Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure :: Электронная библиотека попечительского совета мехмата МГУ

Главная Ex Libris Книги Журналы Статьи Серии Каталог Wanted Загрузка ХудЛит Справка Поиск по индексам Поиск Форум

Авторизация

Поиск по указателям

Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure

Обсудите книгу на научном форуме

Нашли опечатку?
Выделите ее мышкой и нажмите Ctrl+Enter

Название: Inside Network Security Assessment: Guarding your IT Infrastructure

Авторы: Gregg M., Kim D.

Аннотация:

As an IT professional, you need to know how to perform network security assessments. Inside Network Security Assessments: A Brick by Brick Approach to Securing a Network Infrastructure is a collection of utilities and templates that will take you through the assessment process. Written by two highly qualified authors with close ties to the International Information Systems Security Certification Consortium, this book was developed with the goal of being a text for the CISSP continuing education class on Network Security Assessment. You will be provided with step-by-step training on assessing security, from paperwork to penetration testing to ethical hacking. The supporting website will also provide you with access to a variety of tools, checklists, and templates to make your job even easier. You'll save everyone time and money by learning to perform security assessments yourself with the help of Inside Network Security Assessment.

Язык:

Рубрика: Технология/

Статус предметного указателя: Готов указатель с номерами страниц

ed2k: ed2k stats

Год издания: 2005

Количество страниц: 336

Добавлена в каталог: 20.08.2007

Операции: Положить на полку | Скопировать ссылку для форума | Скопировать ID

Предметный указатель

Policy
policy assessments      [See level I assessments]
policy control
policy control categories, table of
policy control, categories and classes, table of
policy control, defined
policy control, purpose of
policy control, ratings system for
policy control, risk score calculation, in
policy document categories      2nd
policy, risk assessment
policy, risk assessment as design basis
port knocking      2nd
port scanning
port scanning, attacker use of
port scanning, countermeasures for
port scanning, defined
port scanning, hacker use of
port scanning, inverse SYN cookies      2nd
port scanning, Nmap
port scanning, Scanrand
port scanning, stateless scanning
port scanning, SuperScan
port scanning, TCP handshakes
port scanning, TCP scan techniques
port scanning, THC-Amap
port scanning, urls for tools
Ports
ports, defined
post assessment activities
post assessment activities, defined
post assessment recommendation      2nd
post-assessment activities
post-assessment activities, assigning responsibilities      [See responsibility assignments]
post-assessment activities, documentation      [See IT security architecture and framework]
post-assessment activities, legal compliance, importance of
post-assessment activities, managing vulnerabilities      [See vulnerability management]
post-assessment activities, overview of      2nd
post-assessment activities, response procedures      2nd
post-assessment activities, response teams      [See SIRT]
post-assessment activities, staff      [See training staff]
post-assessment activities, summary of      2nd
Pretty Good Privacy (PGP)
prevention element of security as a process
Privacy
privacy, GLBA requirements
privacy, legal issues
privacy, medical confidentiality      2nd
Private information
private information, defined
privilege escalation      [See also escalation stage of attacks]
privilege escalation, defined
privilege escalation, disgruntled employee threat
probability scales      2nd 3rd
Procedures
procedures governing vulnerability assessments      2nd
