Timothy Braithwaite

Securing E-Business Systems (eBook, PDF)

A Guide for Managers and Executives

• Format: PDF

Produktbeschreibung

The essential guide to e-business security for managers and IT professionals Securing E-Business Systems provides business managers and executives with an overview of the components of an effective e-business infrastructure, the areas of greatest risk, and best practices safeguards. It outlines a security strategy that allows the identification of new vulnerabilities, assists in rapid safeguard deployment, and provides for continuous safeguard evaluation and modification. The book thoroughly outlines a proactive and evolving security strategy and provides a methodology for ensuring that applications are designed with security in mind. It discusses emerging liabilities issues and includes security best practices, guidelines, and sample policies. This is the bible of e-business security. Timothy Braithwaite (Columbus, MD) is Deputy Director of Information Assurance Programs for Titan Corporation. He has managed data centers, software projects, systems planning, and budgeting organizations, and has extensive experience in project and acquisition management. He is also the author of Y2K Lessons Learned (Wiley: 0-471-37308-7).

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in D ausgeliefert werden.

Produktdetails

• Verlag: John Wiley & Sons
• Erscheinungstermin: 1. Oktober 2002
• Englisch
• ISBN-13: 9780471423249
• Artikelnr.: 37301572

Autorenporträt

TIMOTHY BRAITHWAITE has spent more than fifteen years in senior security management positions and another twenty years in executive director positions for computer and communications services organizations in both the public and private sectors. He has also worked as a private consultant. Tim has previously published The Power of IT: Maximizing Your Technology Investments and Evaluating the Year 2000 Project: A Management Guide for Determining Reasonable Care.

Inhaltsangabe

Preface xiii
Chapter 1 Electronic Business Systems Security 1
Introduction 1
How Is E-Business Security Defined? 2
Can E-Business Security Be Explained More Simply? 3
Is E-Business Security Really Such a Big Deal? 3
Is E-Business Security More Important Than Other Information Technology
Initiatives? 4
How Does an Organization Get Started? 5
Instead of Playing "Catch-Up," What Should an Organization Be Doing to
Design E-Business Systems That Are Secure in the First Place? 7
Chapter 2 E-Business Systems and Infrastructure Support Issues 8
Introduction 8
E-Business Defined 9
A Short History of E-Business Innovations 9
The Need for Secure E-Business Systems 14
Software: The Vulnerable Underbelly of Computing 17
The Interoperability Challenge and E-Business Success 20
E-Business Security: An Exercise in Trade-Offs 23
Few Systems Are Designed to Be Secure 25
Conclusion 26
Chapter 3 Security Weaknesses in E-Business Infrastructure and "Best
Practices" Security 27
Introduction 27
Fundamental Technical Security Threats 28
The Guiding Principles of Protection 38
"Best Practice" Prevention, Detection, and Countermeasures and Recovery
Techniques 47
Chapter 4 Managing E-Business Systems and Security 58
Introduction 58
Part One: Misconceptions and Questionable Assumptions 60
Part Two: Managing E-Business Systems as a Corporate Asset 69
Part Three: E-Business Security Program Management 97
Chapter 5 A "Just-in-Time" Strategy for Securing the E-Business System: The
Role for Security Monitoring and Incident Response 129
The Current State of E-Business Security 130
Standard Requirements of an E-Business Security Strategy 132
A New Security Strategy 133
The Crucial Role of Security Monitoring and Incident Response to the
Securing of E-Business Systems 134
The Current State of Intrusion Detection Systems (IDS) 134
Defining a Cost-Effective Security Monitoring and Incident Response
Capability 137
Alternatives to Building "Your Own" Security Monitoring and Incident
Response Capability 138
Summary 139
Chapter 6 Designing and Delivering Secured E-Business Application Systems
140
Introduction 140
Past Development Realities 145
Contemporary Development Realities 148
Developing Secured E-Business Systems 150
Using the SDR Framework 153
Choosing a Systems Development Methodology That Is Compatible with the SDR
Framework 154
Participants in the Identification of Security and Integrity Controls 154
Importance of Automated Tools 162
A Cautionary Word About New Technologies 165
Summary and Conclusions 165
Chapter 7 Justifying E-Business Security and the Security Management
Program 167
Introduction 167
The "Quantifiable" Argument 169
Emerging "Nonquantifiable" Arguments 170
Benefits Justifications Must Cover Security Program Administration 175
Conclusion 177
Chapter 8 Computers, Software, Security, and Issues of Liability 178
Evolving Theories of Responsibility 178
Likely Scenarios 179
How Might a Liability Case Unfold? 180
Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in
Developing a Secure E-Business System 182
Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative
187
The Problem of Dependency 187
Critical Infrastructure Protection (CIP) Purpose, Directives,
Organizations, and Relationships 188
Frequently Asked Questions About the IT-ISAC 190
Critical Information Infrastructure Protection Issues that Need Resolution
192
Appendix A: Y2K Lessons Learned and Their Importance for E-Business
Security 194
Appendix B: Systems Development Review Framework for E-Business Development
Projects 208
Appendix C: A Corporate Plan of Action for Securing E-Business Systems
(Sample) 229
Appendix D: E-Business Risk Management Review Model Instructions for Use
251
Appendix E: Resources Guide 262
Index 267