You are previewing Inside Network Security Assessment: Guarding Your IT Infrastructure.
O'Reilly logo
Inside Network Security Assessment: Guarding Your IT Infrastructure

Book Description

As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessment: Guarding Your IT Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. The supporting website will also provide you with access to a variety of tools, checklists, and templates to make your job even easier. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment.

Table of Contents

  1. Copyright
  2. About the Author
  3. Acknowledgments
  4. We Want to Hear from You!
  5. Reader Services
  6. Introduction
    1. Who Should Read This Book
    2. Why We Created This Book
    3. Overview of the Book’s Contents
    4. Conventions Used in This Book
  7. Introduction to Assessing Network Vulnerabilities
    1. What Security Is and Isn’t
    2. Process for Assessing Risk
    3. Four Ways in Which You Can Respond to Risk
    4. Network Vulnerability Assessment
    5. Summary
    6. Key Terms
  8. Foundations and Principles of Security
    1. Basic Security Principles
    2. Security Requires Information Classification
    3. The Policy Framework
    4. The Role Authentication, Authorization, and Accountability Play in a Secure Organization
    5. Encryption
    6. Security and the Employee (Social Engineering)
    7. Summary
    8. Key Terms
  9. Why Risk Assessment
    1. Risk Terminology
    2. Laws, Mandates, and Regulations
    3. Risk Assessment Best Practices
    4. Understanding the IT Security Process
    5. The Goals and Objectives of a Risk Assessment
    6. Summary
    7. Key Terms
  10. Risk-Assessment Methodologies
    1. Risk-Assessment Terminology
    2. Quantitative and Qualitative Risk-Assessment Approaches
    3. Best Practices for Quantitative and Qualitative Risk Assessment
    4. Choosing the Best Risk-Assessment Approach
    5. Common Risk-Assessment Methodologies and Templates
    6. Summary
    7. Key Terms
  11. Scoping the Project
    1. Defining the Scope of the Assessment
    2. Reviewing Critical Systems and Information
    3. Compiling the Needed Documentation
    4. Making Sure You Are Ready to Begin
    5. Summary
    6. Key Terms
  12. Understanding the Attacker
    1. Who Are the Attackers?
    2. What Do Attackers Do?
    3. Reducing the Risk of an Attack
    4. How to Respond to an Attack
    5. Summary
    6. Key Terms
  13. Performing the Assessment
    1. Introducing the Assessment Process
    2. Level I Assessments
    3. Level II Assessments
    4. Level III Assessments
    5. Summary
    6. Key Terms
  14. Tools Used for Assessments and Evaluations
    1. A Brief History of Security Tools
    2. Putting Together a Toolkit
    3. Determining What Tools to Use
    4. Summary
    5. Key Terms
  15. Preparing the Final Report
    1. Preparing for Analysis
    2. Ranking Your Findings
    3. Building the Final Report
    4. Contents of a Good Report
    5. Determining the Next Step
    6. Audit and Compliance
    7. Summary
    8. Key Terms
  16. Post-Assessment Activities
    1. IT Security Architecture and Framework
    2. Roles, Responsibilities, and Accountabilities
    3. Security Incident Response Team (SIRT)
    4. Vulnerability Management
    5. Training IT Staff and End Users
    6. Summary
    7. Key Terms
  17. Security Assessment Resources
    1. Security Standards
    2. General Security Websites
    3. Security Tool Websites
  18. Security Assessment Forms
    1. Information Request Form
    2. Document Tracking Form
    3. Critical Systems and Information Forms
    4. Level II Assessment Forms
  19. Security Assessment Sample Report
    1. Notice
    2. Executive Summary
    3. Introduction
    4. Statement of Work
    5. Analysis
    6. Recommendations
    7. Conclusions
  20. Dealing with Consultants and Outside Vendors
    1. Procurement Terminology
    2. Typical RFP Procurement Steps
    3. Procurement Best Practices
  21. SIRT Team Report Format Template
    1. SIRT Incident Report
  22. Index