Kelley also reviews several third-party tools that can assist in auditing, securing, and reporting on SQL Server.

Cryptography in the Database: The Last Line of Defense

If hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure—from your customers, your partners, your stockholders, and now, the government—to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications.

(Review excerpt from Amazon.com)

The Chief Information Security Officer's Toolkit: Governance Guidebook

Oriented toward MIS leaders and security and business executives, this book is comprehensive in it coverage and provides all of the information top level decision makers need to know to make sound information security decisions. According to its author, Dr. Fred Cohen, "This book fills the growing gap between technology and business know-how in information security."

Enterprise Security: IT Security Solutions - Concepts, Practical Experiences,...

Enterprise Security: IT Security Solutions - Concepts, Practical Experiences,Technologies.

Addressing IT managers and staff, as well as CIOs and other executives dealing with corporate IT security, this book provides a broad knowledge on the major security issues affecting today's corporations and organizations, and presents state-of-the-art concepts and current trends for securing an enterprise.

Areas covered include information security management, network and system security, identity and access management (IAM), authentication (including smart card based solutions and biometrics), and security certification. In-depth discussion of relevant technologies and standards (including cryptographic techniques, intelligent tokens, public key infrastructures, IAM technologies) is provided.