Authors: Thomas R. Peltier.
Paperback, 312 pages
Publisher: Auerbach Publications
Publication Date: 2001-12-20
Edition: 1

Reviews :

    By definition, information security exists to protect your organization's valuable information resources. But too often information security efforts are viewed as thwarting business objectives. An effective information security program preserves your information assets and helps you meet business objectives. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management provides the tools you need to select, develop, and apply a security program that will be seen not as a nuisance but as a means to meeting your organization's goals.Divided into three major sections, the book covers: writing policies, writing procedures, and writing standards. Each section begins with a definition of terminology and concepts and a presentation of document structures. You can apply each section separately as needed, or you can use the entire text as a whole to form a comprehensive set of documents. The book contains checklists, sample policies, procedures, standards, guidelines, and a synopsis of British Standard 7799 and ISO 17799.Peltier provides you with the tools you need to develop policies, procedures, and standards. He demonstrates the importance of a clear, concise, and well-written security program. His examination of recommended industry best practices illustrates how they can be customized to fit any organization's needs. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management helps you create and implement information security procedures that will improve every aspect of your enterprise's activities....

Authors:
Paperback, 464 pages
Publisher: AUERBACH
Publication Date: 2002-01-23
Edition: 1

Reviews :

    This is a comprehensive, highly usable, and clearly organized field manual of the issues, tools, and control techniques that audit, law enforcement, and infosecurity professionals need to know to successfully investigate illegal activities perpetrated through the use of information technology. All of the forensic audit routines discussed throughout the book are included on a CD-ROM, which is included with the book. With the ready-made audit routines included in the appendix, the reader can immediately implement field audits. The step-by-step design allows the reader to gain comprehension of how the routines are developed, and how they can be applied in an audit/investigative situation....

Authors: Leslie M. Orchard.
Paperback, 602 pages
Publisher: Wiley
Publication Date: 2005-09-09


Reviews :

    Now you can satisfy your appetite for information

This book is not about the minutia of RSS and Atom programming. It's about doing cool stuff with syndication feeds-making the technology give you exactly what you want the way you want. It's about building a feed aggregator and routing feeds to your e-mail or iPod, producing and hosting feeds, filtering, sifting, and blending them, and much more. Tan-talizing loose ends beg you to create more hacks the author hasn't thought up yet. Because if you can't have fun with the technology, what's the point?

A sampler platter of things you'll learn to do

• Build a simple feed aggregator
• Add feeds to your buddy list
• Tune into rich media feeds with BitTorrent
• Monitor system logs and events with feeds
• Scrape feeds from old-fashioned Web sites
• Reroute mailing lists into your aggregator
• Distill popular links from blogs
• Republish feed headlines on your Web site
• Extend feeds using calendar events and microformats

...

Authors: Brian T. Contos. Colby Derodeff. William P. Crowell. Dan Dunkel.
Paperback, 448 pages
Publisher: Syngress
Publication Date: 2007-05-13
Edition: 1

Reviews :

    While physical and logical security disciplines are disparate, today's threats are such that they need to be addressed in tandem. Gone are the days when there was little to no communication between the IT and physical security staff. Fraud investigation, complex incident analysis, remediation and incident tracking are just a few of the areas where synergies between these groups can be leveraged.

Just as security has evolved from just the perimeter to now include strategies for insider threats, convergence is the next phase of evolution in enterprise-level security incident prevention, detection and management. The most extensible, scalable and robust solution for addressing this convergence is enterprise security management (ESM). The same capabilities ESM utilizes for correlation, anomaly detection, pattern discovery, reporting, investigation and remediation within the IT security realm can also be applied to and converged with, physical security solutions. Organizations are learning that operational efficiencies are amplified by convergence, yielding a positive impact on return on investment (ROI).

