Synopses & Reviews
Securing E-Business Systems takes a pragmatic approach to a highly complex and ever-changing subject-the security of e-business networks and IT systems. With new threats, new dangers, and new capabilities arising virtually daily, keeping systems secure can be a challenge. This book proposes a new approach to e-business security, an approach founded on good management and built-in adaptability.
A successful e-business must be capable of managing the myriad risks associated with its growing dependency on information and communications technology by ensuring the continued integrity of its information, processes, and supporting IT infrastructure. Securing E-Business Systems presents a model for a proactive program of security administration that remains constantly alert for new vulnerabilities and capable of rapidly employing safeguards.
Timothy Braithwaite presents persuasive reasons why all e-businesses should control and manage IT security just as strictly and as thoughtfully as they would any other component of the company. He also offers methods and ideas that will help managers establish and sustain security management processes and procedures that will outlive the crisis of the moment and adapt to the changing security needs of an e-business over time.
For managers and executives concerned with the security of their e-business, Securing E-Business Systems offers unparalleled guidance, practical plans, and expert information on all the major issues, including:
* Components of an e-business infrastructure and the corresponding areas of greatest risk
* Oversight review models to ensure that e-business applications are designed, programmed, integrated, tested, and implemented with risk and security in mind
* Tips on justifying the expenditures required to establish and administer a program of effective and efficient e-business security controls
* Emerging liability issues that may arise from lack of security
* Best practices, sample guidelines, and ready-to-use forms and checklists
Review
"...to be recommended as a as an IT security handbook..." (Information Age, August 2002)
"...covers the full gamut of security threats..." (Infoconomy, 5 September 2002)
“…a timely and valuable introduction to the fourth generation of cellular networks…(Infoconomy, 1 August 2002)
Synopsis
The essential guide to e-business security for managers and IT professionals
Securing E-Business Systems provides business managers and executives with an overview of the components of an effective e-business infrastructure, the areas of greatest risk, and best practices safeguards. It outlines a security strategy that allows the identification of new vulnerabilities, assists in rapid safeguard deployment, and provides for continuous safeguard evaluation and modification. The book thoroughly outlines a proactive and evolving security strategy and provides a methodology for ensuring that applications are designed with security in mind. It discusses emerging liabilities issues and includes security best practices, guidelines, and sample policies. This is the bible of e-business security.
Timothy Braithwaite (Columbus, MD) is Deputy Director of Information Assurance Programs for Titan Corporation. He has managed data centers, software projects, systems planning, and budgeting organizations, and has extensive experience in project and acquisition management. He is also the author of Y2K Lessons Learned (Wiley: 0-471-37308-7).
Synopsis
Dieser praktische Leitfaden gibt einen aktuellen berblick ber die Komponenten einer effektiven E-Business Infrastruktur, ber Bereiche mit dem gr ten Sicherheitsrisiko und Best Practices im Bereich von Sicherheitsvorkehrungen.
Er erl utert eine proaktive und sich weiterentwickelnde Sicherheitsstrategie, die es erm glicht, neue Sicherheitsl cken zu erkennen, rasch wirksame Sicherheitsma nahmen umzusetzen und st ndige Sicherheitspr fungen und -anpassungen vorzunehmen.
Securing E-Business Systems vermittelt eine Methode, die gew hrleistet, dass alle Anwendungen auf der Basis ausgekl gelter Sicherheitsma st be entwickelt werden.
Diskutiert dar ber hinaus immer h ufiger auftretende Haftungsfragen.
Securing E-Business Systems ist der ultimative Leitfaden f r mehr Sicherheit im E-Business f r Manager und F hrungskr fte.
Mit einer F lle von Best Practices, anwendungsbereiten Formularen und Beispielen effektiver Sicherheitsrichtlinien.
Synopsis
Timothy Braithwaite (Columbus, MD) is Deputy Director of Information Assurance Programs for Titan Corporation. He has managed data centers, software projects, systems planning, and budgeting organizations, and has extensive experience in project and acquisition management. He is also the author of Y2K Lessons Learned (Wiley: 0-471-37308-7).
Synopsis
"This is a must-read for the entire CXO community if businesses are to survive in cyberspace. Attack methodologies and the cyber threat poised against our business systems are advancing rapidly. Business leaders are soon to face downstream liability issues for the damage their unprotected and exploited systems cause not only to themselves but to all of those with whom they do business in cyberspace. American businesses are now the target of choice by our nation's enemies. We may secure the airways, ports, and borders, but only the boardrooms of America can ensure the survival of our economy." -John R. Thomas, Colonel, U.S. Army, Retired, Former Commander of the DoD, Global Operations and Security Center
Today's e-business depends on the security of its networks and information technology infrastructure to safeguard its customers and its profits. But with rapid innovation and the emergence of new threats and new countermeasures, keeping up with security is becoming more complex than ever. Securing E-Business Systems offers a new model for developing a proactive program of security administration that works as a continuous process of identifying weaknesses and implementing solutions. This book offers a real, working design for managing an IT security program with the attention it truly warrants, treating security as a constant function that adapts to meet a company's changing security needs.
