What people are saying - Write a review
User Review - Flag as inappropriate
Chapter 7 has testing recommendations. The goal is mitigation of risks due to threats and vulnerabilities. Security testing paths include reconnaissance, network mapping, and testing of vulnerability and penetration. Scans show vulnerable services that requre a patch. Configuration hardening turns off unnecesary services. Covert testers act like hostiles. Intrusion detection systems may be network or host-based. A Security Information and Event Management system organizes log files. Benchmarks include ISO 27002, NIST SP 800, ITIL, COBIT, COSO. The Disaster Recovery Plan can be tested using checklist, structured walkthrough, simulation, parallel or full-interruption. A security gap analysis compares what the system has and what it needs. The book has 3 parts, 15 chapters having quizzes, and 4 appendices. There is a comprehensive glossary of key terms, and a list of references. The rest of the book has preparation for the Systems Security Certified Practitioner.
Other editions - View all
access control activity administration algorithm applications assessment assets attack audit authentication business continuity plan certification chapter cipher ciphertext CISSP communications compliance confidentiality configuration connection countermeasures covered entity create credentials cryptography customers decrypt defines detect devices digital signature disaster documents Domain e-mail employees encryption ensure example federal Figure files firewall FISMA GLBA hacker hardware hash HIPAA ICMP identify IETF incident include the following information security Information Systems Security infrastructure integrity Internet layer learned malware monitoring operating system organization organization’s OSI reference model packets password PCI DSS phishing protect Protocol recovery Remote Access requirements response risk analysis rootkit router security controls security policy security professionals server specific spyware SSCP standards switch TCP/IP threats traffic unauthorized user’s users vendors virus voice VoIP vulnerabilities wireless workstation