Additionally, they are finding that their overall security posture is improved by reducing risk and leading to a more solid return on security investment (ROSI). The global security climate has changed with terrorists, organized crime groups, nation-state threats and so forth. Organizations must continue to adapt to these trends with solutions and countermeasures that are capable of merging these disciplines. Enterprise security management (ESM) solutions can be the core for such convergence, thus allowing organizations to mitigate the risks in a holistic and efficient manner. Before the advent of ESM, convergence was brute force at best. Today, the technology is up to the challenge, and many organizations have already achieved success.

...

Authors: Christopher LT Brown.
Paperback, 416 pages
Publisher: Charles River Media
Publication Date: 2005-10-03
Edition: 1

Reviews :

    Learn to Collect Digital Artifacts and Ensure Evidence Acceptance!

Computer Evidence: Collection and Preservation teaches law enforcement and computer forensics investigators how to identify, collect, and maintain digital artifacts to preserve their reliability for admission as evidence. The book focuses on collection and preservation because these two phases of computer forensics are the most critical to evidence acceptance, but are not thoroughly covered in text or courses. Throughout the book, a constant eye is kept on evidence dynamics and the impact investigators can have on data integrity while collecting evidence. The simple act of a computer forensics investigator shutting down a suspect’s computer changes the state of the computer as well as many of its fi les, so a good understanding of evidence dynamics is essential when doing computer forensics work. Broken up into five parts, Computer Forensics & Evidence Dynamics, Information Systems, Data Storage Systems & Media, Artifact Collection, and Archiving & Maintaining Evidence, the book places specific focus on how investigators and their tools are interacting with digital evidence. By reading and using this task-oriented guide, computer forensics investigators will be able to ensure case integrity during the most crucial phases of the computer forensics process.

KEY FEATURES * Provides a practical fi eld guide to evidence collection and preservation that will help maintain evidence acceptability * Covers key areas such as rules of evidence, evidence dynamics, network topologies, collecting volatile data, imaging methodologies, and forensics labs and workstations * Teaches criminal investigators everything they need to know to ensure the integrity of their digital evidence * Includes a CD-ROM with several demo and freeware software applications as well as document templates, worksheets, and references * Includes a CD-ROM with several demo and freeware software applications as well as document templates, worksheets, and references On the CD! * DRIVE HEALTH: Contains a demo version of this IDE disk-monitoring application * CRYPTCAT: Contains this freeware application to create secure TCP/IP data channels * MARESWARE: Provides demo utilities from Mares and Company LLC, which are useful for scripting large-batch forensic operations * LANSURVEYOR: Contains a demo version of this software for mapping networks through various automatic discovery methods * PRODISCOVER FORENSICS EDITION: Includes a demo version of this disk-imaging and analysis suite * SYSINTERNALS: Contains three freeware utility applications (PSList, PSInfo, and PSLoggedon) useful in batch file volatitle data collection * WINHEX: Provides a demo version of the WinHex raw fi le and disk editor * FORMS: Includes digital copies of the sample forms provided in the book * FIGURES: Includes all of the fi gures from the book by chapter

SYSTEM REQUIREMENTS: Pentium class CPU or later; Windows 98SE / NT / 2000 / XP/2003; Web browser; 128MB of memory; 128MB of available disk space; CD-ROM or DVD-ROM drive; VGA monitor or high-resolution monitor; keyboard and mouse, or other pointing device....

Authors: Aaron W. Bayles. Chris Hurley. Johnny Long. Ed Brindley. James C. Foster. Christopher W. Klaus.
Paperback, 448 pages
Publisher: Syngress
Publication Date: 2005-04-01
Edition: 1

Reviews :

    A Technical Guide to Landing (and Keeping) a Job in the Information Security Field Do you analyze every packet that crosses your home network just because you can? Do you spend countless hours coding applications for the sheer joy and challenge? Do you have a coin jar labeled "Trip to DEFCON/Black Hat Fund"? If you want to refine those skills to land a top InfoSec job and employer-funded trip to Vegas next year, you've come to the right place. The authors of this book have all succeeded in applying their inherent hacker skills to build successful InfoSec careers. From them you will learn about the variety of available jobs and the skills required to excel in each one. Also, the authors provide advice on how to develop the necessary management and personal skills required to hack your way to the top.

