|
|
 |
| Авторизация |
|
|
|
| Поиск по указателям |
|
|
|
|
|
|
|
 |
|
|
|
| Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure |
|
|
|
| Предметный указатель |
risk assessment terminology, safeguards
risk assessment, defined
risk assessments
risk assessments, asset types 2nd
risk assessments, asset valuations
risk assessments, assets
risk assessments, best practices 2nd 3rd 4th 5th
risk assessments, categorizing components based on criticality
risk assessments, CVE list for
risk assessments, detection element
risk assessments, elements of risk
risk assessments, final report preparation
risk assessments, FISMA requirments
risk assessments, fundamental problem of software
risk assessments, goals of 2nd
risk assessments, goals, setting 2nd
risk assessments, implementing organizational changes
risk assessments, importance of
risk assessments, inventorying assets
risk assessments, legal issue requirements
risk assessments, methodology identification
risk assessments, performance step
risk assessments, policy creation
risk assessments, prevention element
risk assessments, prioritizing recommendations
risk assessments, response element 2nd
risk assessments, Sarbanes-Oxley Act requirements
risk assessments, security as a process steps 2nd 3rd
risk assessments, security process definition goal 2nd 3rd
risk assessments, software patches
risk assessments, stages of vulnerability 2nd
risk assessments, standards for measuring
risk assessments, statistics on vulnerability
risk assessments, summary 2nd
risk assessments, threat types 2nd
risk assessments, threats 2nd
risk assessments, vulnerability 2nd
risk assessments, vulnerability types, list of
risk avoidance
risk avoidance, defined
Risk management
risk management, defined
risk management, ongoing
risk management, purpose of 2nd
risk management, system development phase
risk mitigation
risk mitigation, defined
risk score
risk score, defined
Risk scores
risk scores, calculating 2nd 3rd 4th 5th
risk scores, defined 2nd
risk scores, impact rating 2nd
risk scores, matrices for
risk scores, presentation of
risk scores, probability scales
risk scores, subjectivity
risk transference
risk transference, defined
risk, application systems as assets
risk, backup systems as assets
risk, defined 2nd
risk, documentation as assets
risk, elements of
risk, intellectual property as assets
risk, network systems as assets
risk, operating systems as assets
risk, security systems as assets
risk, server systems as assets
risk, telecommunication systems as assets
risk, threats as causes of 2nd 3rd
risk, vulnerability component of 2nd
risk, workstations as assets
rogue access points
rogue access points, defined
Role-based access control (RBAC) 2nd
Roles [See also responsibility assignments]
roles, LAN areas
roles, LAN-to-WAN areas
roles, remote access areas
roles, systems/applications areas
roles, WAN areas
roles, workstation areas
safeguards
safeguards, defined
SAINT
sample final reports [See final reports; templates for]
SANS
SANS, url for
SARA
Sarbanes-Oxley Act
Sarbanes-Oxley Act, authentication issues
Sarbanes-Oxley Act, certification of internal controls
Sarbanes-Oxley Act, COBIT
Sarbanes-Oxley Act, Control Environment
Sarbanes-Oxley Act, COSO
Sarbanes-Oxley Act, management structures requirements 2nd
Sarbanes-Oxley Act, monitoring requirements 2nd
Sarbanes-Oxley Act, network security
Sarbanes-Oxley Act, oversight of
Sarbanes-Oxley Act, PCAOB
Sarbanes-Oxley Act, physical security
Sarbanes-Oxley Act, purpose of
Sarbanes-Oxley Act, risk assessment requirements
Sarbanes-Oxley Act, scope of
Sarbanes-Oxley Act, Section 302
Sarbanes-Oxley Act, Section 404 2nd
Sarbanes-Oxley Act, security policies
Sarbanes-Oxley Act, security standards
Sarbanes-Oxley Act, segregation of duties
Sarbanes-Oxley Act, user account management
Sasser worm 2nd
SATAN (Security Administrator Tool for Analyzing Networks)
scanning tools 2nd 3rd 4th 5th
scanning tools, banner grabbing
scanning tools, inverse SYN cookies 2nd
scanning tools, network discovery
scanning tools, Nmap
scanning tools, OS identification 2nd
scanning tools, port scanning
scanning tools, Scanrand
scanning tools, stateless scanning
scanning tools, steps for using
scanning tools, SuperScan
scanning tools, TCP scan techniques
scanning tools, THC-Amap
scanning tools, urls for tools
scanning tools, Xprobe2
Scanrand 2nd
scarcity-based social engineering
scheduling issues
scheduling issues, overview of 2nd
scheduling issues, timeline construction 2nd
scheduling risk assessments
scheduling risk assessments, key points for 2nd
SCM (systems criticality matrix)
SCMs
SCMs (systems criticality matrices) 2nd 3rd
SCMs, final reports, including in
Scope
scope creep 2nd 3rd 4th
scope, administrative information for
scope, breaches in security as drivers
scope, business reasons for
scope, compliance as driver for
scope, critical systems identification
scope, defining for assessments, overview of 2nd
scope, driving events for defining 2nd 3rd
scope, due diligence as driver
scope, importance of
| scope, information request forms 2nd 3rd
