You are previewing Information Technology Security Fundamentals.
O'Reilly logo
Information Technology Security Fundamentals

Book Description

Information security is at the forefront of timely IT topics, due to the spectacular and well-publicized breaches of personal information stored by companies. To create a secure IT environment, many steps must be taken, but not all steps are created equal. There are technological measures that increase security, and some that do not do, but overall, the best defense is to create a culture of security in the organization. The same principles that guide IT security in the enterprise guide smaller organizations and individuals. The individual techniques and tools may vary by size, but everyone with a computer needs to turn on a firewall and have antivirus software. Personal information should be safeguarded by individuals and by the firms entrusted with it. As organizations and people develop security plans and put the technical pieces in place, a system can emerge that is greater than the sum of its parts.

Table of Contents

  1. Cover
  2. Half Title Page
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Contents
  7. Preface
  8. Chapter 1: Security and Information Assurance
    1. Information assurance and security in the enterprise
    2. Interorganizational security
    3. Physical asset protection
    4. Looking ahead
  9. Chapter 2: Operating System Security
    1. What is the threat landscape?
    2. How can a machine be attacked?
    3. Patching
    4. Hardening basics
    5. Servers in the CIA model
    6. Specifics for different operating systems
    7. Open source operating systems
    8. OSS security
    9. Threat model for desktops: disgruntled or careless users
    10. Rogue applications/malware
    11. Remote access—intentional
    12. Summary
  10. Chapter 3: Data Security: Protecting Your Information
    1. Cost of a breach
    2. Internal versus external
    3. DBMS security features
    4. Types of database threats
    5. Data quality aspects of information assurance
    6. Master data management
    7. Data security strategy
    8. Summary
  11. Chapter 4: Keeping the Electronic Highways Safe
    1. Using virtual local area networks
    2. Security concerns with convergence
    3. Virtual private networks, firewalls, and other “secure” networking practices
    4. Importance of using secure networks
    5. Types of VPNs
    6. VPNs for remote workers on unsecured WiFi networks
    7. Firewalls
    8. Death of the perimeter
    9. Other firewalls
    10. Other security tools
    11. Wireless security
    12. Summary
  12. Chapter 5: We Released What?!? (Application Security)
    1. The need for a secure developer!
    2. How are the applications using our data and networks?
    3. Securing the environment, test data, and making the migration happen
    4. Testing applications
    5. Summary
  13. Chapter 6: Cracking the Code (Cryptography)
    1. What is it?
    2. Modern ciphers in layman’s terms
    3. AES & SSL/TLS
    4. How is encryption used to secure resources?
    5. Where should encryption be used?
    6. Cryptography is not a cure-all
    7. Summary
  14. Chapter 7: Danger! Danger! Danger! (Penetration Testing)
    1. Internal vs. external testing
    2. How penetration testing is performed
    3. Volunteer penetration testers
    4. Summary
  15. Chapter 8: Disaster Recovery
    1. What is a “disaster”?
    2. Securing against catastrophe
    3. What to consider?
    4. Making your DRP a reality
    5. Summary
  16. Chapter 9: Integrating Your Security Plan across the Enterprise
    1. What does the policy contain?
    2. To whom does it apply?
    3. Developing a security policy
    4. Summary
  17. Chapter 10: Conclusion
    1. Security trends & future concerns
    2. SCADA security
    3. Big Data
    4. Cloud security
    5. What is next?
    6. Home and SOHO security
    7. Backups
    8. Personal security
    9. Final thoughts
  18. Glossary
  19. Appendix A
  20. Endnotes
  21. Index