Topics include:
* Security weaknesses
* Safeguarding technologies
* Countermeasure best practices
* Establishing an adaptable e-business security management program
* Essential elements of a corporate security management program
* Functions, structure, staffing, and contracting considerations in security management
* Implementing intrusion detection technology
* Designing tomorrow's e-business application for secured operations
* Contemporary rationales for justifying increased spending on security programs
* Emerging liability issues for e-businesses
About the Author
TIMOTHY BRAITHWAITE has spent more than fifteen years in senior security management positions and another twenty years in executive director positions for computer and communications services organizations in both the public and private sectors. He has also worked as a private consultant. Tim has previously published The Power of IT: Maximizing Your Technology Investments and Evaluating the Year 2000 Project: A Management Guide for Determining Reasonable Care (Wiley).
Table of Contents
Preface.
Chapter 1 Electronic Business Systems Security.
Introduction.
How Is E-Business Security Defined?
Can E-Business Security Be Explained More Simply?
Is E-Business Security Really Such a Big Deal?
Is E-Business Security More Important Than Other Information Technology Initiatives?
How Does an Organization Get Started?
Instead of Playing "Catch-Up," What Should an Organization Be Doing to Design E-Business Systems That Are Secure in the First Place?
Chapter 2 E-Business Systems and Infrastructure Support Issues.
Introduction.
E-Business Defined.
A Short History of E-Business Innovations.
The Need for Secure E-Business Systems.
Software: The Vulnerable Underbelly of Computing.
The Interoperability Challenge and E-Business Success.
E-Business Security: An Exercise in Trade-Offs.
Few Systems Are Designed to Be Secure.
Conclusion.
Chapter 3 Security Weaknesses in E-Business Infrastructure and "Best Practices" Security.
Introduction.
Fundamental Technical Security Threats.
The Guiding Principles of Protection.
"Best Practice" Prevention, Detection, and Countermeasures and Recovery Techniques.
x Chapter 4 Managing E-Business Systems and Security.
Introduction.
Part One: Misconceptions and Questionable Assumptions.
Part Two: Managing E-Business Systems as a Corporate Asset.
Part Three: E-Business Security Program Management.
Chapter 5 A "Just-in-Time" Strategy for Securing the E-Business System: The Role for Security Monitoring and Incident Response.
The Current State of E-Business Security.
Standard Requirements of an E-Business Security Strategy.
A New Security Strategy.
The Crucial Role of Security Monitoring and Incident Response to the Securing of E-Business Systems.
The Current State of Intrusion Detection Systems (IDS).
Defining a Cost-Effective Security Monitoring and Incident Response Capability.
Alternatives to Building "Your Own" Security Monitoring and Incident Response Capability.
Summary.
Chapter 6 Designing and Delivering Secured E-Business Application Systems.
Introduction.
Past Development Realities.
Contemporary Development Realities.
Developing Secured E-Business Systems.
Using the SDR Framework.
Choosing a Systems Development Methodology That Is Compatible with the SDR Framework.
Participants in the Identification of Security and Integrity Controls.
Importance of Automated Tools.
A Cautionary Word About New Technologies.
Summary and Conclusions.
Chapter 7 Justifying E-Business Security and the Security Management Program.
Introduction.
The "Quantifiable" Argument.
Emerging "Nonquantifiable" Arguments.
Benefits Justifications Must Cover Security Program Administration.
Conclusion.
Chapter 8 Computers, Software, Security, and Issues of Liability.
Evolving Theories of Responsibility.
Likely Scenarios.
How Might a Liability Case Unfold?
Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E-Business System.
Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative.
The Problem of Dependency.
Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships.
Frequently Asked Questions About the IT-ISAC.
Critical Information Infrastructure Protection Issues that Need Resolution.
Appendix A: Y2K Lessons Learned and Their Importance for E-Business Security.
Appendix B: Systems Development Review Framework for E-Business Development Projects.
Appendix C: A Corporate Plan of Action for Securing E-Business Systems (Sample).
Appendix D: E-Business Risk Management Review Model Instructions for Use.
Appendix E: Resources Guide.
Index.