procedures, defined
procurement
procurement, announcing bids
procurement, award announcements
procurement, best practices      2nd 3rd 4th
procurement, bid document creation
procurement, bidders conferences
procurement, consultants v. vendors
procurement, contract completion
procurement, due dates for RFPs
procurement, evaluation completion
procurement, evaluation methodology for RFPs
procurement, evaluation teams, RFP
procurement, fixed fee contracts
procurement, format development for RFPs
procurement, format specification
procurement, instruction creation
procurement, invitations to bid
procurement, letters of understanding
procurement, mandatory minimum requirements reviews
procurement, objectivity
procurement, performance guarantees
procurement, personality issues
procurement, product tie-in issues
procurement, project teams, RFP
procurement, protest periods
procurement, rates negotiations
procurement, references
procurement, requests for information
procurement, requests for proposals      2nd 3rd 4th 5th 6th 7th
procurement, requests for quotations
procurement, requirements creation, RFP
procurement, resources required by consultants
procurement, resumes of individuals
procurement, selection criteria creation
procurement, statements of work      2nd
procurement, steps in      2nd 3rd 4th 5th 6th
procurement, terminology      2nd 3rd
productivity losses
program crackers
program crackers, defined
Project management
project management, scope definition      2nd
proportionality
proportionality, defined
Public Company Accounting Oversight Board (PCAOB)
public information
public information, defined
Public key encryption
publicly traded corporations security law      [See Sarbanes-Oxley Act]
qualitative analysis
qualitative analysis, defined      2nd
qualitative assessments
qualitative assessments, defined
qualitative risk assessment approaches
qualitative risk assessment approaches, advantages of
qualitative risk assessment approaches, best practices      2nd
qualitative risk assessment approaches, data classification standards for
qualitative risk assessment approaches, defined
qualitative risk assessment approaches, purpose of
qualitative risk assessment approaches, sample scenario      2nd
qualitative risk assessment approaches, team membership
qualitative type assesments
qualitative valuations
qualitative valuations, assigned
quantitative risk assessment approaches
quantitative risk assessment approaches, advantages of
quantitative risk assessment approaches, ALE calculation step      2nd
quantitative risk assessment approaches, Annualized Loss Expectancy
quantitative risk assessment approaches, Annualized Rate of Occurrence (ARO)
quantitative risk assessment approaches, ARO calculation step
quantitative risk assessment approaches, asset identification
quantitative risk assessment approaches, assets value determination
quantitative risk assessment approaches, best practices      2nd
quantitative risk assessment approaches, data needed for
quantitative risk assessment approaches, defined
quantitative risk assessment approaches, exposure factor scaling
quantitative risk assessment approaches, exposure factor valuation
quantitative risk assessment approaches, Single Loss Expectancy
quantitative risk assessment approaches, single loss expectancy calculation      2nd 3rd
quantitative risk assessment approaches, steps in
quantitative risk assessment approaches, threat likelihood
quantitative valuations
quantitative valuations, assigned
RAID (redundant array of inexpensive disks)
RAID (redundant array of inexpensive disks), defined
Rainbow Series
Rainbow series, DoD
Rainbow series, DoD, urls for
Rainbow Series, system assurance aspect of
Rainbowcrack
RainbowCrack technique
rate limiting network traffic
raw risk

