Securing E-Business Systems: A Guide for Managers and ExecutivesISBN: 978-0-471-07298-0
Hardcover
288 pages
April 2002
This is a Print-on-Demand title. It will be printed specifically to fill your order. Please allow an additional 10-15 days delivery time. The book is not returnable.
|
Preface.
Chapter 1 Electronic Business Systems Security.
Introduction.
How Is E-Business Security Defined?
Can E-Business Security Be Explained More Simply?
Is E-Business Security Really Such a Big Deal?
Is E-Business Security More Important Than Other Information Technology Initiatives?
How Does an Organization Get Started?
Instead of Playing "Catch-Up," What Should an Organization Be Doing to Design E-Business Systems That Are Secure in the First Place?
Chapter 2 E-Business Systems and Infrastructure Support Issues.
Introduction.
E-Business Defined.
A Short History of E-Business Innovations.
The Need for Secure E-Business Systems.
Software: The Vulnerable Underbelly of Computing.
The Interoperability Challenge and E-Business Success.
E-Business Security: An Exercise in Trade-Offs.
Few Systems Are Designed to Be Secure.
Conclusion.
Chapter 3 Security Weaknesses in E-Business Infrastructure and "Best Practices" Security.
Introduction.
Fundamental Technical Security Threats.
The Guiding Principles of Protection.
"Best Practice" Prevention, Detection, and Countermeasures and Recovery Techniques.
x Chapter 4 Managing E-Business Systems and Security.
Introduction.
Part One: Misconceptions and Questionable Assumptions.
Part Two: Managing E-Business Systems as a Corporate Asset.
Part Three: E-Business Security Program Management.
Chapter 5 A "Just-in-Time" Strategy for Securing the E-Business System: The Role for Security Monitoring and Incident Response.
The Current State of E-Business Security.
Standard Requirements of an E-Business Security Strategy.
A New Security Strategy.
The Crucial Role of Security Monitoring and Incident Response to the Securing of E-Business Systems.
The Current State of Intrusion Detection Systems (IDS).
Defining a Cost-Effective Security Monitoring and Incident Response Capability.
Alternatives to Building "Your Own" Security Monitoring and Incident Response Capability.
Summary.
Chapter 6 Designing and Delivering Secured E-Business Application Systems.
Introduction.
Past Development Realities.
Contemporary Development Realities.
Developing Secured E-Business Systems.
Using the SDR Framework.
Choosing a Systems Development Methodology That Is Compatible with the SDR Framework.
Participants in the Identification of Security and Integrity Controls.
Importance of Automated Tools.
A Cautionary Word About New Technologies.
Summary and Conclusions.
Chapter 7 Justifying E-Business Security and the Security Management Program.
Introduction.
The "Quantifiable" Argument.
Emerging "Nonquantifiable" Arguments.
Benefits Justifications Must Cover Security Program Administration.
Conclusion.
Chapter 8 Computers, Software, Security, and Issues of Liability.
Evolving Theories of Responsibility.
Likely Scenarios.
How Might a Liability Case Unfold?
Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E-Business System.
Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative.
The Problem of Dependency.
Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships.
Frequently Asked Questions About the IT-ISAC.
Critical Information Infrastructure Protection Issues that Need Resolution.
Appendix A: Y2K Lessons Learned and Their Importance for E-Business Security.
Appendix B: Systems Development Review Framework for E-Business Development Projects.
Appendix C: A Corporate Plan of Action for Securing E-Business Systems (Sample).
Appendix D: E-Business Risk Management Review Model Instructions for Use.
Appendix E: Resources Guide.
Index.
Chapter 1 Electronic Business Systems Security.
Introduction.
How Is E-Business Security Defined?
Can E-Business Security Be Explained More Simply?
Is E-Business Security Really Such a Big Deal?
Is E-Business Security More Important Than Other Information Technology Initiatives?
How Does an Organization Get Started?
Instead of Playing "Catch-Up," What Should an Organization Be Doing to Design E-Business Systems That Are Secure in the First Place?
Chapter 2 E-Business Systems and Infrastructure Support Issues.
Introduction.
E-Business Defined.
A Short History of E-Business Innovations.
The Need for Secure E-Business Systems.
Software: The Vulnerable Underbelly of Computing.
The Interoperability Challenge and E-Business Success.
E-Business Security: An Exercise in Trade-Offs.
Few Systems Are Designed to Be Secure.
Conclusion.
Chapter 3 Security Weaknesses in E-Business Infrastructure and "Best Practices" Security.
Introduction.
Fundamental Technical Security Threats.
The Guiding Principles of Protection.
"Best Practice" Prevention, Detection, and Countermeasures and Recovery Techniques.
x Chapter 4 Managing E-Business Systems and Security.
Introduction.
Part One: Misconceptions and Questionable Assumptions.
Part Two: Managing E-Business Systems as a Corporate Asset.
Part Three: E-Business Security Program Management.
Chapter 5 A "Just-in-Time" Strategy for Securing the E-Business System: The Role for Security Monitoring and Incident Response.
The Current State of E-Business Security.
Standard Requirements of an E-Business Security Strategy.
A New Security Strategy.
The Crucial Role of Security Monitoring and Incident Response to the Securing of E-Business Systems.
The Current State of Intrusion Detection Systems (IDS).
Defining a Cost-Effective Security Monitoring and Incident Response Capability.
Alternatives to Building "Your Own" Security Monitoring and Incident Response Capability.
Summary.
Chapter 6 Designing and Delivering Secured E-Business Application Systems.
Introduction.
Past Development Realities.
Contemporary Development Realities.
Developing Secured E-Business Systems.
Using the SDR Framework.
Choosing a Systems Development Methodology That Is Compatible with the SDR Framework.
Participants in the Identification of Security and Integrity Controls.
Importance of Automated Tools.
A Cautionary Word About New Technologies.
Summary and Conclusions.
Chapter 7 Justifying E-Business Security and the Security Management Program.
Introduction.
The "Quantifiable" Argument.
Emerging "Nonquantifiable" Arguments.
Benefits Justifications Must Cover Security Program Administration.
Conclusion.
Chapter 8 Computers, Software, Security, and Issues of Liability.
Evolving Theories of Responsibility.
Likely Scenarios.
How Might a Liability Case Unfold?
Questions to Be Asked to Ensure That Reasonable Care Has Been Taken in Developing a Secure E-Business System.
Chapter 9 The National Critical Infrastructure Protection (CIP) Initiative.
The Problem of Dependency.
Critical Infrastructure Protection (CIP) Purpose, Directives, Organizations, and Relationships.
Frequently Asked Questions About the IT-ISAC.
Critical Information Infrastructure Protection Issues that Need Resolution.
Appendix A: Y2K Lessons Learned and Their Importance for E-Business Security.
Appendix B: Systems Development Review Framework for E-Business Development Projects.
Appendix C: A Corporate Plan of Action for Securing E-Business Systems (Sample).
Appendix D: E-Business Risk Management Review Model Instructions for Use.
Appendix E: Resources Guide.
Index.