• Determine What You Want to Be When You Grow Up (or at Least Get Older) See how the InfoSec field has matured, and decide if this is the life for you.
• Social Engineering for Profit Use both your people and research skills to perform reconnaissance on the InfoSec job market.
• Choose the Right Path Learn what certifications, work experience, and education are required (or not) to land your dream job.
• There's No Place Like Home for a Test Lab! Build a fully functional test lab and attack machine in your basement to fine-tune both your attack and defense skills.
• Learn the Laws of Security Master the ten guiding principles of information security to outwit malicious hackers in the real world.
• Know Your Enemies Identify and understand the classes of attack: denial of service, information leakage, regular file access, misinformation, special file/database access, remote arbitrary code execution, elevation of privileges.
• Feeling Vulnerable? Navigate the dangerous waters of vulnerability disclosure from nondisclosure to full disclosure.
• Don't Trip the Sensors Use your l337 H4x0r skillz to assimilate into the workplace and hack the corporate ladder.
• Master Incident Response Develop contingency plans to put out fires in the workplace without getting burned.
• Install Your Career Rootkit Since you got there, you might as well stay there!
Part I: Recon/Assessment Chapter 1: The Targets-What I Want to Be When I Grow Up (or at Least Get Older) Chapter 2: Reconnaissance: Social Engineering for Profit Chapter 3: Enumerate: Determine What's Out There Chapter 4: First Strike: Basic Tactics for Successful Exploitation Part II: Technical Skills Chapter 5: The Laws of Security Chapter 6: No Place Like /home-Creating an Attack Lab Chapter 7: Vulnerability Disclosure Chapter 8: Classes of Attack Part III: On the Job Chapter 9: Don't Trip the Sensors: Integrate and Imitate Chapter 10: Vulnerability Remediation--Work Within the System Chapter 11: Incident Response--Putting Out Fires Without Getting Burned Chapter 12: Rooting: Show Me the Money!...

Authors: Charles Miller. Dino Dai Zovi.
Paperback, 372 pages
Publisher: Wiley
Publication Date: 2009-02-24
Edition: Pap/Onl

Reviews :

    As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof-of-concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system—and how to deal with them. Written by two white hat hackers, this book is aimed at making vital information known so that you can find ways to secure your Mac OS X systems, and examines the sorts of attacks that are prevented by Leopard’s security defenses, what attacks aren’t, and how to best handle those weaknesses....

Authors: CPP, CFE, PCI, Eugene F. Ferraro.
Hardcover, 600 pages
Publisher: Auerbach Publications
Publication Date: 2005-07-15
Edition: 1

Reviews :

    Confronted with the opposing demands of loss prevention, asset protection, and ever expanding employee rights issues, security professionals, lawyers, and human resource directors need to understand the process of investigation and know how to properly conduct internal investigations. Investigations in the Workplace targets both the private security professional and the consumer of corporate investigative services. The text provides the tools necessary to serve the reader who is contemplating an internal investigation for the first time, or one who conducts them regularly. The book's modern case studies, statistics, checklists, and references make it an authoritative reference on the subject....

Authors: Kris Kaspersky.
Paperback, 600 pages
Publisher: A-List Publishing
Publication Date: 2003-04-01


Reviews :

    ...

Authors: Michael Hyatt.
Hardcover, 279 pages
Publisher: Regnery Publishing, Inc.
Publication Date: 2001-03-25


Reviews :

    From best-selling author and leading consumer advocate Michael Hyatt comes a startling report of how the government, industry, individuals, and interest groups have access to personal information about you. Fortunately Invasion of Privacy: How to Protect Yourself in the Digital Age contains valuable information about what you can do to protect yourself. ...