You are previewing The Business Case For Network Security: Advocacy, Governance, And Roi.
O'Reilly logo
The Business Case For Network Security: Advocacy, Governance, And Roi

Book Description

Understand the total cost of ownership and return on investment for network security solutions

  • Understand what motivates hackers and how to classify threats

  • Learn how to recognize common vulnerabilities and common types of attacks

  • Examine modern day security systems, devices, and mitigation techniques

  • Integrate policies and personnel with security equipment to effectively lessen security risks

  • Analyze the greater implications of security breaches facing corporations and executives today

  • Understand the governance aspects of network security to help implement a climate of change throughout your organization

  • Learn how to qualify your organization’s aversion to risk

  • Quantify the hard costs of attacks versus the cost of security technology investment to determine ROI

  • Learn the essential elements of security policy development and how to continually assess security needs and vulnerabilities

  • The Business Case for Network Security: Advocacy, Governance, and ROI addresses the needs of networking professionals and business executives who seek to assess their organization’s risks and objectively quantify both costs and cost savings related to network security technology investments. This book covers the latest topics in network attacks and security. It includes a detailed security-minded examination of return on investment (ROI) and associated financial methodologies that yield both objective and subjective data. The book also introduces and explores the concept of return on prevention (ROP) and discusses the greater implications currently facing corporations, including governance and the fundamental importance of security, for senior executives and the board.

    Making technical issues accessible, this book presents an overview of security technologies that uses a holistic and objective model to quantify issues such as ROI, total cost of ownership (TCO), and risk tolerance. This book explores capital expenditures and fixed and variable costs, such as maintenance and upgrades, to determine a realistic TCO figure, which in turn is used as the foundation in calculating ROI. The importance of security policies addressing such issues as Internet usage, remote-access usage, and incident reporting is also discussed, acknowledging that the most comprehensive security equipment will not protect an organization if it is poorly configured, implemented, or used. Quick reference sheets and worksheets, included in the appendixes, provide technology reviews and allow financial modeling exercises to be performed easily.

    An essential IT security-investing tool written from a business management perspective, The Business Case for Network Security: Advocacy, Governance, and ROI helps you determine the effective ROP for your business.

    This volume is in the Network Business Series offered by Cisco Press®. Books in this series provide IT executives, decision makers, and networking professionals with pertinent information about today’s most important technologies and business strategies.

    Table of Contents

    1. About This eBook
    2. Title Page
    3. Copyright Page
    4. About the Authors
    5. About the Technical Reviewers
    6. Dedications
    7. Acknowledgments
    8. Contents at a Glance
    9. Contents
    10. Icons Used in This Book
    11. Introduction
    12. Part I: Vulnerabilities and Technologies
      1. Chapter 1. Hackers and Threats
        1. Contending with Vulnerability
        2. Analyzing Hacking
        3. Threats Classification
        4. The Future of Hacking and Security
        5. Summary
        6. End Notes
      2. Chapter 2. Crucial Need for Security: Vulnerabilities and Attacks
        1. Recognizing Vulnerabilities
        2. Categories of Attacks
        3. Additional Common Attacks
        4. Wireless Intrusions
        5. Social Engineering
        6. Summary of Attacks
        7. Cisco SAFE Axioms
        8. Summary
      3. Chapter 3. Security Technology and Related Equipment
        1. Virus Protection
        2. Traffic Filtering and Firewalls
        3. Encryption
        4. Authentication, Authorization, and Accounting: AAA
        5. Public Key Infrastructure
        6. From Detection to Prevention: Intrusion-Detection Systems and Intrusion-Prevention Systems
        7. Content Filtering
        8. Assessment and Audit
        9. Additional Mitigation Methods
        10. Summary
        11. End Notes
      4. Chapter 4. Putting It All Together: Threats and Security Equipment
        1. Threats, Targets, and Trends
        2. Lowering Risk Exposure
        3. Security Topologies
        4. Summary
    13. Part II: Human and Financial Issues
      1. Chapter 5. Policy, Personnel, and Equipment as Security Enablers
        1. Securing the Organization: Equipment and Access
        2. Managing the Availability and Integrity of Operations
        3. Implementing New Software and Privacy Concerns
        4. Regulating Interactivity Through Information and Equipment Control
        5. Mobilizing the Human Element: Creating a Secure Culture
        6. Creating Guidelines Through the Establishment of Procedural Requirements
        7. Determining Rules and Defining Compliance
        8. Securing the Future: Business Continuity Planning
        9. Ensuring a Successful Security Policy Approach
        10. Surveying IT Management
        11. Summary
      2. Chapter 6. A Matter of Governance: Taking Security to the Board
        1. Security—A Governance Issue
        2. Directing Security Initiatives
        3. Establishing a Secure Culture
        4. Involving the Board
        5. Summary
        6. End Notes
      3. Chapter 7. Creating Demand for the Security Proposal: IT Management's Role
        1. Delivering the Security Message to Executive Management
        2. Recognizing the Goals of the Corporation
        3. Outlining Methods IT Managers Can Use to Engage the Organization
        4. Assessing Senior Business Management Security Requirements
        5. Summary
      4. Chapter 8. Risk Aversion and Security Topologies
        1. Risk Aversion
        2. Risk-Aversion Quotient
        3. Security Modeling
        4. Diminishing Returns
        5. Summary
      5. Chapter 9. Return on Prevention: Investing in Capital Assets
        1. Examining Cost of Attacks
        2. Budgeting for Security Equipment
        3. Analyzing Returns on Security Capital Investments
        4. Acknowledging Nonmathematical Security Fundamentals
        5. Summary
        6. End Notes
    14. Part III: Policies and Future
      1. Chapter 10. Essential Elements of Security Policy Development
        1. Determining Required Policies
        2. Constructing Reliable and Sound Policies
        3. Using Policy Tools and Policy Implementation Considerations
        4. Performing Comprehensive Monitoring
        5. Knowing Policy Types
        6. Handling Incidents
        7. Summary
      2. Chapter 11. Security Is a Living Process
        1. Security Wheel
        2. Scalability
        3. Jurisprudence
        4. SWOT: Strengths, Weaknesses, Opportunities, and Threats
        5. Summary
        6. End Note
    15. Part IV: Appendixes
      1. Appendix A. References
      2. Appendix B. OSI Model, Internet Protocol, and Packets
        1. OSI Model
        2. Internet Protocol
        3. IP Packet
      3. Appendix C. Quick Guides to Security Technologies
        1. Cheat Sheet 1: Routers
        2. Cheat Sheet 2: Hubs and Switches
        3. Cheat Sheet 3: Perimeter Routers and Firewalls
        4. Cheat Sheet 4: Intrusion-Detection Systems
        5. Cheat Sheet 5: Virtual Private Networks and Authentication
        6. Cheat Sheet 6: Comprehensive Security Topology
      4. Appendix D. Return on Prevention Calculations Reference Sheets
        1. Security Costs Calculations
        2. Financial Value Calculations
    16. Glossary
    17. Index