raw risk, calculating      2nd
raw risk, components of
raw risk, defined
raw risk, impact rating      2nd
raw risk, presentation of
raw risk, probability scales
raw risk, rankings matrices
raw risk, risk score calculation, in
raw risk, subjectivity of
raw risk, total risk score
RBAC (role-based access control)      2nd
reciprocation-based social engineering
recommendations sections
reconnaissance tools      2nd 3rd 4th 5th
red teams      2nd 3rd
red-team exercises      [See network vulnerability assessments]
regulatory documents
remote access areas      2nd 3rd
reports
reports, final      [See final reports]
reports, SIRT incident reports
requests for information (RFIs)
requests for proposals (RFPs)      [See RFPs (requests for proposals)]
requests for quotations (RFQs)
residual risk
residual risk, defined
responding to attacks      2nd
response element of security as a process      2nd
responses to risks, types of      2nd
responsibility assignments
responsibility assignments, department placement
responsibility assignments, LAN areas      2nd
responsibility assignments, LAN-to-WAN areas      2nd 3rd
responsibility assignments, remote access areas      2nd 3rd
responsibility assignments, requirements list      2nd
responsibility assignments, separation of duties
responsibility assignments, seven areas of      2nd 3rd 4th 5th 6th 7th
responsibility assignments, systems/applications areas      2nd 3rd
responsibility assignments, user areas      2nd
responsibility assignments, WAN areas      2nd 3rd
responsibility assignments, workstation areas      2nd
responsibility for policies, defining
retina
reverse DNS lookup
reviewing documentation
reviewing documentation, acceptance of policies by employees
reviewing documentation, account management      2nd
reviewing documentation, change management
reviewing documentation, COBIT
reviewing documentation, common policy problems      2nd 3rd
reviewing documentation, communication security
reviewing documentation, configuration management      2nd
reviewing documentation, contingency planning      2nd
reviewing documentation, data custodians
reviewing documentation, data owners
reviewing documentation, education training and awareness      2nd
reviewing documentation, guidelines for      2nd
reviewing documentation, identification and authentication controls      2nd
reviewing documentation, INFOSEC documentation      2nd
reviewing documentation, ISO 17799      2nd
reviewing documentation, labeling systems
reviewing documentation, maintenance
reviewing documentation, malicious code protection category
reviewing documentation, management controls      2nd 3rd 4th 5th
reviewing documentation, media controls      2nd
reviewing documentation, networking connectivity
reviewing documentation, operational controls      2nd 3rd 4th
reviewing documentation, period reviews of policies
reviewing documentation, personal security
reviewing documentation, physical security
reviewing documentation, policy development
reviewing documentation, RFC 2196
reviewing documentation, roles and responsibilities      2nd
reviewing documentation, scheduling implementation
reviewing documentation, security auditing
reviewing documentation, security auditors
reviewing documentation, session controls      2nd
reviewing documentation, system assurance      2nd
reviewing documentation, technical controls      2nd 3rd 4th 5th 6th
reviewing documentation, testing
reviewing documentation, users
RFC 2196
RFC 2196, reviewing documentation
RFC-2196
RFC-2196, purpose of
RFIs (requests for information)
RFPs (requests for proposals)
RFPs (requests for proposals), award announcements
RFPs (requests for proposals), bid document creation
RFPs (requests for proposals), bidders conferences
RFPs (requests for proposals), contract completion
RFPs (requests for proposals), defined
RFPs (requests for proposals), due dates for
RFPs (requests for proposals), evaluation completion
RFPs (requests for proposals), evaluation methodology
RFPs (requests for proposals), evaluation team assembly
RFPs (requests for proposals), format development
RFPs (requests for proposals), importance of
RFPs (requests for proposals), instructions for
RFPs (requests for proposals), intent to submit response, submitting
RFPs (requests for proposals), mandatory minimum requirements reviews
RFPs (requests for proposals), objective of
RFPs (requests for proposals), project team assembly
RFPs (requests for proposals), protest periods
RFPs (requests for proposals), public announcements of
RFPs (requests for proposals), requirements creation
RFQs (requests for quotations)
Rijndael      2nd
Risk
risk acceptance
risk acceptance, defined
Risk analysis
risk analysis approach to assessments
risk analysis approach to assessments, life cycle of      2nd
risk analysis, attacker use of      2nd
risk analysis, defined
Risk assessment
risk assessment methodologies
risk assessment methodologies, asset valuation approach      2nd 3rd
risk assessment methodologies, defense-in-depth approach      2nd 3rd
risk assessment methodologies, overview      2nd
risk assessment methodologies, qualitative approach      2nd 3rd 4th 5th
risk assessment methodologies, quantitative approach      2nd 3rd 4th 5th
risk assessment methodologies, quantitative v. qualitative approaches      2nd
risk assessment methodologies, requirements      2nd
risk assessment methodologies, risk analysis approach      2nd
risk assessment methodologies, risk management      2nd
risk assessment methodologies, threats, listing
risk assessment methologies
risk assessment methologies, bottom-up approach      2nd
risk assessment methologies, hybrid approach      2nd
risk assessment methologies, ISO 17799      2nd 3rd
risk assessment methologies, NIST 800-26      2nd
risk assessment methologies, OSSTMM      2nd 3rd
risk assessment methologies, summary      2nd
risk assessment methologies, templates for      2nd 3rd 4th
risk assessment methologies, top-down approach      2nd
risk assessment process
risk assessment process, defined
risk assessment process, flow diagram
risk assessment process, reasons for developing
risk assessment process, timing of, key points      2nd
risk assessment terminology
risk assessment terminology, acceptable risk
risk assessment terminology, countermeasures
risk assessment terminology, exposure
risk assessment terminology, overview      2nd
risk assessment terminology, residual risk
risk assessment terminology, risk analysis
risk assessment terminology, risk management

1 2 3 4 5 6 7

О проекте