scope, key personnel identification
scope, kickoff meetings 2nd 3rd
scope, legal information for
scope, logistical approval
scope, management, meeting with 2nd 3rd 4th
scope, merger events
scope, project management 2nd
scope, reviewing
scope, security information for
scope, staffing issues 2nd 3rd
scope, technical information for
scope, timeline construction 2nd 3rd
scope, written approvals for
SCORE (Security Consensus Operational Readiness Evaluation)
SCORE (Security Consensus Operational Readiness Evaluation), purpose of 2nd
screensaver locks
screensaver locks, defined
Script kiddies
script kiddies, defined
SEC filings
SEC filings, information-gathering with
second greatest threat 2nd
secret information
secret information, defined
Secure Shell (SSH)
Secure Sockets Layer (SSL)
Security
Security Administrator Tool for Analyzing Networks (SATAN)
security as a process
security as a process, defining 2nd 3rd
security as a process, detection element
security as a process, prevention element
security as a process, response element 2nd
security as a process, steps for 2nd 3rd
security assessment forms
security assessment forms, access options and controls template 2nd
security assessment forms, audit controls template
security assessment forms, document tracking form template 2nd
security assessment forms, information request form template 2nd 3rd 4th 5th
security assessment forms, level II assement form templates
security assessment forms, organization information criticality matrix
security assessment forms, password controls template
security assessment forms, systems criticality matrix
security auditing
security auditing, centralizing logging
security auditing, clipping levels
security auditing, coverage determination
security auditing, defined
security auditing, exporting audit logs
security auditing, log review policy
security auditing, process automation
security auditors
security auditors, defined
security audits
security audits, tool recommended for
security baselines
security baselines, final report recommendations on
security bulletins
security countermeasures [See countermeasures]
security defects
security defects, defined
security defects, hacker detection of
security design
security design, step in process
Security Incident Response Teams [See SIRTs]
security information for scope definition
security limits, hacker detection of
security systems
security systems, asset nature of
security tool web sites 2nd 3rd
security tools [See assessment tools]
security workflow definitions 2nd
security workflow definitions, defined
security workflow procedures 2nd
security, attack personnel [See attackers]
security, definition of
security-usability tradeoff graph
segregation of duties
segregation of duties, Sarbanes-Oxley Act on
Sensitive information
sensitive information, defined
separation of duties
separation of duties, defined
separation of duties, importance of
server systems
server systems, asset nature of
service level agreements
service level agreements, violations due to attacks
session controls
session controls, account lockouts
session controls, reviewing documentation 2nd
session controls, screensaver locks
session controls, system timeouts
session controls, warning banners
seven areas of information security
seven areas of information security, list of 2nd
sharing media
Simple Network Management Protocol [See SNMP]
single loss expectancy [See SLE (single loss expectancy)]
SIRT Team Incident Report template 2nd 3rd 4th 5th
SIRTs
SIRTs (Security Incident Response Teams)
SIRTs (Security Incident Response Teams), purpose of
SIRTs (Security Incident Response Teams), responding to attacks 2nd
SIRTs, authority required by
SIRTs, composition of
SIRTs, confidentiality agreements for
SIRTs, documentation
SIRTs, purpose of 2nd
SIRTs, reports
SIRTs, response procedures 2nd
SIRTs, team leader responsibilities
SiteDigger
SLAs [See Software Licensing Agreements]
SLAs (service level agreements)
SLAs (service level agreements), defined
SLE (Single Loss Expectancy)
SLE (single loss expectancy), calculating 2nd 3rd
SLE (single loss expectancy), defined
SLEs (Single Loss Expectancies)
SLEs (Single Loss Expectancies), defined
SMART process
SMART process, defined
Smurf attack 2nd
sniffers
sniffers, defined
SNMP (Simple Network Management Protocol) 2nd
SNMP (Simple Network Management Protocol), community strings
SNMP (Simple Network Management Protocol), defined
SNMP (Simple Network Management Protocol), probing
Snort
Social engineering 2nd 3rd
social engineering, defined 2nd
social engineering, phishing attacks
social validation
SOCs (security operations centers)
SOCs (security operations centers), defined
software bugs
software bugs, defined
software flaws
software flaws, defined
Software Licensing Agreements (SLAs)
Software Licensing Agreements (SLAs), disclaimers, reasons for
software patches
software patches, defined
software patches, time to patch problem 2nd
software vulnerabilities
software vulnerabilities, hacker knowledge of of
software vulnerability standards
|
|
|
| Реклама |
|
|
|
|
|
О проекте